Solved Zlob & More

D

dnar34

Posts: 26   +0
This compuer is very slow. I think I have virus'

Here are my logs, thank you for your help!

Mbam:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.15.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Randy :: RANDY [administrator]
Protection: Enabled
8/15/2012 12:20:04 PM
mbam-log-2012-08-15 (12-20-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231704
Time elapsed: 29 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Data: Þµë÷TA£I¸
‹Ð -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113B5DE-F7EB-4154-A311-497FB80D8BD0} (Trojan.Zlob) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-15 15:07:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.SB2I
Running: ef2k82pf.exe; Driver: C:\DOCUME~1\Randy\LOCALS~1\Temp\fgtdrpog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1660] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
 
more gmer:

File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 10130691 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 417408 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 42436480 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data100 50003968 bytes
File C:\RRbackups\C\1\Data101 50003968 bytes
File C:\RRbackups\C\1\Data102 50003968 bytes
File C:\RRbackups\C\1\Data103 50003968 bytes
File C:\RRbackups\C\1\Data104 50003968 bytes
File C:\RRbackups\C\1\Data105 50003968 bytes
File C:\RRbackups\C\1\Data106 50003968 bytes
File C:\RRbackups\C\1\Data107 50003968 bytes
File C:\RRbackups\C\1\Data108 50003968 bytes
File C:\RRbackups\C\1\Data109 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data110 50003968 bytes
File C:\RRbackups\C\1\Data111 50003968 bytes
File C:\RRbackups\C\1\Data112 50003968 bytes
File C:\RRbackups\C\1\Data113 50003968 bytes
File C:\RRbackups\C\1\Data114 50003968 bytes
File C:\RRbackups\C\1\Data115 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
 
more gmer:

