PDA

View Full Version : No Internet, Can't Install Sybot



TechPhi97
2010-10-30, 18:26
Greetings, and thanks in advance for the help! I appreciate all the volunteers do here.

On Friday AM, I received a notice that a virus was detected on the computer, and I told Norton to fix it. Computer rebooted automatically, and now I use IE to get to the internet, and I can't install anything on the computer (no Spybot!).

I originally tried to run a System Restore on several restore points, and each time the restore failed. I also ran MalwareBytes and a full Norton scan, and they did not find anything. When I tried to install Spybot S&D, I could not install. I tried booting in Safe Mode, and I still cannot install or access the internet - therefore, I'm on another machine and have to use a USB drive to transfer files (I know its against the FAQ, but its all I can do).

I installed ERUNT and ran DDS. Here is the DDS log, and attached is the Attach.txt file zipped up and ready to go:


DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by Scott Stark at 11:02:15.33 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.1597 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Users\Scott Stark\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:50370
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\scotts~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: collaborationhost.com\synaptus
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
Hosts: 63.240.6.184 MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
Hosts: 63.240.6.24 MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
Hosts: 63.240.6.190 MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
Hosts: 63.240.6.189 MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
Hosts: 63.240.6.176 MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-6 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-9-21 339504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 102448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-7 21504]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-28 11:03:34 -------- d-----w- c:\users\scotts~1\appdata\local\CrashDumps
2010-10-27 11:28:10 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 11:28:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 11:28:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-13 23:25:55 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:25:54 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:25:53 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:25:49 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:25:48 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:25:44 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\s

Jack&Jill
2010-11-08, 08:04
Hello TechPhi97,

Sorry for the delay. Your DDS log is incomplete.

Please delete the DDS file you have and download a fresh copy from one of the links below, then post a new log.

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)

Is this a business computer? Looks like one.

If I do not get a reply within 3 days, the topic will be closed.

TechPhi97
2010-11-08, 15:14
Thanks for all your help here, I appreciate it greatly.

To answer your question, this is not a business computer. I originally purchased it in 2007 to do some side consulting work, so there are some typical business applications installed. However, it has not touched a corporate network in years, and it is only used by the family as our home use laptop.

Also, I was trying to run DDS and Norton was quarantining it, and I saw two entries in my quarantined files for SillyFDC, both about the same time that things started going wrong. I imagine this is what is wrong with the computer.

Again, thank you for your help.

Here is the output from the DDS.text file:


DDS (Ver_10-11-08.01) - NTFSx86
Run by Scott Stark at 8:09:38.90 on Mon 11/08/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2006.905 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Scott Stark\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:50370
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\scotts~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: collaborationhost.com\synaptus
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
Hosts: 63.240.6.184 MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
Hosts: 63.240.6.24 MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
Hosts: 63.240.6.190 MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
Hosts: 63.240.6.189 MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
Hosts: 63.240.6.176 MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-6 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-18 13744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-9-21 339504]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-7 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-28 11:03:34 -------- d-----w- c:\users\scotts~1\appdata\local\CrashDumps
2010-10-27 11:28:10 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 11:28:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 11:28:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-13 23:25:55 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:25:54 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:25:53 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:25:49 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:25:48 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:25:44 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 8:10:34.16 ===============

Jack&Jill
2010-11-09, 02:49
Hello TechPhi97 :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Lets check the USB drive you are using first from your good machine and protect it.

Check USB storage devices / removable drives

Please download USBNoRisk© by bobby and save to your desktop. Click here. (http://amf.mycity.rs/personal/bobby/USBNoRisk/usbnorisk.exe)
Double click on usbnorisk.exe and wait a couple of seconds for the initial scan to finish.
Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
If there are more than one USB storage devices, please take note of the order they are connected.
When all the devices are plugged in and the scanning done, right click on any location in the white box where the results are shown and select Save log.
Click OK when prompted and a log will open. It is saved to C:\USBNoRisk\UsbNoRisk.txt.
Post the contents of that log in your reply and close the program.

--------------------


I received a notice that a virus was detected on the computer, and I told Norton to fix it. Recall the name?

--------------------

Please post back:
1. the USBNoRisk report
2. answer to my question about the virus name

TechPhi97
2010-11-09, 04:37
Thanks again for helping me.

In response to your question about the Norton security notice, there are two notices in the "Resolved Security Risks" part of my security history:

svchost.exe (W32.SillyFDC) detected by Auto-Protect on 10/29 at 9:32PM.
- downloaded from fairysm.com/new/forum.php.....
- activity in c:\users\[my name]\appdata\local\temp\~df4cac.tmp
- activity in c:\users\[my name]\appdata\roaming\microsoft\svchost.exe
- activity in directory c:\Windows\Setup\State
- activity in directory c:\Windows\Setup
- also had many, many registry actions

mstsc.exe (W32.SillyFDC) detected by Virus scanner on 10/28 at 8:09AM.
- same general activity as above, with temp/~df****.tmp files added.
- also tried to run c:\users\[my name]\desktop\mstsc.exe
- also had many. many registry actions

Here is the output from the USBNoRisk log:

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 11/8/2010 9:26:10 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {044cc7e0-9392-11da-83d6-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 044cc7e0-9392-11da-83d6-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11/8/2010 9:26:39 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {71e2543e-32f1-11dc-b567-001320c49b62}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 71e2543e-32f1-11dc-b567-001320c49b62
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


The issues began on 10/29, so this makes sense to me.

Jack&Jill
2010-11-09, 07:30
Hello TechPhi97 :),

The USB drive looks clean. Lets protect it so that it will stay that way.

Run USBNoRisk script

Please start USBNoRisk by double clicking on the program.
Choose the Script tab.
Copy and paste the following text into it:

{71e2543e-32f1-11dc-b567-001320c49b62}
protect:
Now, connect the USB storage device to the computer and click on the Run Script button at the bottom.
Go to the Monitor tab and wait for the scan to finish (it should not take more than 15 seconds).
Right click on any location in the white box where the results are shown and select Save log.
Click OK when prompted and a log will open. It is saved to C:\USBNoRisk\UsbNoRisk.txt.
Post the contents of that log in your reply and close the program.

--------------------

Please run the following tool on the infected computer and post back the log.

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1 (http://oldtimer.geekstogo.com/OTL.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTL.exe)

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. USBNoRisk log
2. OTL logs (OTL.txt and Extras.txt)

TechPhi97
2010-11-09, 15:23
Here's the log from USBnorisk:

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 11/9/2010 8:04:50 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {044cc7e0-9392-11da-83d6-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 044cc7e0-9392-11da-83d6-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11/9/2010 8:05:06 AM

Scanning for connected USB mass storage...
----------------------------------------
F: {71e2543e-32f1-11dc-b567-001320c49b62}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 71e2543e-32f1-11dc-b567-001320c49b62
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
71e2543e-32f1-11dc-b567-001320c49b62
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 1
----------------------------------------
Protect F:
----------------------------------------
FAT16: autorun.inf found. Doing magic...
Magic is done
----------------------------------------

========================================
Scan finished!
========================================


Processing script
----------------------------------------
71e2543e-32f1-11dc-b567-001320c49b62
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 1
----------------------------------------
Protect F:
----------------------------------------
Error creating empty autorun.inf
Already protected
----------------------------------------

Now, here is the output from OTL.txt

OTL logfile created on: 11/9/2010 8:11:06 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Scott Stark\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.66 Gb Total Space | 9.80 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive D: | 497.22 Mb Total Space | 387.25 Mb Free Space | 77.88% Space Free | Partition Type: FAT

Computer Name: STARKMG-001 | User Name: Scott Stark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 08:08:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
PRC - [2010/09/07 23:25:50 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/07 16:26:44 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/07/05 17:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 17:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/07/05 17:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 17:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 17:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/06/11 09:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2007/04/09 02:18:56 | 001,261,568 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/28 12:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/22 12:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2007/03/02 00:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2007/02/05 16:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2007/01/08 22:12:28 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/01/08 22:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/01/08 22:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/01/08 22:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/01/08 21:49:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/08 21:36:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/08 20:42:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/21 21:40:06 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/17 00:00:10 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/11/15 18:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 18:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/07 05:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 02:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 08:08:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/05 17:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/07/05 17:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/06/11 09:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/03/02 00:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007/02/05 16:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/08 22:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/01/08 22:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/08 22:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/01/08 21:36:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/08 20:42:20 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/21 21:40:06 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/15 18:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/10/19 15:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101028.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/09/28 21:42:15 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101029.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 21:42:15 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101029.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/31 17:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/02 20:51:39 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 05:29:20 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/04 20:33:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/17 01:01:44 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/07 16:04:22 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/10/07 16:04:22 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/03/05 17:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/19 02:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/22 02:08:58 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/04 16:14:44 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/08/16 07:30:37 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/06/18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/17 12:05:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2007/05/31 05:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/03/13 18:13:54 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/13 18:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/13 18:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/13 18:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/13 18:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/13 18:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/13 18:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/13 18:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 03:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/03/02 19:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 19:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/09 14:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/21 21:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 21:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/28 02:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/06 03:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/09/13 14:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/13 00:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2006/08/30 05:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 16:34:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/04 20:46:31 | 000,000,000 | ---D | M]

[2008/08/28 08:39:53 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Extensions
[2009/10/12 06:09:15 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions
[2009/03/15 21:55:35 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/09/03 21:46:26 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/06/20 08:36:33 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/09/02 21:28:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/08 11:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2008/09/13 13:36:38 | 000,002,776 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 63.240.6.184 MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24 MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190 MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189 MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176 MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16 MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182 MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168 MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174 MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22 MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187 MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166 MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27 MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180 MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179 MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19 MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172 MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185 MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61 MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25 MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177 MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17 MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170 MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 19 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - Startup: C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\..Trusted Domains: collaborationhost.com ([synaptus] http in Trusted sites)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/09 08:05:08 | 000,000,000 | ---- | M] () - D:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 08:10:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
[2010/10/30 09:57:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 09:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/30 09:56:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Scott Stark\Desktop\erunt-setup.exe
[2010/10/28 06:03:34 | 000,000,000 | ---D | C] -- C:\Users\Scott Stark\AppData\Local\CrashDumps
[2010/10/27 06:28:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 06:28:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/27 06:28:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/13 18:26:45 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 18:26:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 18:26:10 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 18:26:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 18:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 18:26:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 18:26:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 18:26:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 18:26:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 18:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 18:26:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 18:26:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 18:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 18:26:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 18:26:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 18:26:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 18:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 18:26:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 18:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 18:26:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 18:25:55 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 18:25:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 18:25:53 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 18:25:49 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 18:25:48 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2007/05/17 06:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 06:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 06:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 06:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 06:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 05:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 05:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 05:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 05:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 05:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 05:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[42 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 08:11:12 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
[2010/11/09 08:11:01 | 000,618,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/09 08:11:01 | 000,109,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 08:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 08:08:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
[2010/11/08 08:08:31 | 000,630,272 | ---- | M] () -- C:\Users\Scott Stark\Documents\dds.com
[2010/11/08 08:07:18 | 000,630,272 | ---- | M] () -- C:\Users\Scott Stark\Desktop\dds.scr
[2010/11/08 08:07:04 | 000,630,272 | ---- | M] () -- C:\Users\Scott Stark\Desktop\dds.com
[2010/11/08 07:46:42 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2010/11/08 07:46:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 07:46:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 07:46:12 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2010/10/30 09:56:33 | 000,000,923 | ---- | M] () -- C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/30 09:56:18 | 000,000,743 | ---- | M] () -- C:\Users\Scott Stark\Desktop\NTREGOPT.lnk
[2010/10/30 09:56:18 | 000,000,724 | ---- | M] () -- C:\Users\Scott Stark\Desktop\ERUNT.lnk
[2010/10/30 09:54:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Scott Stark\Desktop\erunt-setup.exe
[2010/10/27 23:35:49 | 000,000,460 | RHS- | M] () -- C:\Users\Scott Stark\ntuser.pol
[2010/10/23 08:21:50 | 000,028,160 | ---- | M] () -- C:\Users\Scott Stark\Documents\Mustard Slaw.doc
[2010/10/14 19:33:57 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2010/10/14 05:52:29 | 000,414,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[42 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/08 08:07:18 | 000,630,272 | ---- | C] () -- C:\Users\Scott Stark\Desktop\dds.scr
[2010/11/08 08:07:04 | 000,630,272 | ---- | C] () -- C:\Users\Scott Stark\Desktop\dds.com
[2010/11/08 08:00:23 | 000,630,272 | ---- | C] () -- C:\Users\Scott Stark\Documents\dds.com
[2010/10/30 09:56:33 | 000,000,923 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/30 09:56:18 | 000,000,743 | ---- | C] () -- C:\Users\Scott Stark\Desktop\NTREGOPT.lnk
[2010/10/30 09:56:18 | 000,000,724 | ---- | C] () -- C:\Users\Scott Stark\Desktop\ERUNT.lnk
[2010/10/27 23:35:49 | 000,000,460 | RHS- | C] () -- C:\Users\Scott Stark\ntuser.pol
[2010/10/23 08:21:50 | 000,028,160 | ---- | C] () -- C:\Users\Scott Stark\Documents\Mustard Slaw.doc
[2010/04/04 09:27:18 | 000,001,040 | -HS- | C] () -- C:\Users\Scott Stark\AppData\Local\p7Fj0O6C
[2010/04/04 09:27:18 | 000,001,040 | -HS- | C] () -- C:\ProgramData\p7Fj0O6C
[2010/04/04 06:58:03 | 000,000,024 | ---- | C] () -- C:\ProgramData\kfdtk.ini
[2010/04/04 06:58:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\2r89zdxw9fejtzfieiv20ri4.ini
[2009/10/20 15:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/12 20:48:49 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2009/08/12 20:48:49 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2009/08/12 20:48:49 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2009/08/12 20:48:48 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 07:16:30 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/10/07 16:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2008/07/11 11:46:24 | 000,000,310 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\APUSet.xml
[2008/07/11 11:46:18 | 000,006,502 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\PrimoPDFSet.xml
[2008/07/08 13:15:14 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/06/16 12:06:29 | 000,000,099 | ---- | C] () -- C:\Users\Scott Stark\AppData\Local\fusioncache.dat
[2008/06/16 11:44:06 | 000,013,600 | ---- | C] () -- C:\Windows\System32\sasperf.dll
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/04/04 09:38:18 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/04/04 09:38:18 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/04/04 09:33:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2008/04/04 09:33:01 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2008/04/04 09:32:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/03/04 17:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/10 21:51:10 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2007/10/31 08:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/09/19 01:44:24 | 000,006,144 | ---- | C] () -- C:\Users\Scott Stark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/31 09:31:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/26 14:57:31 | 000,033,476 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/08/25 09:46:28 | 000,001,356 | ---- | C] () -- C:\Users\Scott Stark\AppData\Local\d3d9caps.dat
[2007/08/16 07:20:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/16 07:20:21 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/16 07:20:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/16 07:20:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/16 07:20:21 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/16 07:20:21 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/16 07:17:57 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/16 07:17:56 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/16 07:03:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007/08/16 07:03:31 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/16 07:00:19 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2007/06/19 13:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/05/21 22:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/05/17 12:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/30 05:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/02 07:15:36 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007/03/02 07:15:25 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/30 12:31:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
[2006/07/31 20:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll

========== LOP Check ==========

[2010/09/23 06:35:49 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Abecsa
[2010/07/23 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\ADDINSOFT
[2008/04/24 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\eFax Messenger
[2008/11/06 12:01:33 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Elluminate
[2009/04/10 09:22:45 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\gtk-2.0
[2010/01/31 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\ICAClient
[2009/04/07 10:14:32 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Inkscape
[2007/08/24 22:38:04 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Leadertech
[2007/11/20 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Lenovo
[2009/02/16 11:21:37 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Oracle
[2008/06/16 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\SAS
[2010/04/04 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Tific
[2010/09/22 23:35:06 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Yquf
[2010/10/30 09:21:17 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/09 08:11:12 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

TechPhi97
2010-11-09, 15:24
And here is the output from Extras.txt

OTL Extras logfile created on: 11/9/2010 8:11:06 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Scott Stark\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.66 Gb Total Space | 9.80 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive D: | 497.22 Mb Total Space | 387.25 Mb Free Space | 77.88% Space Free | Partition Type: FAT

Computer Name: STARKMG-001 | User Name: Scott Stark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C2DE883-E4A3-4AFD-A858-C76E7E168057}" = lport=23 | protocol=6 | dir=out | name=zoom_x6_dsl_port23 |
"{47657617-692E-41C4-9658-926D2E68F794}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9FFA0F56-E053-4353-8A7F-A82DFA827884}" = lport=23 | protocol=6 | dir=out | name=zoom_x6_dsl_port23 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D2A2DF-0272-4608-A370-76C77B58B056}" = protocol=17 | dir=in | app=c:\program files\webdrive\wdservice.exe |
"{0C119B04-9147-4EFB-A31B-163AB811681A}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{1535238F-7182-4747-82FF-BFA7D4441CD6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{2B0754DD-F0C8-486A-94A7-BE84BE123840}" = protocol=17 | dir=in | app=c:\users\scott stark\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{347AFA59-DDCE-4BF7-BEC9-A74F69F60E4B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{3F1CA6E4-F54D-4673-91C9-9D1E8643728A}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{49459623-33FA-49F8-BA71-82364E7123AA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{545CCAAA-C5FB-45EC-853C-FD242AEC8233}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7A27C186-9D78-4537-92FE-39E07500E22F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7C906F9F-A338-4AE5-A62F-551CEB01223F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{7F4E6AA9-6E52-41CB-9B76-969858A9283D}" = protocol=6 | dir=in | app=c:\program files\webdrive\webdrive.exe |
"{83DFA685-683B-4B91-8AC1-5FA974326918}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8874CC44-A3B3-42CE-9439-D38E5653E016}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{9A20FF88-F66E-4D6E-9B69-4836FDEA4BCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B0B0BEB-BF97-40FB-AE7A-91706D98E669}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{9E695A88-1C64-45BE-A5BC-ACC8CB428465}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{A7F53BDB-E8D4-4EF6-993E-1530DDCA83E2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{ACB16029-E5DE-4EEF-8FC5-EF2476EC9361}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{B8DD68DF-5A3F-4D3F-8A24-C81E8B7E6B10}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{BABE2C71-2601-4444-81FF-9DC41A8D87B1}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{C0F4F2C2-A09A-459B-8440-1B9F201C0952}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdijswx.exe |
"{CB8703D4-1DD4-4E9A-ABC6-009E9CE916A6}" = protocol=6 | dir=in | app=c:\users\scott stark\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{CD1D9773-B95A-46AC-B00D-C383357907F4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{DADDBF05-B3DC-49AB-8F97-985AE7AC26C4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{E65BD8AC-6FEE-4B97-A6B2-51BC986F7F9F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E6FA80B4-1670-4553-B6C5-1E3721625775}" = protocol=17 | dir=in | app=c:\program files\webdrive\webdrive.exe |
"{ECF303C0-702D-48BB-BE6C-29B2EEA5C77C}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{EFB1EE21-8EC6-4C50-AC97-5E9D77866F4B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{FF3B8633-CDCD-4AFF-BBF8-CDB27941A1F6}" = protocol=6 | dir=in | app=c:\program files\webdrive\wdservice.exe |
"TCP Query User{0C2F36E6-A984-407A-AEE0-DDEA780F6E21}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{0E81FB31-5AC8-4BCA-9F65-0B9CBAFEFDCB}C:\program files\sas\sas 9.1\sas.exe" = protocol=6 | dir=in | app=c:\program files\sas\sas 9.1\sas.exe |
"TCP Query User{72835E1E-C04F-40FA-B701-816B33460C10}C:\windows\system32\lxdicoms.exe" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"TCP Query User{8D7D0A3B-5A48-4E5B-A62F-3227B0FBB331}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{90A62379-075B-4740-94B9-EE43437805F8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{91D02742-B9E9-4369-98E1-9D250D9C1C8E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B9C104BC-E9ED-420A-9FC2-5418A50A7E1B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{16328F78-3280-4119-ABB1-C49449B33D7B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{21A015E0-4B12-48ED-8BFE-9F88695A70EA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{357B621B-7B79-4844-AC57-F633CE3BB533}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{57A767D9-F010-4EE6-B4D6-7517D80B0DB1}C:\windows\system32\lxdicoms.exe" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"UDP Query User{99607633-D1D7-43E8-9983-57C9D1F3BBB1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AFA9132C-B8C3-4A27-8275-7BA10466EC08}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E1EC4365-F4A0-4848-AE03-26123C9A7272}C:\program files\sas\sas 9.1\sas.exe" = protocol=17 | dir=in | app=c:\program files\sas\sas 9.1\sas.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68624FB8-2512-46B5-9664-64366DCCB3EB}" = SAS 9.1
"{68B36FA5-E276-4C03-A56C-EC25717E1668}" = XLSTAT 2010
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
"5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
"67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
"787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AwayTask" = Maintenance Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
"E40C666F7FDCD87A10F83B12403CB4F0AE34A16D" = Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0)
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"ERUNT_is1" = ERUNT 1.1j
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IIM5_is1" = iMacros V6.60
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PokerStars" = PokerStars
"Power Management Driver" = ThinkPad Power Management Driver
"PrimoPDF4.0.2.5" = PrimoPDF
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Network Connections Drivers
"SAS Providers for OLE DB" =
"SensitivityToolkit" = NSIS SensitivityToolkit
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2010 7:00:19 AM | Computer Name = StarkMG-001 | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2010 7:00:20 AM | Computer Name = StarkMG-001 | Source = Windows Search Service | ID = 3013
Description =

Error - 10/20/2010 7:00:20 AM | Computer Name = StarkMG-001 | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2010 7:03:24 AM | Computer Name = StarkMG-001 | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0a0a0a0a, process id 0x14d0, application start time 0x01cb768fb560d25f.