File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 50003968 bytes
File C:\RRbackups\C\1\Data42 50003968 bytes
File C:\RRbackups\C\1\Data43 50003968 bytes
File C:\RRbackups\C\1\Data44 50003968 bytes
File C:\RRbackups\C\1\Data45 50003968 bytes
File C:\RRbackups\C\1\Data47 50003968 bytes
File C:\RRbackups\C\1\Data48 50003968 bytes
File C:\RRbackups\C\1\Data49 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data50 50003968 bytes
File C:\RRbackups\C\1\Data51 50003968 bytes
File C:\RRbackups\C\1\Data52 50003968 bytes
File C:\RRbackups\C\1\Data53 50003968 bytes
File C:\RRbackups\C\1\Data54 50003968 bytes
File C:\RRbackups\C\1\Data55 50003968 bytes
File C:\RRbackups\C\1\Data56 50003968 bytes
File C:\RRbackups\C\1\Data57 50003968 bytes
File C:\RRbackups\C\1\Data58 50003968 bytes
File C:\RRbackups\C\1\Data59 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data60 50003968 bytes
File C:\RRbackups\C\1\Data61 50003968 bytes
File C:\RRbackups\C\1\Data62 50003968 bytes
File C:\RRbackups\C\1\Data63 50003968 bytes
File C:\RRbackups\C\1\Data64 50003968 bytes
File C:\RRbackups\C\1\Data66 50003968 bytes
File C:\RRbackups\C\1\Data67 50003968 bytes
File C:\RRbackups\C\1\Data68 50003968 bytes
File C:\RRbackups\C\1\Data69 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data70 50003968 bytes
File C:\RRbackups\C\1\Data71 50003968 bytes
File C:\RRbackups\C\1\Data72 50003968 bytes
File C:\RRbackups\C\1\Data73 50003968 bytes
File C:\RRbackups\C\1\Data74 50003968 bytes
File C:\RRbackups\C\1\Data75 50003968 bytes
File C:\RRbackups\C\1\Data76 50003968 bytes
File C:\RRbackups\C\1\Data77 50003968 bytes
File C:\RRbackups\C\1\Data78 50003968 bytes
File C:\RRbackups\C\1\Data79 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data80 50003968 bytes
File C:\RRbackups\C\1\Data81 50003968 bytes
File C:\RRbackups\C\1\Data82 50003968 bytes
File C:\RRbackups\C\1\Data83 50003968 bytes
File C:\RRbackups\C\1\Data117 50003968 bytes
File C:\RRbackups\C\1\Data118 50003968 bytes
File C:\RRbackups\C\1\Data119 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data120 50003968 bytes
File C:\RRbackups\C\1\Data121 50003968 bytes
File C:\RRbackups\C\1\Data122 50003968 bytes
File C:\RRbackups\C\1\Data123 50003968 bytes
File C:\RRbackups\C\1\Data124 50003968 bytes
File C:\RRbackups\C\1\Data125 50003968 bytes
File C:\RRbackups\C\1\Data126 50003968 bytes
File C:\RRbackups\C\1\Data127 50003968 bytes
File C:\RRbackups\C\1\Data128 50003968 bytes
File C:\RRbackups\C\1\Data129 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data130 50003968 bytes
File C:\RRbackups\C\1\Data131 50003968 bytes
File C:\RRbackups\C\1\Data132 50003968 bytes
File C:\RRbackups\C\1\Data133 50003968 bytes
File C:\RRbackups\C\1\Data134 50003968 bytes
File C:\RRbackups\C\1\Data136 50003968 bytes
File C:\RRbackups\C\1\Data137 50003968 bytes
File C:\RRbackups\C\1\Data138 50003968 bytes
File C:\RRbackups\C\1\Data139 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data140 50003968 bytes
File C:\RRbackups\C\1\Data141 50003968 bytes