Error - 10/28/2010 8:27:40 AM | Computer Name = StarkMG-001 | Source = Windows Search Service | ID = 3013
Description =

Error - 10/28/2010 8:41:32 AM | Computer Name = StarkMG-001 | Source = Windows Search Service | ID = 3024
Description =

Error - 10/28/2010 8:48:19 AM | Computer Name = StarkMG-001 | Source = System Restore | ID = 8209
Description =

Error - 10/28/2010 8:06:22 PM | Computer Name = StarkMG-001 | Source = System Restore | ID = 8209
Description =

Error - 10/29/2010 7:40:36 PM | Computer Name = StarkMG-001 | Source = System Restore | ID = 8209
Description =

Error - 10/30/2010 10:24:17 AM | Computer Name = StarkMG-001 | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 11/15/2007 9:05:14 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 37188
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/20/2007 4:55:53 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 27423
seconds with 9000 seconds of active time. This session ended with a crash.

Error - 11/20/2007 4:58:22 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 141
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/27/2007 11:34:08 AM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 715
seconds with 480 seconds of active time. This session ended with a crash.

Error - 12/10/2007 8:15:30 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 13774
seconds with 6300 seconds of active time. This session ended with a crash.

Error - 12/19/2007 1:54:17 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 12776 seconds with 3420 seconds of active time. This session ended with
a crash.

Error - 6/16/2008 12:21:09 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11473
seconds with 300 seconds of active time. This session ended with a crash.

Error - 9/26/2008 11:27:53 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8178
seconds with 300 seconds of active time. This session ended with a crash.

Error - 2/4/2009 6:13:36 PM | Computer Name = StarkMG-001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20694
seconds with 1740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/8/2010 8:55:47 AM | Computer Name = StarkMG-001 | Source = Service Control Manager | ID = 7011
Description =

Error - 11/8/2010 8:56:35 AM | Computer Name = StarkMG-001 | Source = Service Control Manager | ID = 7011
Description =

Error - 11/8/2010 8:57:05 AM | Computer Name = StarkMG-001 | Source = Service Control Manager | ID = 7011
Description =

Error - 11/8/2010 8:57:36 AM | Computer Name = StarkMG-001 | Source = Service Control Manager | ID = 7011
Description =

Error - 11/8/2010 8:58:05 AM | Computer Name = StarkMG-001 | Source = Service Control Manager | ID = 7011
Description =

Error - 11/8/2010 9:03:43 AM | Computer Name = StarkMG-001 | Source = Service Control Manager | ID = 7011
Description =

Error - 11/8/2010 10:28:10 PM | Computer Name = StarkMG-001 | Source = Microsoft-Windows-TBS | ID = 516
Description =

Error - 11/8/2010 10:28:10 PM | Computer Name = StarkMG-001 | Source = TPM | ID = 393229
Description = The device driver for the Trusted Platform Module (TPM) encountered
a non-recoverable error in the TPM hardware, which prevents TPM services (such
as data encryption) from being used. For further help, please contact the computer
manufacturer.

Error - 11/9/2010 9:09:17 AM | Computer Name = StarkMG-001 | Source = Microsoft-Windows-TBS | ID = 516
Description =

Error - 11/9/2010 9:09:17 AM | Computer Name = StarkMG-001 | Source = TPM | ID = 393229
Description = The device driver for the Trusted Platform Module (TPM) encountered
a non-recoverable error in the TPM hardware, which prevents TPM services (such
as data encryption) from being used. For further help, please contact the computer
manufacturer.


< End of report >

Jack&Jill
2010-11-11, 02:33
Hello TechPhi97 :),

Any possibility to retrieve a list of what Norton has quarantined or deleted? Is Norton running properly?

Please backup the registry using ERUNT.

--------------------

Fix with OTL

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste the following text into the white box below Custom Scans/Fixes:

:otl
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\..Trusted Domains: collaborationhost.com ([synaptus] http in Trusted sites)
[2010/04/04 09:27:18 | 000,001,040 | -HS- | C] () -- C:\Users\Scott Stark\AppData\Local\p7Fj0O6C
[2010/04/04 09:27:18 | 000,001,040 | -HS- | C] () -- C:\ProgramData\p7Fj0O6C
[2010/04/04 06:58:03 | 000,000,024 | ---- | C] () -- C:\ProgramData\kfdtk.ini
[2010/04/04 06:58:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\2r89zdxw9fejtzfieiv20ri4.ini
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

:commands
[CREATERESTOREPOINT]
[emptytemp]
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.

--------------------

Please post back:
1. the information about Norton
2. OTL fix log

TechPhi97
2010-11-11, 03:44
In response to your question about the Norton security notice, it does seem to be running normally. There are two notices in the "Resolved Security Risks" part of my security history:

svchost.exe (W32.SillyFDC) detected by Auto-Protect on 10/29 at 9:32PM.
- downloaded from fairysm.com/new/forum.php.....
- activity in c:\users\[my name]\appdata\local\temp\~df4cac.tmp
- activity in c:\users\[my name]\appdata\roaming\microsoft\svchost.exe
- activity in directory c:\Windows\Setup\State
- activity in directory c:\Windows\Setup
- also had many, many registry actions

mstsc.exe (W32.SillyFDC) detected by Virus scanner on 10/28 at 8:09AM.
- same general activity as above, with temp/~df****.tmp files added.
- also tried to run c:\users\[my name]\desktop\mstsc.exe
- also had many. many registry actions

I ran ERUNT to back up my registry.

Norton Anti-virus real-time protection was disabled.

I ran the OTL fix code, and here are the results:

All processes killed
========== OTL ==========
HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\collaborationhost.com\synaptus\ deleted successfully.
C:\Users\Scott Stark\AppData\Local\p7Fj0O6C moved successfully.
C:\ProgramData\p7Fj0O6C moved successfully.
C:\ProgramData\kfdtk.ini moved successfully.
C:\ProgramData\2r89zdxw9fejtzfieiv20ri4.ini moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 141339 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Scott Stark
->Temp folder emptied: 6019014 bytes
->Temporary Internet Files folder emptied: 672818 bytes
->Java cache emptied: 148510613 bytes
->FireFox cache emptied: 59375619 bytes
->Flash cache emptied: 313090 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 13858880 bytes
%systemroot%\System32\drivers .tmp files removed: 737280 bytes
Windows Temp folder emptied: 3022522 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 162324 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 14468445 bytes

Total Files Cleaned = 236.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11102010_203016

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Jack&Jill
2010-11-11, 06:32
Hello TechPhi97 :),

Is the information provided direct from Norton's log? They only indicate activities, but no mention of quarantine or delete.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here. (http://www.gmer.net/download.php)

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Please post back:
1. the information about Norton
2. the ESET online scan result
3. the GMER result
4. any improvements?

TechPhi97
2010-11-11, 06:50
The information was typed in by me, I couldn't find a way to get to the logs. I will look for that right now.

I am now able to access the internet on the computer, so that has been fixed for now. I am using the ESET Online Scanner as requested, and will post results.

TechPhi97
2010-11-11, 15:15
Here is the information from the ESET log (found one infected file):

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6a9c5be85ad88645990cfa69ab9857cf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-11 06:31:06
# local_time=2010-11-11 01:31:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3589 16777213 100 86 3374947 52729338 0 0
# compatibility_mode=5892 16776638 100 100 27820871 126058545 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=147973
# found=1
# cleaned=0
# scan_time=6023
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\content\prefs\prefs.js Win32/Agent.RQD.Gen trojan 00000000000000000000000000000000 I

And here are the GMER results:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 08:10:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST910021 rev.4.06
Running: imsepp2i.exe; Driver: C:\Users\SCOTTS~1\AppData\Local\Temp\pxldafog.sys


---- System - GMER 1.0.15 ----

SSDT 87009048 ZwAlertResumeThread
SSDT 87005048 ZwAlertThread
SSDT 87177690 ZwAllocateVirtualMemory
SSDT 86DC8570 ZwAlpcConnectPort
SSDT 87116C10 ZwAssignProcessToJobObject
SSDT 87194008 ZwCreateMutant
SSDT 871989E0 ZwCreateSymbolicLinkObject
SSDT 87177AA0 ZwCreateThread
SSDT 870E6048 ZwDebugActiveProcess
SSDT 871777E8 ZwDuplicateObject
SSDT 871774F0 ZwFreeVirtualMemory
SSDT 86FB7048 ZwImpersonateAnonymousToken
SSDT 8700E048 ZwImpersonateThread
SSDT 86D42BC8 ZwLoadDriver
SSDT 87177410 ZwMapViewOfSection
SSDT 87027048 ZwOpenEvent
SSDT 87177988 ZwOpenProcess
SSDT 86F5C120 ZwOpenProcessToken
SSDT 86F6F048 ZwOpenSection
SSDT 871778B8 ZwOpenThread
SSDT 871976B0 ZwProtectVirtualMemory
SSDT 86F70110 ZwResumeThread
SSDT 86EF3D60 ZwSetContextThread
SSDT 871771E0 ZwSetInformationProcess
SSDT 870DB838 ZwSetSystemInformation
SSDT 87032048 ZwSuspendProcess
SSDT 86F6A0B0 ZwSuspendThread
SSDT 86F5B108 ZwTerminateProcess
SSDT 86F69048 ZwTerminateThread
SSDT 86F00120 ZwUnmapViewOfSection
SSDT 871775C0 ZwWriteVirtualMemory
SSDT 87198E70 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822B4880 8 Bytes [48, 90, 00, 87, 48, 50, 00, ...] {DEC EAX; NOP ; ADD [EDI-0x78ffafb8], AL}
.text ntkrnlpa.exe!KeSetEvent + 131 822B4894 4 Bytes [90, 76, 17, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 822B48A0 4 Bytes [70, 85, DC, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 822B48F4 4 Bytes [10, 6C, 11, 87] {ADC [ECX+EDX-0x79], CH}
.text ntkrnlpa.exe!KeSetEvent + 1F5 822B4958 4 Bytes [08, 40, 19, 87]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4548] ntdll.dll!RtlEncodeSystemPointer + 873 76EA938B 10 Bytes JMP 03FB003A
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!CreateWindowExW 768B1305 5 Bytes JMP 6DF5DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxParamW 768D10B0 5 Bytes JMP 6DE854F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxIndirectParamW 768D2EF5 5 Bytes JMP 6E055027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxParamA 768E8152 5 Bytes JMP 6E054FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!DialogBoxIndirectParamA 768E847D 5 Bytes JMP 6E05508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxIndirectA 768FD4D9 5 Bytes JMP 6E054F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxIndirectW 768FD5D3 5 Bytes JMP 6E054EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxExA 768FD639 5 Bytes JMP 6E054E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] USER32.dll!MessageBoxExW 768FD65D 5 Bytes JMP 6E054E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] ole32.dll!OleLoadFromStream 75631E80 5 Bytes JMP 6E05538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] ole32.dll!CoGetTreatAsClass + D2F 7564FAE3 7 Bytes JMP 03FB01A9
.text C:\Program Files\Internet Explorer\iexplore.exe[4548] ole32.dll!CoCreateInstance + 3E 75669F7C 7 Bytes JMP 03FB00F3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 50003968 bytes
File C:\RRbackups\C\0\Data115 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes

TechPhi97
2010-11-11, 15:17
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data117 50003968 bytes
File C:\RRbackups\C\0\Data118 50003968 bytes
File C:\RRbackups\C\0\Data119 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data120 50003968 bytes
File C:\RRbackups\C\0\Data121 50003968 bytes
File C:\RRbackups\C\0\Data122 50003968 bytes
File C:\RRbackups\C\0\Data123 50003968 bytes
File C:\RRbackups\C\0\Data124 50003968 bytes
File C:\RRbackups\C\0\Data125 50003968 bytes
File C:\RRbackups\C\0\Data126 50003968 bytes
File C:\RRbackups\C\0\Data127 50003968 bytes
File C:\RRbackups\C\0\Data128 50003968 bytes
File C:\RRbackups\C\0\Data129 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data130 50003968 bytes
File C:\RRbackups\C\0\Data131 50003968 bytes
File C:\RRbackups\C\0\Data132 50003968 bytes
File C:\RRbackups\C\0\Data133 50003968 bytes
File C:\RRbackups\C\0\Data134 50003968 bytes
File C:\RRbackups\C\0\Data136 50003968 bytes
File C:\RRbackups\C\0\Data137 50003968 bytes
File C:\RRbackups\C\0\Data138 50003968 bytes
File C:\RRbackups\C\0\Data139 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data140 50003968 bytes
File C:\RRbackups\C\0\Data141 50003968 bytes
File C:\RRbackups\C\0\Data142 50003968 bytes
File C:\RRbackups\C\0\Data143 50003968 bytes
File C:\RRbackups\C\0\Data144 50003968 bytes
File C:\RRbackups\C\0\Data145 50003968 bytes
File C:\RRbackups\C\0\Data146 50003968 bytes
File C:\RRbackups\C\0\Data147 50003968 bytes
File C:\RRbackups\C\0\Data148 50003968 bytes
File C:\RRbackups\C\0\Data149 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data150 50003968 bytes
File C:\RRbackups\C\0\Data151 50003968 bytes
File C:\RRbackups\C\0\Data152 50003968 bytes
File C:\RRbackups\C\0\Data153 50003968 bytes
File C:\RRbackups\C\0\Data155 50003968 bytes
File C:\RRbackups\C\0\Data156 50003968 bytes
File C:\RRbackups\C\0\Data157 50003968 bytes
File C:\RRbackups\C\0\Data158 50003968 bytes
File C:\RRbackups\C\0\Data159 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data160 50003968 bytes
File C:\RRbackups\C\0\Data161 50003968 bytes
File C:\RRbackups\C\0\Data162 50003968 bytes
File C:\RRbackups\C\0\Data163 50003968 bytes
File C:\RRbackups\C\0\Data164 50003968 bytes
File C:\RRbackups\C\0\Data165 50003968 bytes
File C:\RRbackups\C\0\Data166 50003968 bytes
File C:\RRbackups\C\0\Data167 50003968 bytes
File C:\RRbackups\C\0\Data168 50003968 bytes
File C:\RRbackups\C\0\Data169 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data170 50003968 bytes
File C:\RRbackups\C\0\Data171 50003968 bytes
File C:\RRbackups\C\0\Data172 50003968 bytes
File C:\RRbackups\C\0\Data116 50003968 bytes
File C:\RRbackups\C\0\Data135 50003968 bytes
File C:\RRbackups\C\0\Data154 50003968 bytes
File C:\RRbackups\C\0\Data173 50003968 bytes
File C:\RRbackups\C\0\Data192 50003968 bytes
File C:\RRbackups\C\0\Data210 50003968 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data174 50003968 bytes
File C:\RRbackups\C\0\Data175 50003968 bytes
File C:\RRbackups\C\0\Data176 50003968 bytes
File C:\RRbackups\C\0\Data177 50003968 bytes
File C:\RRbackups\C\0\Data178 50003968 bytes
File C:\RRbackups\C\0\Data179 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data180 50003968 bytes
File C:\RRbackups\C\0\Data181 50003968 bytes
File C:\RRbackups\C\0\Data182 50003968 bytes
File C:\RRbackups\C\0\Data183 50003968 bytes
File C:\RRbackups\C\0\Data184 50003968 bytes
File C:\RRbackups\C\0\Data185 50003968 bytes
File C:\RRbackups\C\0\Data186 50003968 bytes
File C:\RRbackups\C\0\Data187 50003968 bytes
File C:\RRbackups\C\0\Data188 50003968 bytes
File C:\RRbackups\C\0\Data189 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data190 50003968 bytes
File C:\RRbackups\C\0\Data191 50003968 bytes
File C:\RRbackups\C\0\Data193 50003968 bytes
File C:\RRbackups\C\0\Data194 50003968 bytes
File C:\RRbackups\C\0\Data195 50003968 bytes
File C:\RRbackups\C\0\Data196 50003968 bytes
File C:\RRbackups\C\0\Data197 50003968 bytes
File C:\RRbackups\C\0\Data198 50003968 bytes
File C:\RRbackups\C\0\Data199 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data200 50003968 bytes
File C:\RRbackups\C\0\Data201 50003968 bytes
File C:\RRbackups\C\0\Data202 50003968 bytes
File C:\RRbackups\C\0\Data203 50003968 bytes
File C:\RRbackups\C\0\Data204 50003968 bytes
File C:\RRbackups\C\0\Data205 50003968 bytes
File C:\RRbackups\C\0\Data206 50003968 bytes
File C:\RRbackups\C\0\Data207 50003968 bytes
File C:\RRbackups\C\0\Data208 50003968 bytes
File C:\RRbackups\C\0\Data209 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data211 50003968 bytes
File C:\RRbackups\C\0\Data212 50003968 bytes
File C:\RRbackups\C\0\Data213 50003968 bytes
File C:\RRbackups\C\0\Data214 0 bytes
File C:\RRbackups\C\0\Data215 0 bytes
File C:\RRbackups\C\0\Data216 0 bytes
File C:\RRbackups\C\0\Data217 50003968 bytes
File C:\RRbackups\C\0\Data218 50003968 bytes
File C:\RRbackups\C\0\Data219 0 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data220 50003968 bytes
File C:\RRbackups\C\0\Data221 50003968 bytes
File C:\RRbackups\C\0\Data222 50003968 bytes
File C:\RRbackups\C\0\Data223 50003968 bytes
File C:\RRbackups\C\0\Data224 50003968 bytes
File C:\RRbackups\C\0\Data225 50003968 bytes
File C:\RRbackups\C\0\Data226 49537874 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 550278 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 55944930 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data100 50003968 bytes
File C:\RRbackups\C\1\Data101 50003968 bytes
File C:\RRbackups\C\1\Data102 50003968 bytes
File C:\RRbackups\C\1\Data103 50003968 bytes
File C:\RRbackups\C\1\Data104 50003968 bytes
File C:\RRbackups\C\1\Data105 50003968 bytes
File C:\RRbackups\C\1\Data106 50003968 bytes
File C:\RRbackups\C\1\Data107 50003968 bytes
File C:\RRbackups\C\1\Data108 50003968 bytes
File C:\RRbackups\C\1\Data109 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data110 50003968 bytes
File C:\RRbackups\C\1\Data111 50003968 bytes
File C:\RRbackups\C\1\Data112 50003968 bytes
File C:\RRbackups\C\1\Data113 50003968 bytes
File C:\RRbackups\C\1\Data114 50003968 bytes
File C:\RRbackups\C\1\Data115 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 50003968 bytes
File C:\RRbackups\C\1\Data42 50003968 bytes
File C:\RRbackups\C\1\Data43 50003968 bytes
File C:\RRbackups\C\1\Data44 50003968 bytes
File C:\RRbackups\C\1\Data45 50003968 bytes
File C:\RRbackups\C\1\Data47 50003968 bytes
File C:\RRbackups\C\1\Data48 50003968 bytes
File C:\RRbackups\C\1\Data49 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data50 50003968 bytes
File C:\RRbackups\C\1\Data51 50003968 bytes
File C:\RRbackups\C\1\Data52 50003968 bytes
File C:\RRbackups\C\1\Data53 50003968 bytes
File C:\RRbackups\C\1\Data54 50003968 bytes
File C:\RRbackups\C\1\Data55 50003968 bytes
File C:\RRbackups\C\1\Data56 50003968 bytes
File C:\RRbackups\C\1\Data57 50003968 bytes
File C:\RRbackups\C\1\Data58 50003968 bytes
File C:\RRbackups\C\1\Data59 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data60 50003968 bytes
File C:\RRbackups\C\1\Data61 50003968 bytes
File C:\RRbackups\C\1\Data62 50003968 bytes
File C:\RRbackups\C\1\Data63 50003968 bytes
File C:\RRbackups\C\1\Data64 50003968 bytes
File C:\RRbackups\C\1\Data66 50003968 bytes
File C:\RRbackups\C\1\Data67 50003968 bytes
File C:\RRbackups\C\1\Data68 50003968 bytes
File C:\RRbackups\C\1\Data69 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data70 50003968 bytes
File C:\RRbackups\C\1\Data71 50003968 bytes
File C:\RRbackups\C\1\Data72 50003968 bytes
File C:\RRbackups\C\1\Data73 50003968 bytes
File C:\RRbackups\C\1\Data74 50003968 bytes
File C:\RRbackups\C\1\Data75 50003968 bytes
File C:\RRbackups\C\1\Data76 50003968 bytes
File C:\RRbackups\C\1\Data77 50003968 bytes
File C:\RRbackups\C\1\Data78 50003968 bytes
File C:\RRbackups\C\1\Data79 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data80 50003968 bytes
File C:\RRbackups\C\1\Data81 50003968 bytes
File C:\RRbackups\C\1\Data82 50003968 bytes
File C:\RRbackups\C\1\Data83 50003968 bytes

TechPhi97
2010-11-11, 15:18
File C:\RRbackups\C\1\Data117 50003968 bytes
File C:\RRbackups\C\1\Data118 50003968 bytes
File C:\RRbackups\C\1\Data119 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data120 50003968 bytes
File C:\RRbackups\C\1\Data121 50003968 bytes
File C:\RRbackups\C\1\Data122 50003968 bytes
File C:\RRbackups\C\1\Data123 50003968 bytes
File C:\RRbackups\C\1\Data124 50003968 bytes
File C:\RRbackups\C\1\Data125 50003968 bytes
File C:\RRbackups\C\1\Data126 50003968 bytes
File C:\RRbackups\C\1\Data127 50003968 bytes
File C:\RRbackups\C\1\Data128 50003968 bytes
File C:\RRbackups\C\1\Data129 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data130 50003968 bytes
File C:\RRbackups\C\1\Data131 50003968 bytes
File C:\RRbackups\C\1\Data132 50003968 bytes
File C:\RRbackups\C\1\Data133 50003968 bytes
File C:\RRbackups\C\1\Data134 50003968 bytes
File C:\RRbackups\C\1\Data136 50003968 bytes
File C:\RRbackups\C\1\Data137 50003968 bytes
File C:\RRbackups\C\1\Data138 50003968 bytes
File C:\RRbackups\C\1\Data139 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data140 50003968 bytes
File C:\RRbackups\C\1\Data141 50003968 bytes
File C:\RRbackups\C\1\Data142 50003968 bytes
File C:\RRbackups\C\1\Data143 50003968 bytes
File C:\RRbackups\C\1\Data144 50003968 bytes
File C:\RRbackups\C\1\Data145 50003968 bytes
File C:\RRbackups\C\1\Data146 50003968 bytes
File C:\RRbackups\C\1\Data147 50003968 bytes
File C:\RRbackups\C\1\Data148 50003968 bytes
File C:\RRbackups\C\1\Data149 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data150 50003968 bytes
File C:\RRbackups\C\1\Data151 50003968 bytes
File C:\RRbackups\C\1\Data152 50003968 bytes
File C:\RRbackups\C\1\Data153 50003968 bytes
File C:\RRbackups\C\1\Data155 50003968 bytes
File C:\RRbackups\C\1\Data156 50003968 bytes
File C:\RRbackups\C\1\Data157 50003968 bytes
File C:\RRbackups\C\1\Data158 50003968 bytes
File C:\RRbackups\C\1\Data159 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data160 50003968 bytes
File C:\RRbackups\C\1\Data161 50003968 bytes
File C:\RRbackups\C\1\Data162 50003968 bytes
File C:\RRbackups\C\1\Data163 50003968 bytes
File C:\RRbackups\C\1\Data164 50003968 bytes
File C:\RRbackups\C\1\Data165 50003968 bytes
File C:\RRbackups\C\1\Data166 50003968 bytes
File C:\RRbackups\C\1\Data167 50003968 bytes
File C:\RRbackups\C\1\Data168 50003968 bytes
File C:\RRbackups\C\1\Data169 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data170 50003968 bytes
File C:\RRbackups\C\1\Data171 50003968 bytes
File C:\RRbackups\C\1\Data172 50003968 bytes
File C:\RRbackups\C\1\Data116 50003968 bytes
File C:\RRbackups\C\1\Data135 50003968 bytes
File C:\RRbackups\C\1\Data154 50003968 bytes
File C:\RRbackups\C\1\Data173 50003968 bytes
File C:\RRbackups\C\1\Data192 50003968 bytes
File C:\RRbackups\C\1\Data210 50003968 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data46 50003968 bytes
File C:\RRbackups\C\1\Data65 50003968 bytes
File C:\RRbackups\C\1\Data84 50003968 bytes
File C:\RRbackups\C\1\Data174 50003968 bytes
File C:\RRbackups\C\1\Data175 50003968 bytes
File C:\RRbackups\C\1\Data176 50003968 bytes
File C:\RRbackups\C\1\Data177 50003968 bytes
File C:\RRbackups\C\1\Data178 50003968 bytes
File C:\RRbackups\C\1\Data179 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data180 50003968 bytes
File C:\RRbackups\C\1\Data181 50003968 bytes
File C:\RRbackups\C\1\Data182 50003968 bytes
File C:\RRbackups\C\1\Data183 50003968 bytes
File C:\RRbackups\C\1\Data184 50003968 bytes
File C:\RRbackups\C\1\Data185 50003968 bytes
File C:\RRbackups\C\1\Data186 50003968 bytes
File C:\RRbackups\C\1\Data187 50003968 bytes
File C:\RRbackups\C\1\Data188 50003968 bytes
File C:\RRbackups\C\1\Data189 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data190 50003968 bytes
File C:\RRbackups\C\1\Data191 50003968 bytes
File C:\RRbackups\C\1\Data193 50003968 bytes
File C:\RRbackups\C\1\Data194 50003968 bytes
File C:\RRbackups\C\1\Data195 50003968 bytes
File C:\RRbackups\C\1\Data196 50003968 bytes
File C:\RRbackups\C\1\Data197 50003968 bytes
File C:\RRbackups\C\1\Data198 50003968 bytes
File C:\RRbackups\C\1\Data199 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data200 50003968 bytes
File C:\RRbackups\C\1\Data201 50003968 bytes
File C:\RRbackups\C\1\Data202 50003968 bytes
File C:\RRbackups\C\1\Data203 50003968 bytes
File C:\RRbackups\C\1\Data204 50003968 bytes
File C:\RRbackups\C\1\Data205 50003968 bytes
File C:\RRbackups\C\1\Data206 50003968 bytes
File C:\RRbackups\C\1\Data207 50003968 bytes
File C:\RRbackups\C\1\Data208 50003968 bytes
File C:\RRbackups\C\1\Data209 50003968 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data211 50003968 bytes
File C:\RRbackups\C\1\Data212 50003968 bytes
File C:\RRbackups\C\1\Data213 50003968 bytes
File C:\RRbackups\C\1\Data214 50003968 bytes
File C:\RRbackups\C\1\Data215 50003968 bytes
File C:\RRbackups\C\1\Data216 50003968 bytes
File C:\RRbackups\C\1\Data217 50003968 bytes
File C:\RRbackups\C\1\Data218 50003968 bytes
File C:\RRbackups\C\1\Data219 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data220 50003968 bytes
File C:\RRbackups\C\1\Data221 50003968 bytes
File C:\RRbackups\C\1\Data222 50003968 bytes
File C:\RRbackups\C\1\Data223 50003968 bytes
File C:\RRbackups\C\1\Data224 50003968 bytes
File C:\RRbackups\C\1\Data225 50003968 bytes
File C:\RRbackups\C\1\Data226 50003968 bytes
File C:\RRbackups\C\1\Data227 50003968 bytes
File C:\RRbackups\C\1\Data228 50003968 bytes
File C:\RRbackups\C\1\Data229 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data230 50003968 bytes
File C:\RRbackups\C\1\Data231 50003968 bytes
File C:\RRbackups\C\1\Data232 50003968 bytes
File C:\RRbackups\C\1\Data233 50003968 bytes
File C:\RRbackups\C\1\Data234 50003968 bytes
File C:\RRbackups\C\1\Data235 50003968 bytes
File C:\RRbackups\C\1\Data236 50003968 bytes
File C:\RRbackups\C\1\Data237 50003968 bytes
File C:\RRbackups\C\1\Data238 50003968 bytes
File C:\RRbackups\C\1\Data239 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data240 50003968 bytes
File C:\RRbackups\C\1\Data241 50003968 bytes
File C:\RRbackups\C\1\Data242 50003968 bytes
File C:\RRbackups\C\1\Data243 27299279 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data85 50003968 bytes
File C:\RRbackups\C\1\Data86 50003968 bytes
File C:\RRbackups\C\1\Data87 50003968 bytes
File C:\RRbackups\C\1\Data88 50003968 bytes
File C:\RRbackups\C\1\Data89 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\Data90 50003968 bytes
File C:\RRbackups\C\1\Data91 50003968 bytes
File C:\RRbackups\C\1\Data92 50003968 bytes
File C:\RRbackups\C\1\Data93 50003968 bytes
File C:\RRbackups\C\1\Data94 50003968 bytes
File C:\RRbackups\C\1\Data95 50003968 bytes
File C:\RRbackups\C\1\Data96 50003968 bytes
File C:\RRbackups\C\1\Data97 50003968 bytes
File C:\RRbackups\C\1\Data98 50003968 bytes
File C:\RRbackups\C\1\Data99 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 903432 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 91848920 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 4352688 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 900864 bytes
File C:\RRbackups\C\2\Info 756 bytes
File C:\RRbackups\C\2\TOCFile 91587840 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\C\3\Data0 50003968 bytes
File C:\RRbackups\C\3\Data1 50003968 bytes
File C:\RRbackups\C\3\Data10 34965249 bytes
File C:\RRbackups\C\3\Data2 50003968 bytes
File C:\RRbackups\C\3\Data3 50003968 bytes
File C:\RRbackups\C\3\Data4 50003968 bytes
File C:\RRbackups\C\3\Data5 50003968 bytes
File C:\RRbackups\C\3\Data6 50003968 bytes
File C:\RRbackups\C\3\Data7 50003968 bytes
File C:\RRbackups\C\3\Data8 50003968 bytes
File C:\RRbackups\C\3\Data9 50003968 bytes
File C:\RRbackups\C\3\dats 0 bytes
File C:\RRbackups\C\3\EFSFile 0 bytes
File C:\RRbackups\C\3\HashFile 913542 bytes