File C:\RRbackups\C\1\Data142 50003968 bytes
File C:\RRbackups\C\1\Data143 50003968 bytes
File C:\RRbackups\C\1\Data144 50003968 bytes
File C:\RRbackups\C\1\Data145 50003968 bytes
File C:\RRbackups\C\1\Data146 50003968 bytes
File C:\RRbackups\C\1\Data147 50003968 bytes
File C:\RRbackups\C\1\Data148 50003968 bytes
File C:\RRbackups\C\1\Data149 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytesFile C:\RRbackups\C\1\Data150 50003968 bytes
File C:\RRbackups\C\1\Data151 50003968 bytes
File C:\RRbackups\C\1\Data152 50003968 bytes
File C:\RRbackups\C\1\Data153 50003968 bytes
File C:\RRbackups\C\1\Data155 50003968 bytes
File C:\RRbackups\C\1\Data156 50003968 bytes
File C:\RRbackups\C\1\Data157 50003968 bytes
File C:\RRbackups\C\1\Data158 50003968 bytes
File C:\RRbackups\C\1\Data159 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data160 50003968 bytes
File C:\RRbackups\C\1\Data161 50003968 bytes
File C:\RRbackups\C\1\Data162 50003968 bytes
File C:\RRbackups\C\1\Data163 50003968 bytes
File C:\RRbackups\C\1\Data164 50003968 bytes
File C:\RRbackups\C\1\Data165 50003968 bytes
File C:\RRbackups\C\1\Data166 50003968 bytes
File C:\RRbackups\C\1\Data167 50003968 bytes
File C:\RRbackups\C\1\Data168 50003968 bytes
File C:\RRbackups\C\1\Data169 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data170 50003968 bytes
File C:\RRbackups\C\1\Data171 50003968 bytes
File C:\RRbackups\C\1\Data172 50003968 bytes
File C:\RRbackups\C\1\Data116 50003968 bytes
File C:\RRbackups\C\1\Data135 50003968 bytes
File C:\RRbackups\C\1\Data154 50003968 bytes
File C:\RRbackups\C\1\Data173 50003968 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data46 50003968 bytes
File C:\RRbackups\C\1\Data65 50003968 bytes
File C:\RRbackups\C\1\Data84 50003968 bytes
File C:\RRbackups\C\1\Data174 50003968 bytes
File C:\RRbackups\C\1\Data175 50003968 bytes
File C:\RRbackups\C\1\Data176 50003968 bytes
File C:\RRbackups\C\1\Data177 50003968 bytes
File C:\RRbackups\C\1\Data178 50003968 bytes
File C:\RRbackups\C\1\Data179 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data180 50003968 bytes
File C:\RRbackups\C\1\Data181 50003968 bytes
File C:\RRbackups\C\1\Data182 50003968 bytes
File C:\RRbackups\C\1\Data183 50003968 bytes
File C:\RRbackups\C\1\Data184 50003968 bytes
File C:\RRbackups\C\1\Data185 50003968 bytes
File C:\RRbackups\C\1\Data186 50003968 bytes
File C:\RRbackups\C\1\Data187 50003968 bytes
File C:\RRbackups\C\1\Data188 50003968 bytes
File C:\RRbackups\C\1\Data189 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data190 50003968 bytes
File C:\RRbackups\C\1\Data191 50003968 bytes
File C:\RRbackups\C\1\Data192 50003968 bytes
File C:\RRbackups\C\1\Data193 50003968 bytes
File C:\RRbackups\C\1\Data194 50003968 bytes
File C:\RRbackups\C\1\Data195 50003968 bytes
File C:\RRbackups\C\1\Data196 50003968 bytes
File C:\RRbackups\C\1\Data197 50003968 bytes
File C:\RRbackups\C\1\Data198 50003968 bytes
File C:\RRbackups\C\1\Data199 45016157 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes

File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data85 50003968 bytes
File C:\RRbackups\C\1\Data86 50003968 bytes
File C:\RRbackups\C\1\Data87 50003968 bytes
File C:\RRbackups\C\1\Data88 50003968 bytes
File C:\RRbackups\C\1\Data89 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\Data90 50003968 bytes
File C:\RRbackups\C\1\Data91 50003968 bytes
File C:\RRbackups\C\1\Data92 50003968 bytes
File C:\RRbackups\C\1\Data93 50003968 bytes
File C:\RRbackups\C\1\Data94 50003968 bytes
File C:\RRbackups\C\1\Data95 50003968 bytes
File C:\RRbackups\C\1\Data96 50003968 bytes
File C:\RRbackups\C\1\Data97 50003968 bytes
File C:\RRbackups\C\1\Data98 50003968 bytes
File C:\RRbackups\C\1\Data99 50003968 bytes
 
more gmer:

File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 578640 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 58828400 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data12 50003968 bytes
File C:\RRbackups\C\2\Data13 50003968 bytes
File C:\RRbackups\C\2\Data14 50003968 bytes
File C:\RRbackups\C\2\Data15 50003968 bytes
File C:\RRbackups\C\2\Data16 50003968 bytes
File C:\RRbackups\C\2\Data17 50003968 bytes
File C:\RRbackups\C\2\Data18 50003968 bytes
File C:\RRbackups\C\2\Data19 50003968 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data20 50003968 bytes
File C:\RRbackups\C\2\Data21 50003968 bytes
File C:\RRbackups\C\2\Data22 50003968 bytes
File C:\RRbackups\C\2\Data23 50003968 bytes
File C:\RRbackups\C\2\Data24 50003968 bytes
File C:\RRbackups\C\2\Data25 50003968 bytes
File C:\RRbackups\C\2\Data26 46805208 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 590766 bytes
File C:\RRbackups\C\2\Info 756 bytes
File C:\RRbackups\C\2\TOCFile 60061210 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\C\3\Data0 50003968 bytes
File C:\RRbackups\C\3\Data1 50003968 bytes
File C:\RRbackups\C\3\Data10 50003968 bytes
File C:\RRbackups\C\3\Data11 50003968 bytes
File C:\RRbackups\C\3\Data12 50003968 bytes
File C:\RRbackups\C\3\Data13 50003968 bytes
File C:\RRbackups\C\3\Data14 50003968 bytes
File C:\RRbackups\C\3\Data15 50003968 bytes
File C:\RRbackups\C\3\Data16 50003968 bytes
File C:\RRbackups\C\3\Data17 50003968 bytes
File C:\RRbackups\C\3\Data18 50003968 bytes
File C:\RRbackups\C\3\Data19 50003968 bytes
File C:\RRbackups\C\3\Data2 50003968 bytes
File C:\RRbackups\C\3\Data20 50003968 bytes
File C:\RRbackups\C\3\Data21 50003968 bytes
File C:\RRbackups\C\3\Data22 50003968 bytes
File C:\RRbackups\C\3\Data23 50003968 bytes
File C:\RRbackups\C\3\Data24 50003968 bytes
File C:\RRbackups\C\3\Data25 49788869 bytes
File C:\RRbackups\C\3\Data3 50003968 bytes
File C:\RRbackups\C\3\Data4 50003968 bytes
File C:\RRbackups\C\3\Data5 50003968 bytes
File C:\RRbackups\C\3\Data6 50003968 bytes
File C:\RRbackups\C\3\Data7 50003968 bytes
File C:\RRbackups\C\3\Data8 50003968 bytes
File C:\RRbackups\C\3\Data9 50003968 bytes
File C:\RRbackups\C\3\dats 0 bytes
File C:\RRbackups\C\3\EFSFile 0 bytes
File C:\RRbackups\C\3\HashFile 620046 bytes
File C:\RRbackups\C\3\Info 756 bytes
File C:\RRbackups\C\3\TOCFile 63038010 bytes
File C:\RRbackups\C\4 0 bytes
File C:\RRbackups\C\4\Data0 50003968 bytes
File C:\RRbackups\C\4\Data1 50003968 bytes
File C:\RRbackups\C\4\Data10 50003968 bytes
File C:\RRbackups\C\4\Data11 50003968 bytes
File C:\RRbackups\C\4\Data12 50003968 bytes
File C:\RRbackups\C\4\Data13 50003968 bytes
File C:\RRbackups\C\4\Data14 50003968 bytes
File C:\RRbackups\C\4\Data15 50003968 bytes
File C:\RRbackups\C\4\Data16 50003968 bytes
File C:\RRbackups\C\4\Data17 50003968 bytes
File C:\RRbackups\C\4\Data18 50003968 bytes
File C:\RRbackups\C\4\Data19 50003968 bytes
File C:\RRbackups\C\4\Data2 50003968 bytes
File C:\RRbackups\C\4\Data20 50003968 bytes
File C:\RRbackups\C\4\Data21 50003968 bytes
File C:\RRbackups\C\4\Data22 50003968 bytes
File C:\RRbackups\C\4\Data23 36767203 bytes
File C:\RRbackups\C\4\Data3 50003968 bytes
File C:\RRbackups\C\4\Data4 50003968 bytes
File C:\RRbackups\C\4\Data5 50003968 bytes
File C:\RRbackups\C\4\Data6 50003968 bytes
File C:\RRbackups\C\4\Data7 50003968 bytes
File C:\RRbackups\C\4\Data8 50003968 bytes
File C:\RRbackups\C\4\Data9 50003968 bytes
File C:\RRbackups\C\4\dats 0 bytes
File C:\RRbackups\C\4\EFSFile 0 bytes
File C:\RRbackups\C\4\HashFile 619740 bytes
File C:\RRbackups\C\4\Info 756 bytes
File C:\RRbackups\C\4\TOCFile 63006900 bytes
File C:\RRbackups\C\5 0 bytes
File C:\RRbackups\C\5\Data0 50003968 bytes
File C:\RRbackups\C\5\Data1 50003968 bytes
File C:\RRbackups\C\5\Data2 50003968 bytes
File C:\RRbackups\C\5\Data3 50003968 bytes
File C:\RRbackups\C\5\Data4 50003968 bytes
File C:\RRbackups\C\5\Data5 47307799 bytes
File C:\RRbackups\C\5\dats 0 bytes
File C:\RRbackups\C\5\EFSFile 0 bytes
File C:\RRbackups\C\5\HashFile 609240 bytes
File C:\RRbackups\C\5\Info 756 bytes
File C:\RRbackups\C\5\TOCFile 61939400 bytes
File C:\RRbackups\C\MERGE 0 bytes
File C:\RRbackups\C\MERGE\Data27 50003968 bytes
File C:\RRbackups\C\MERGE\Data46 50003968 bytes
File C:\RRbackups\C\MERGE\Data65 50003968 bytes
File C:\RRbackups\C\MERGE\Data0 50003968 bytes
File C:\RRbackups\C\MERGE\Data1 50003968 bytes
File C:\RRbackups\C\MERGE\Data10 50003968 bytes
 
more gmer:

File C:\RRbackups\C\MERGE\Data100 50003968 bytes
File C:\RRbackups\C\MERGE\Data101 50003968 bytes
File C:\RRbackups\C\MERGE\Data102 50003968 bytes
File C:\RRbackups\C\MERGE\Data103 50003968 bytes
File C:\RRbackups\C\MERGE\Data104 50003968 bytes
File C:\RRbackups\C\MERGE\Data105 50003968 bytes
File C:\RRbackups\C\MERGE\Data106 50003968 bytes
File C:\RRbackups\C\MERGE\Data107 50003968 bytes
File C:\RRbackups\C\MERGE\Data108 50003968 bytes
File C:\RRbackups\C\MERGE\Data109 50003968 bytes
File C:\RRbackups\C\MERGE\Data11 50003968 bytes
File C:\RRbackups\C\MERGE\Data110 50003968 bytes
File C:\RRbackups\C\MERGE\Data111 50003968 bytes
File C:\RRbackups\C\MERGE\Data112 50003968 bytes
File C:\RRbackups\C\MERGE\Data113 50003968 bytes
File C:\RRbackups\C\MERGE\Data114 50003968 bytes
File C:\RRbackups\C\MERGE\Data115 50003968 bytes
File C:\RRbackups\C\MERGE\Data116 50003968 bytes
File C:\RRbackups\C\MERGE\Data117 50003968 bytes
File C:\RRbackups\C\MERGE\Data118 50003968 bytes
File C:\RRbackups\C\MERGE\Data119 50003968 bytes
File C:\RRbackups\C\MERGE\Data12 50003968 bytes
File C:\RRbackups\C\MERGE\Data120 50003968 bytes
File C:\RRbackups\C\MERGE\Data13 50003968 bytes
File C:\RRbackups\C\MERGE\Data14 50003968 bytes
File C:\RRbackups\C\MERGE\Data15 50003968 bytes
File C:\RRbackups\C\MERGE\Data16 50003968 bytes
File C:\RRbackups\C\MERGE\Data17 50003968 bytes
File C:\RRbackups\C\MERGE\Data18 50003968 bytes
File C:\RRbackups\C\MERGE\Data19 50003968 bytes
File C:\RRbackups\C\MERGE\Data2 50003968 bytes
File C:\RRbackups\C\MERGE\Data20 50003968 bytes
File C:\RRbackups\C\MERGE\Data21 50003968 bytes
File C:\RRbackups\C\MERGE\Data22 50003968 bytes
File C:\RRbackups\C\MERGE\Data23 50003968 bytes
File C:\RRbackups\C\MERGE\Data24 50003968 bytes
File C:\RRbackups\C\MERGE\Data25 50003968 bytes
File C:\RRbackups\C\MERGE\Data26 50003968 bytes
File C:\RRbackups\C\MERGE\Data28 50003968 bytes
File C:\RRbackups\C\MERGE\Data29 50003968 bytes
File C:\RRbackups\C\MERGE\Data3 50003968 bytes
File C:\RRbackups\C\MERGE\Data30 50003968 bytes
File C:\RRbackups\C\MERGE\Data31 50003968 bytes
File C:\RRbackups\C\MERGE\Data32 50003968 bytes
File C:\RRbackups\C\MERGE\Data33 50003968 bytes
File C:\RRbackups\C\MERGE\Data34 50003968 bytes
File C:\RRbackups\C\MERGE\Data35 50003968 bytes
File C:\RRbackups\C\MERGE\Data36 50003968 bytes
File C:\RRbackups\C\MERGE\Data37 50003968 bytes
File C:\RRbackups\C\MERGE\Data38 50003968 bytes
File C:\RRbackups\C\MERGE\Data39 50003968 bytes
File C:\RRbackups\C\MERGE\Data4 50003968 bytes
File C:\RRbackups\C\MERGE\Data40 50003968 bytes
File C:\RRbackups\C\MERGE\Data41 50003968 bytes
File C:\RRbackups\C\MERGE\Data42 50003968 bytes
File C:\RRbackups\C\MERGE\Data43 50003968 bytes
File C:\RRbackups\C\MERGE\Data44 50003968 bytes
File C:\RRbackups\C\MERGE\Data45 50003968 bytes
File C:\RRbackups\C\MERGE\Data47 50003968 bytes
File C:\RRbackups\C\MERGE\Data48 50003968 bytes
File C:\RRbackups\C\MERGE\Data49 50003968 bytes
File C:\RRbackups\C\MERGE\Data5 50003968 bytes
File C:\RRbackups\C\MERGE\Data50 50003968 bytes
File C:\RRbackups\C\MERGE\Data51 50003968 bytes
File C:\RRbackups\C\MERGE\Data52 50003968 bytes
File C:\RRbackups\C\MERGE\Data53 50003968 bytes
File C:\RRbackups\C\MERGE\Data54 50003968 bytes
File C:\RRbackups\C\MERGE\Data55 50003968 bytes
File C:\RRbackups\C\MERGE\Data56 50003968 bytes
File C:\RRbackups\C\MERGE\Data57 50003968 bytes
File C:\RRbackups\C\MERGE\Data58 50003968 bytes
File C:\RRbackups\C\MERGE\Data59 50003968 bytes
File C:\RRbackups\C\MERGE\Data6 50003968 bytes
File C:\RRbackups\C\MERGE\Data60 50003968 bytes
File C:\RRbackups\C\MERGE\Data61 50003968 bytes
File C:\RRbackups\C\MERGE\Data62 50003968 bytes
File C:\RRbackups\C\MERGE\Data63 50003968 bytes
File C:\RRbackups\C\MERGE\Data64 50003968 bytes
File C:\RRbackups\C\MERGE\Data66 50003968 bytes
File C:\RRbackups\C\MERGE\Data67 50003968 bytes
File C:\RRbackups\C\MERGE\Data68 50003968 bytes
File C:\RRbackups\C\MERGE\Data69 50003968 bytes
 