TechPhi97
2010-11-11, 15:19
File C:\RRbackups\C\3\Info 756 bytes
File C:\RRbackups\C\3\TOCFile 92876770 bytes
File C:\RRbackups\C\4 0 bytes
File C:\RRbackups\C\4\Data0 50003968 bytes
File C:\RRbackups\C\4\Data1 50003968 bytes
File C:\RRbackups\C\4\Data2 50003968 bytes
File C:\RRbackups\C\4\Data3 50003968 bytes
File C:\RRbackups\C\4\Data4 50003968 bytes
File C:\RRbackups\C\4\Data5 50003968 bytes
File C:\RRbackups\C\4\Data6 50003968 bytes
File C:\RRbackups\C\4\Data7 27134349 bytes
File C:\RRbackups\C\4\dats 0 bytes
File C:\RRbackups\C\4\EFSFile 0 bytes
File C:\RRbackups\C\4\HashFile 909828 bytes
File C:\RRbackups\C\4\Info 756 bytes
File C:\RRbackups\C\4\TOCFile 92499180 bytes
File C:\RRbackups\C\5 0 bytes
File C:\RRbackups\C\5\Data0 50003968 bytes
File C:\RRbackups\C\5\Data1 50003968 bytes
File C:\RRbackups\C\5\Data10 50003968 bytes
File C:\RRbackups\C\5\Data11 50003968 bytes
File C:\RRbackups\C\5\Data12 50003968 bytes
File C:\RRbackups\C\5\Data13 50003968 bytes
File C:\RRbackups\C\5\Data14 50003968 bytes
File C:\RRbackups\C\5\Data15 50003968 bytes
File C:\RRbackups\C\5\Data16 50003968 bytes
File C:\RRbackups\C\5\Data17 50003968 bytes
File C:\RRbackups\C\5\Data18 45131664 bytes
File C:\RRbackups\C\5\Data2 50003968 bytes
File C:\RRbackups\C\5\Data3 50003968 bytes
File C:\RRbackups\C\5\Data4 50003968 bytes
File C:\RRbackups\C\5\Data5 50003968 bytes
File C:\RRbackups\C\5\Data6 50003968 bytes
File C:\RRbackups\C\5\Data7 50003968 bytes
File C:\RRbackups\C\5\Data8 50003968 bytes
File C:\RRbackups\C\5\Data9 50003968 bytes
File C:\RRbackups\C\5\dats 0 bytes
File C:\RRbackups\C\5\EFSFile 0 bytes
File C:\RRbackups\C\5\HashFile 925782 bytes
File C:\RRbackups\C\5\Info 756 bytes
File C:\RRbackups\C\5\TOCFile 94121170 bytes
File C:\RRbackups\C\MERGE 0 bytes
File C:\RRbackups\C\MERGE\Data0 0 bytes
File C:\RRbackups\C\MERGE\EFSFile 0 bytes
File C:\RRbackups\C\MERGE\HashFile 0 bytes
File C:\RRbackups\C\MERGE\Info 0 bytes
File C:\RRbackups\C\MERGE\TOCFile 0 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\bt2.dat 32256 bytes
File C:\RRbackups\common\bt3.dat 32256 bytes
File C:\RRbackups\common\bt4.dat 32256 bytes
File C:\RRbackups\common\bt5.dat 32256 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 814503 bytes
File C:\RRbackups\common\rr_bcdenum.dat 3572 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\secpolicy.dat 24576 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 15 bytes
File C:\RRbackups\common\usersids.dat 20800 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-500\ae008170-b5eb-4f2c-9530-5f1c2f162145 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\c21f71eb-72dc-44ef-9aad-c790a2d324e5 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\c21f71eb-72dc-44ef-9aad-c790a2d324e5 388 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\c21f71eb-72dc-44ef-9aad-c790a2d324e5 388 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\Scott Stark.pwm 298 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\Scott Stark.pwm.bak 1712 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22) 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\Scott Stark.pwm 298 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\Scott Stark.pwm.bak 1712 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(22)\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26) 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\Scott Stark.pwm 298 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\Scott Stark.pwm.bak 1712 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Lenovo\Client Security Solution(26)\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\01cba0cb577f03c3c1ecd198c983c195_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\023db9d45ca430712db510984f60e0da_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\03ba81083ba9e723af66c9af49d74d5a_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\0761a009aa6ad373c24ef0fff5065234_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\09b8d612065dd35838c61c6caab1a67b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\10817ad052942d572f33e52a61bc31b8_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\13da85ea86c6f4478ace1b578f4dece1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\1df6329bcca94d4efca14a6ed9473846_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\214ab53631094016f65db699b5a320e5_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\215d06e89082f3d6e228bebf4ab126f2_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\255418fe9ea5ee7d769e43ddb5372618_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\270a76b0664c573610c54885a457ba1f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\274e78a5092abea66ba365b4b159553e_755c011d-9e9b-4103-9107-9ec55de9fb9d 49 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\2b593961cde155c6716177f53d172c83_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\2ed09f97a1f700685b5d15da8befdef0_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\2edf3d4656ecd9c7558925f86c4d3535_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\363b0e6a055da3319eb54b97d81f84ee_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\36bb13aafababbf3ac1578ccd39483b9_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\3cfc9ec51673d237d7698b7437156893_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\3f0707b199ccaf963d0b39a349cd2036_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\402138c833c53ec3edca519ed713229e_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\45ce5ba4d81000dbeca64c52637b9f42_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\4a1af75338e34477820b816f3dab2208_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\4bd07e1ba952c6aa9bf83a8d98c08949_755c011d-9e9b-4103-9107-9ec55de9fb9d 54 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\1291da8872002c523280e92dd6a27e82_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\389414cb8dabc34b2a83306a3f6e7964_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\7077599fa9de361d0f9cfedcde5fd1ef_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\90ddcd2017f9779c44028a1bde1d61f9_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\c02952f00afb5310f1913ea522cbbbb9_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e00d86d106f5ed73e3046b1365b3879e_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\533145ef011ddf5ca3983e2545a902b4_755c011d-9e9b-4103-9107-9ec55de9fb9d 2075 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\53fdf2f50d9dc6fefddefd254774fe82_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\648d95cfbde537a838543b28b51e3209_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\6719d13b6163045cefcce4cf8183dee1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\6b1f8fa5672ee6d018fa3156954aea45_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\6b29ae44e85efac3c72ff4d1865d73f1_755c011d-9e9b-4103-9107-9ec55de9fb9d 53 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\73727d9d2e4f8eb187bdce8d75edcd53_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\7697de2a9e0b9dd22375199035fdb6a9_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\76c8320bc63239ceeb040ca7c10e884f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\79e4cdb4f425750b7f95d43bc411e860_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\7bdfcb7fddbc44497f3f6bbda3ee7afb_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\7dbd7215ee4c06f4bbef52c76e116b77_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\7f6244cab76b7f8c273f34e3a022fbe1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\82798058a0540557257261a1ecac8b62_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\83aa4cc77f591dfc2374580bbd95f6ba_755c011d-9e9b-4103-9107-9ec55de9fb9d 45 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\892ebad8ad628a6884202f9a827b9ad8_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\8d4ae3a1e2ea171048f0e132b0c3c257_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\8f71098770f72c7a67cd8f1151619865_755c011d-9e9b-4103-9107-9ec55de9fb9d 54 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\92c4a3350188ee8fbd9e5631af1cfb95_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\932a2db58c237abd381d22df4c63a04a_755c011d-9e9b-4103-9107-9ec55de9fb9d 87 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\96050b2530e027bf30a86c7521e32e26_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\a91d80e88a0e5f0ea2d727784f315fd4_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\ab10313cc01b9d7191ab71bd27ab2d0b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\abae1819e1e8709bc4105d10b1f2918b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\ac7b05e12b2778b61ad651c51a188f42_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\aea7e9fc56593c1496e5df6563acf08b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\b8533352989274744bf70d6264ec351f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\ba37ec674c55a7a3a4fbc93ec665f522_755c011d-9e9b-4103-9107-9ec55de9fb9d 52 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\bdba836cadf1d7f5b1608728349eae0f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\bec60e76b5855294f006683572e566bd_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\c22e3e8972973f486fc594ddfecf9832_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\c2af68192b786b6b28e7eda8a46087cb_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\c41dd55255189506a3e3eddd65647464_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\c5742f8d1587e685ec650547330b619c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\c60fed8792e7a71b4b2fbb66c786a6ea_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\ca748ed6f9e5f1f4fcd0cfcbe0051275_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\cdc69a95be97bfd765b8ab2c9267968f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\ce69003f2e16a4df2856609f4c97452b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\d2c0b7fd3e20ff9246b28cfab9fe98ec_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\d8990ad09d32c3d6990f4f82222f3f53_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\d8a05d4c3d35dfb07d25ccfbd1270b0b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\dcf68e8861e6e37082815f24c4f80407_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e316941042181bec50612c309f0267b6_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e3b7b051145c6dc31785ef21be28ce5a_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e729bb3c42d3a8423cd7dbf76b8ac4c6_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e79efa8c8899597971f6d40a87316c43_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e8ceeb6ee6e378173a9d44c64ba8134f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\e9f4fe2f3618c940a318029ccb32229c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\eacddcdf0664a4675f97cbe75ac0ce55_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\ead46f19f6afaf7e91f231df237c6179_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\eae00b203d250675621e75d87f0e523a_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\f04df839dc1e601b18921b474153151c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\f6532877ef2fabe673b01916c2956b17_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\f89d5998ea1d37dc8564916e3100afe2_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\f946aa0850a5fc7f588efa348b08fafe_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-494352201-3148980307-2985411357-1005\fc6ae5d06140f0713632c46f0152f668_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\008e07d9-54c3-477c-a436-4541c7909277 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\08350532-03bc-450b-960a-acc8073715ac 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\08f7ecb6-2d14-49a1-a513-ef9673d467cf 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\14aadb9e-ce5e-48f7-82bb-2aaf47dd5615 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\18f3b1e9-7570-4885-8c43-18b525e49d37 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\2631650c-4ee7-4a7f-8fbc-b17c82574899 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\599764cd-cb21-4222-a7d3-ce0aa99cac92 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\b75016e4-3ee7-47aa-9957-dc0f3f61611c 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\c6dcc5d2-0471-4535-8e44-194740e926a7 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\cf933276-dccd-42d5-a305-344a852d6c2f 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\e0f19dc7-f2f4-4ba2-b706-3499a3607e6c 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\f0f69ef0-10ed-46cd-83b5-e1c59e9af268 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\f1eb07de-41cd-4191-8572-68bb67514a5a 388 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-494352201-3148980307-2985411357-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\c21f71eb-72dc-44ef-9aad-c790a2d324e5 388 bytes

TechPhi97
2010-11-11, 15:19
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\Protect\S-1-5-21-918056312-2952985149-2686913973-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Scott Stark\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\044576b84f9e3a9b19e4cd1cf6eb4d37_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0636354dfb2f1ad3cc7ebbed2c56d950_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\072eada7f2328f9c311213e36f273675_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e4e52b801a3230944ea0b262a6cc98_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09c4e7578308187a0563620fe61f2ce6_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e9a7b9ae4df876602ab952441c155d0_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fd31b90ae1ac2e5c966ead491232ccb_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ff864cc3334aa5bcdae5df8d3edb3fe_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\126750d1ae909457015493f712e3dca1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\19c68df43299f87873bd62301cf04475_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2109ee42df26265a7aadb8cc6533d3e5_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21db220518a6ecc758f3d871239a7eec_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27e1a4a308bf5a411ed00732b2d26ce0_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2b464f3d04ed498a0894675b91af731c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d3d6407a502b14da1f365b10c7dc998_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\315e2c81e5fb98704d2cf62198a3dcff_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3360f29a05728e4c30d95ae3750ef1be_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\336369d03d2ed52f256d87d2c9f4f814_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\368aa227dd97cbf4da258ba64b3d8219_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3725d5a74b03b147f4ba24b22f47534b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3807f2d7eb0b2adb05b12d6be50d816d_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3db666bcb375d07dec97bb0cb6d1f802_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3e882456d04c7fdf9772f4c4e38607c6_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\40302d68a5e5bf118085f4d16130bf6b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ec54c0e15aa1ec5121504b539ee431c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35de532ec4f0ea3f90f224f62b016fe2_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\543a3b1da8fa3b177ba9b63eae6ba1da_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7155689af134819cd1a52c3c898bc056_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90c7e50aacc4ac6b74e56f7d8ea280e6_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab8abe959859e06167de65422aa52852_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce0efd14bb199e9b369c8f315d187202_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f61bafcec389f1f0f140e6e6c8e49f4a_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\409c123d705cb64b6f0c6a55cfd49d1d_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45f120057959ef51f32affabdbcd4b2b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4cd5871bc77020b09792ba4f574cb665_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e55637da08222421c69e30ad8767b25_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f6aa545f19e0b6c788ba85d3693de4e_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52981d9b89a0919be5e3e4280d93671d_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\590dc5d0a3933991dcddf87b5d151126_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\596f27fa977b949f17c284106295ebf3_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5971222925450d340a07f74b3b1eaadd_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59e7f1dcea9fc17af73ab1261a8a5dd5_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59fce18b0acf79807df9e43d7b977e0c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c213ef630069683d26377b3722367e1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6084836c3eec1dd06ecab75001a81f55_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63a252e27476a92242740091de7ab436_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66ced6097abb12574c46d1c21335d5a7_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ca9cb7bb4fd4e46670298c5f49546ec_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d22731178e2a4ac12a3da2467d18740_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7095a251fd0ac33c597f2a92204d7929_755c011d-9e9b-4103-9107-9ec55de9fb9d 923 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\720085130e330ab5519de47107077bda_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\741ce2cbe5aad5e99427fba07ef81d23_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b0a9344de84b27678af568fc1fe5413_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7be58397aaebcf28605d1e9b8085395a_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86b4ec372952b3d9b59801dad0718de9_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\897b90ee0421cde0faef0a086c43acd5_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ade71f9ad9e271576dc763dbed73149_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d3538988e6bfc1113ec9781021eaed1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f0ddcc860db513417c1f9a6816a7b28_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90624fc75ebcb3e1a539a7264ebf3850_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\906d84f46de09df98170c7ea9d92b692_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\907d0439a0bad4142792cfe39f45f87e_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\91978f058bc932fa7bbc3b23dda96daf_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\939b5327e21c59e6d7341f7b4527544f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\96226b16ea0673f8607a0549933db50e_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9aa9f4c74450f6b9c7aff444ce540883_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f943bf4d9d377baf5d242c99c88c115_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9fb20fb4261da451d8c00ecf0b0bae37_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2b5609f6cd6553516344629c5d65a6d_755c011d-9e9b-4103-9107-9ec55de9fb9d 1310 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a496c8066f4046d7c6533d3d375f78a7_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a4cb2512a414834e39ebfc07d29735b3_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a70a1f947692348037521c4fdb63e937_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa819e58adb6b4acb417443092bf8b70_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aabd11cfa3d4b25567629dd2b1ccfbd7_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac265abc8ccb59d408a8dcb38d3deee7_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aeb90a063b29a6b0aa953823d6682c2a_755c011d-9e9b-4103-9107-9ec55de9fb9d 923 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b20f3992d55d4551fbd56de12fbd3b93_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b89205ac6f33eba5f49262a41d9f1006_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8fe3c141c2b0a8bd29b00c3103da66c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c04d30a0330329df2a04cc2da5e43db6_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0926a7b05e8386c76676c9e4dd480e2_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0d4e1b0c051f7708e944f6e2b1f84eb_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1c8f63037c92dc4223cb8e4b964108f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4b06b5e1adc196cdd24bc22ce0d6c6f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb4a2fd575d8e89b90efc9b01e734b9d_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb9c4d04de93271e919df37aea9a3294_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d182751d03c937de076fc8240cd4a1fd_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3d8d1c4bf696092d12b56a266aa7175_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d52f68852d6272ef667959d204789007_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9eaaa5ec1db395a2df7ac7fe185706b_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc71addaac12f6879f3c2c2429e5db4a_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e302b30b390ba50554f027739466b858_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5b5a51c9068b7119f5ce5481a9ca234_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec90f4b3c447765aa50d29d645abef6c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ed61a66ebc02f28627ee43c4a21bfa4f_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee5d5c560b5965734dcdeb41e9adfcd8_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eeeed76c3f5a41a188becb965936b029_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f13eb1f3d92ce67b3fd765cead5e464c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f68060c5b5dd436f58a4a5bdba5581bf_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f80857cc522785e8598eed225b80bab5_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f808f7d0a68b5f9a6a70000fb495d4f4_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9f7cb3a929c00d3a32e080b27e1a075_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fed8c5f4a6c796077c5253d1e9393aa1_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff6cb0cdae1ca40db809534840a86f5c_755c011d-9e9b-4103-9107-9ec55de9fb9d 1763 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_755c011d-9e9b-4103-9107-9ec55de9fb9d 53 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_755c011d-9e9b-4103-9107-9ec55de9fb9d 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_755c011d-9e9b-4103-9107-9ec55de9fb9d 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_755c011d-9e9b-4103-9107-9ec55de9fb9d 893 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes
File C:\RRbackups\SIS\C\0\Data15 8716305 bytes
File C:\RRbackups\SIS\C\0\Data0 1996119 bytes
File C:\RRbackups\SIS\C\0\Data1 50003968 bytes
File C:\RRbackups\SIS\C\0\Data10 1550026 bytes
File C:\RRbackups\SIS\C\0\Data11 95 bytes
File C:\RRbackups\SIS\C\0\Data12 95 bytes
File C:\RRbackups\SIS\C\0\Data13 95 bytes
File C:\RRbackups\SIS\C\0\Data14 50003968 bytes
File C:\RRbackups\SIS\C\0\Data16 50003968 bytes
File C:\RRbackups\SIS\C\0\Data17 50003968 bytes
File C:\RRbackups\SIS\C\0\Data18 13773015 bytes
File C:\RRbackups\SIS\C\0\Data19 2055277 bytes
File C:\RRbackups\SIS\C\0\Data2 37140228 bytes
File C:\RRbackups\SIS\C\0\Data20 2381272 bytes
File C:\RRbackups\SIS\C\0\Data21 165 bytes
File C:\RRbackups\SIS\C\0\Data3 50003968 bytes
File C:\RRbackups\SIS\C\0\Data4 50003968 bytes
File C:\RRbackups\SIS\C\0\Data5 50003968 bytes
File C:\RRbackups\SIS\C\0\Data6 50003968 bytes
File C:\RRbackups\SIS\C\0\Data7 50003968 bytes
File C:\RRbackups\SIS\C\0\Data8 50003968 bytes
File C:\RRbackups\SIS\C\0\Data9 50003968 bytes
File C:\RRbackups\SIS\C\0\HashFile 66 bytes
File C:\RRbackups\SIS\C\0\TOCFile 6710 bytes

---- EOF - GMER 1.0.15 ----

TechPhi97
2010-11-11, 15:23
Norton Update: The information I posted about the SillyFDC virus was in the Quarantined Files log of Norton. It says that Norton has taken care of those viruses, and no action needs to be taken on my part. I typed in the response because I can't find the log in a format where I can copy/paste.

Performance Update: I can now access the Internet via IE now, so it looks like some of the prior steps in the process cleaned that up. I see there is still a Trojan on the machine, so I'm sure there is still some work to be done.

Thank you for all your help!

Jack&Jill
2010-11-12, 02:23
Hello TechPhi97 :),

The entry found by ESET is one of the add-ons on Firefox; All-in-One Sidebar. Please uninstall it when you have Firefox open via Tools > Add-ons. Select All-in-One Sidebar and click Uninstall. Restart Firefox.

--------------------

I want you to update MBAM and run a scan.

Open MBAM and click on the Update tab, then Check for Updates.
When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. the MBAM report
2. new OTL log

TechPhi97
2010-11-12, 03:32
I un-installed Firefox a long time ago, and I'm not sure why the Add-In is still there. Is there a way to remove the Add-In without Firefox installed?

I am running Malware Bytes right now.

TechPhi97
2010-11-12, 03:50
Here are the results from MBAM - it found one infected file.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5097

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/11/2010 8:49:08 PM
mbam-log-2010-11-11 (20-49-08).txt

Scan type: Quick scan
Objects scanned: 149731
Time elapsed: 13 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Scott Stark\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.

Jack&Jill
2010-11-12, 05:18
Hello TechPhi97 :),

Please backup the registry again using ERUNT.

--------------------

Fix with OTL

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste the following text into the white box below Custom Scans/Fixes:

:otl
[2009/03/15 21:55:35 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

:commands
[CREATERESTOREPOINT]
[emptytemp]
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.

--------------------

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the OTL fix log
2. new OTL log (OTL.txt only)
3. any more problems?

TechPhi97
2010-11-12, 07:08
Output from the OTL fix:

All processes killed
========== OTL ==========
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\skin\toolbar folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\skin\smallIcons folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\skin\images folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\skin folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\zh-TW folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\zh-CN folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\vi-VN folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\uk-UA folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\tr-TR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\sv-SE folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\sr-RS folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\sk-SK folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\ru-RU folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\ro-RO folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\pt-PT folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\pt-BR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\pl-PL folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\nl-NL folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\nb-NO folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\lt-LT folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\ko-KR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\ja-JP folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\it-IT folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\hy-AM folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\hu-HU folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\hr-HR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\he-IL folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\fr-FR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\fi-FI folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\et-EE folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\es-ES folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\es-AR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\en-US folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\en-GB folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\el-GR folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\de-DE folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\da-DK folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\cs-CZ folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\be-BY folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale\ar folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\locale folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\defaults\preferences folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\defaults folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\content\prefs folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\content folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}\.settings folder moved successfully.
C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} folder moved successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Scott Stark
->Temp folder emptied: 1905676 bytes
->Temporary Internet Files folder emptied: 3817555 bytes
->Java cache emptied: 7000 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 560 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 49650 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11112010_235939

Files\Folders moved on Reboot...
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFD28A.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFD2BE.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFD6F2.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFD755.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFD9EC.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFD9F3.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFDAD6.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFDB0C.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFDD63.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFDDE9.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFE869.tmp not found!
File\Folder C:\Users\Scott Stark\AppData\Local\Temp\~DFE8E8.tmp not found!
C:\Users\Scott Stark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBY5M16Z\mail[1].htm moved successfully.
C:\Users\Scott Stark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF7KHLSX\mail[1].htm moved successfully.
C:\Users\Scott Stark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPPZK7IG\mail[1].htm moved successfully.
C:\Users\Scott Stark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPPZK7IG\mail[2].htm moved successfully.
C:\Users\Scott Stark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPPZK7IG\mail[3].htm moved successfully.
C:\Users\Scott Stark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPPZK7IG\showthread[1].htm moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

TechPhi97
2010-11-12, 07:18
OTL logfile created on: 11/12/2010 12:09:55 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Scott Stark\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.66 Gb Total Space | 8.90 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: STARKMG-001 | User Name: Scott Stark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 08:08:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/05 17:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 17:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/07/05 17:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 17:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 17:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/06/11 09:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2007/04/09 02:18:56 | 001,261,568 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/28 12:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/22 12:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2007/03/02 00:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2007/02/05 16:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2007/01/08 22:12:28 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/01/08 22:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/01/08 22:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/01/08 22:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/01/08 21:49:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/08 21:36:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/08 20:42:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/21 21:40:06 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/17 00:00:10 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/11/15 18:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 18:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/07 05:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 02:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2010/11/09 08:08:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2007/01/25 01:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/05 17:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/07/05 17:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/06/11 09:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/05/31 05:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/02 19:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/03/02 00:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007/02/05 16:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/08 22:12:20 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/01/08 22:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/08 22:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/01/08 21:36:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/08 20:42:20 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/21 21:40:06 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/12/15 18:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/15 18:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/11/03 19:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/19 15:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101111.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/09/28 21:42:15 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101111.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 21:42:15 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101111.039\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 20:51:39 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 05:29:20 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/04 20:33:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/17 01:01:44 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/07 16:04:22 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/10/07 16:04:22 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/03/05 17:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/19 02:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/22 02:08:58 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/04 16:14:44 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/08/16 07:30:37 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/06/18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/17 12:05:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2007/05/31 05:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/03/13 18:13:54 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/13 18:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/13 18:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/13 18:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/13 18:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/13 18:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/13 18:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/13 18:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 03:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/03/02 19:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 19:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/11 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/09 14:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/21 21:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 21:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/28 02:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/06 03:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/09/13 14:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/13 00:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2006/08/30 05:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.4.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 16:34:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/04/04 20:46:31 | 000,000,000 | ---D | M]

[2008/08/28 08:39:53 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Extensions
[2010/11/11 23:59:46 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions
[2009/09/03 21:46:26 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/06/20 08:36:33 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/09/02 21:28:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Scott Stark\AppData\Roaming\Mozilla\Firefox\Profiles\tuq34dax.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/08 11:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2008/09/13 13:36:38 | 000,002,776 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 63.240.6.184 MI8NYCMAIL34 MI8NYCMAIL34.MI8.COM
O1 - Hosts: 63.240.6.24 MI8NYCMAIL13 MI8NYCMAIL13.MI8.COM
O1 - Hosts: 63.240.6.190 MI8NYCMAIL40 MI8NYCMAIL40.MI8.COM
O1 - Hosts: 63.240.6.189 MI8NYCMAIL39 MI8NYCMAIL39.MI8.COM
O1 - Hosts: 63.240.6.176 MI8NYCMAIL26 MI8NYCMAIL26.MI8.COM
O1 - Hosts: 63.240.6.16 MI8NYCMAIL05 MI8NYCMAIL05.MI8.COM
O1 - Hosts: 63.240.6.182 MI8NYCMAIL32 MI8NYCMAIL32.MI8.COM
O1 - Hosts: 63.240.6.168 MI8NYCMAIL18 MI8NYCMAIL18.MI8.COM
O1 - Hosts: 63.240.6.174 MI8NYCMAIL24 MI8NYCMAIL24.MI8.COM
O1 - Hosts: 63.240.6.22 MI8NYCMAIL11 MI8NYCMAIL11.MI8.COM
O1 - Hosts: 63.240.6.187 MI8NYCMAIL37 MI8NYCMAIL37.MI8.COM
O1 - Hosts: 63.240.6.166 MI8NYCMAIL16 MI8NYCMAIL16.MI8.COM
O1 - Hosts: 63.240.6.27 MI8NYCMAIL03 MI8NYCMAIL03.MI8.COM
O1 - Hosts: 63.240.6.180 MI8NYCMAIL30 MI8NYCMAIL30.MI8.COM
O1 - Hosts: 63.240.6.179 MI8NYCMAIL29 MI8NYCMAIL29.MI8.COM
O1 - Hosts: 63.240.6.19 MI8NYCMAIL08 MI8NYCMAIL08.MI8.COM
O1 - Hosts: 63.240.6.172 MI8NYCMAIL22 MI8NYCMAIL22.MI8.COM
O1 - Hosts: 63.240.6.185 MI8NYCMAIL35 MI8NYCMAIL35.MI8.COM
O1 - Hosts: 63.240.6.61 MI8NYCMAIL14 MI8NYCMAIL14.MI8.COM
O1 - Hosts: 63.240.6.25 MI8NYCMAIL01 MI8NYCMAIL01.MI8.COM
O1 - Hosts: 63.240.6.177 MI8NYCMAIL27 MI8NYCMAIL27.MI8.COM
O1 - Hosts: 63.240.6.17 MI8NYCMAIL06 MI8NYCMAIL06.MI8.COM
O1 - Hosts: 63.240.6.170 MI8NYCMAIL20 MI8NYCMAIL20.MI8.COM
O1 - Hosts: 19 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-494352201-3148980307-2985411357-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 23:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/10 20:30:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/09 08:10:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
[2010/10/30 09:57:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 09:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/30 09:56:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Scott Stark\Desktop\erunt-setup.exe
[2010/10/28 06:03:34 | 000,000,000 | ---D | C] -- C:\Users\Scott Stark\AppData\Local\CrashDumps
[2010/10/27 06:28:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 06:28:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/27 06:28:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/13 18:26:45 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 18:26:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 18:26:10 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 18:26:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 18:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 18:26:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 18:26:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 18:26:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 18:26:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 18:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 18:26:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 18:26:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 18:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 18:26:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 18:26:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 18:26:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 18:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 18:26:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 18:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 18:26:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 18:25:55 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 18:25:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 18:25:53 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 18:25:49 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 18:25:48 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2007/05/17 06:06:54 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/05/17 06:05:36 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/05/17 06:00:54 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/05/17 06:00:50 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/05/17 06:00:08 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/05/17 05:58:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/05/17 05:58:38 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/05/17 05:58:12 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/05/17 05:55:16 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/05/17 05:55:12 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/05/17 05:54:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll

========== Files - Modified Within 30 Days ==========

[2010/11/12 00:10:47 | 000,618,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/12 00:10:47 | 000,109,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/12 00:04:29 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2010/11/12 00:04:17 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2010/11/12 00:04:14 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 00:04:14 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 00:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/11 23:58:36 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
[2010/11/11 07:45:04 | 000,296,448 | ---- | M] () -- C:\Users\Scott Stark\Desktop\imsepp2i.exe
[2010/11/10 20:52:49 | 000,630,272 | ---- | M] () -- C:\Users\Scott Stark\Desktop\dds.scr
[2010/11/10 20:52:49 | 000,630,272 | ---- | M] () -- C:\Users\Scott Stark\Desktop\dds.com
[2010/11/09 08:08:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Scott Stark\Desktop\OTL.exe
[2010/11/08 08:08:31 | 000,630,272 | ---- | M] () -- C:\Users\Scott Stark\Documents\dds.com
[2010/10/30 09:56:33 | 000,000,923 | ---- | M] () -- C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/30 09:56:18 | 000,000,743 | ---- | M] () -- C:\Users\Scott Stark\Desktop\NTREGOPT.lnk
[2010/10/30 09:56:18 | 000,000,724 | ---- | M] () -- C:\Users\Scott Stark\Desktop\ERUNT.lnk
[2010/10/30 09:54:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Scott Stark\Desktop\erunt-setup.exe
[2010/10/27 23:35:49 | 000,000,460 | RHS- | M] () -- C:\Users\Scott Stark\ntuser.pol
[2010/10/23 08:21:50 | 000,028,160 | ---- | M] () -- C:\Users\Scott Stark\Documents\Mustard Slaw.doc
[2010/10/14 19:33:57 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2010/10/14 05:52:29 | 000,414,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/11 07:44:59 | 000,296,448 | ---- | C] () -- C:\Users\Scott Stark\Desktop\imsepp2i.exe
[2010/11/08 08:07:18 | 000,630,272 | ---- | C] () -- C:\Users\Scott Stark\Desktop\dds.scr
[2010/11/08 08:07:04 | 000,630,272 | ---- | C] () -- C:\Users\Scott Stark\Desktop\dds.com
[2010/11/08 08:00:23 | 000,630,272 | ---- | C] () -- C:\Users\Scott Stark\Documents\dds.com
[2010/10/30 09:56:33 | 000,000,923 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/30 09:56:18 | 000,000,743 | ---- | C] () -- C:\Users\Scott Stark\Desktop\NTREGOPT.lnk
[2010/10/30 09:56:18 | 000,000,724 | ---- | C] () -- C:\Users\Scott Stark\Desktop\ERUNT.lnk
[2010/10/27 23:35:49 | 000,000,460 | RHS- | C] () -- C:\Users\Scott Stark\ntuser.pol
[2010/10/23 08:21:50 | 000,028,160 | ---- | C] () -- C:\Users\Scott Stark\Documents\Mustard Slaw.doc
[2009/10/20 15:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/12 20:48:49 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2009/08/12 20:48:49 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2009/08/12 20:48:49 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2009/08/12 20:48:48 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 07:16:30 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/10/07 16:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2008/07/11 11:46:24 | 000,000,310 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\APUSet.xml
[2008/07/11 11:46:18 | 000,006,502 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\PrimoPDFSet.xml
[2008/07/08 13:15:14 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/06/16 12:06:29 | 000,000,099 | ---- | C] () -- C:\Users\Scott Stark\AppData\Local\fusioncache.dat
[2008/06/16 11:44:06 | 000,013,600 | ---- | C] () -- C:\Windows\System32\sasperf.dll
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/04/04 09:38:18 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/04/04 09:38:18 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/04/04 09:33:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2008/04/04 09:33:01 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2008/04/04 09:32:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/03/04 17:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/10 21:51:10 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2007/10/31 08:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/09/19 01:44:24 | 000,006,144 | ---- | C] () -- C:\Users\Scott Stark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/31 09:31:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/26 14:57:31 | 000,033,476 | ---- | C] () -- C:\Users\Scott Stark\AppData\Roaming\Comma Separated Values (Windows).ADR
[2007/08/25 09:46:28 | 000,001,356 | ---- | C] () -- C:\Users\Scott Stark\AppData\Local\d3d9caps.dat
[2007/08/16 07:20:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/16 07:20:21 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/16 07:20:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/16 07:20:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/16 07:20:21 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/16 07:20:21 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/16 07:17:57 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/16 07:17:56 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/08/16 07:03:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007/08/16 07:03:31 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/16 07:00:19 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2007/06/19 13:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/05/21 22:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/05/17 12:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/30 05:13:24 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/03/02 07:15:36 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007/03/02 07:15:25 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/30 12:31:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
[2006/07/31 20:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll

========== LOP Check ==========

[2010/09/23 06:35:49 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Abecsa
[2010/07/23 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\ADDINSOFT
[2008/04/24 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\eFax Messenger
[2008/11/06 12:01:33 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Elluminate
[2009/04/10 09:22:45 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\gtk-2.0
[2010/01/31 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\ICAClient
[2009/04/07 10:14:32 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Inkscape
[2007/08/24 22:38:04 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Leadertech
[2007/11/20 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Lenovo
[2009/02/16 11:21:37 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Oracle
[2008/06/16 20:57:07 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\SAS
[2010/04/04 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Tific
[2010/09/22 23:35:06 | 000,000,000 | ---D | M] -- C:\Users\Scott Stark\AppData\Roaming\Yquf
[2010/11/12 00:02:50 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/11 23:58:36 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job

========== Purity Check ==========



< End of report >

TechPhi97
2010-11-12, 07:20
The laptop seems to be working OK now, I'm not sure if everything is cleaned off but its working!

I'll let you be the final judge as to whether or not its clean.

Jack&Jill
2010-11-12, 08:28
Hello TechPhi97 :),

A few more things to note and clarify before I give you the All Clear.


Drive C: | 86.66 Gb Total Space | 8.90 Gb Free Space | 10.27% Space Free | Partition Type: NTFS Watch your disk space.


[2010/11/11 07:44:59 | 000,296,448 | ---- | C] () -- C:\Users\Scott Stark\Desktop\imsepp2i.exe Any idea what is this?

TechPhi97
2010-11-12, 15:00
Hello TechPhi97 :),

A few more things to note and clarify before I give you the All Clear.

Watch your disk space.

Any idea what is this?

I need to do some backup/cleanup of old files - thanks for pointing out the space issue.

The imsepp2i.exe file is the executable for GMER that I used during this process.

Jack&Jill
2010-11-13, 07:32
Hello TechPhi97 :),

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 8.1.2


Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Different language or operating system? link.
Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
Change the language if you want by clicking on English below the Select a language title.
Press Continue.
Uncheck (untick) Free McAfee Security Scan (optional).
Click the Download now button after selecting the latest version.
Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Go to the Java SE download page. Click here. (http://java.sun.com/javase/downloads/index.jsp)
Look for JDK 6 Update 22 (JDK or JRE). Click the Download JRE button to the right.
Select Windows from the drop-down list for Platform.
Check I agree to the Java SE Runtime Environment 6u22 with JavaFX License Agreement after reading it, and click Continue >>. The page will refresh.
Under the Windows Offline Installation title, click on the link which says jre-6u22-windows-i586.exe and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the GMER (imsepp2i.exe) and USBNoRisk files on your desktop.
Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html), Windows Vista (https://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsvista.mspx) or Windows 7 (http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html) for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.

7. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.

8. Protect your computer from removable or USB drive infections with Panda USB Vaccine (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/), an effective method to prevent malware from spreading.

9. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.

10. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

11. Also look up How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html), So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279) and Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx).

Stay safe.

Jack&Jill
2010-11-16, 11:07
As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)