more gmer:

File C:\RRbackups\C\MERGE\Data7 50003968 bytes
File C:\RRbackups\C\MERGE\Data70 50003968 bytes
File C:\RRbackups\C\MERGE\Data71 50003968 bytes
File C:\RRbackups\C\MERGE\Data72 50003968 bytes
File C:\RRbackups\C\MERGE\Data73 50003968 bytes
File C:\RRbackups\C\MERGE\Data74 50003968 bytes
File C:\RRbackups\C\MERGE\Data75 50003968 bytes
File C:\RRbackups\C\MERGE\Data76 50003968 bytes
File C:\RRbackups\C\MERGE\Data77 50003968 bytes
File C:\RRbackups\C\MERGE\Data78 50003968 bytes
File C:\RRbackups\C\MERGE\Data79 50003968 bytes
File C:\RRbackups\C\MERGE\Data8 50003968 bytes
File C:\RRbackups\C\MERGE\Data80 50003968 bytes
File C:\RRbackups\C\MERGE\Data81 50003968 bytes
File C:\RRbackups\C\MERGE\Data82 50003968 bytes
File C:\RRbackups\C\MERGE\Data83 50003968 bytes
File C:\RRbackups\C\MERGE\Data84 50003968 bytes
File C:\RRbackups\C\MERGE\Data85 50003968 bytes
File C:\RRbackups\C\MERGE\Data86 50003968 bytes
File C:\RRbackups\C\MERGE\Data87 50003968 bytes
File C:\RRbackups\C\MERGE\Data88 50003968 bytes
File C:\RRbackups\C\MERGE\Data89 50003968 bytes
File C:\RRbackups\C\MERGE\Data9 50003968 bytes
File C:\RRbackups\C\MERGE\Data90 50003968 bytes
File C:\RRbackups\C\MERGE\Data91 50003968 bytes
File C:\RRbackups\C\MERGE\Data92 50003968 bytes
File C:\RRbackups\C\MERGE\Data93 50003968 bytes
File C:\RRbackups\C\MERGE\Data94 50003968 bytes
File C:\RRbackups\C\MERGE\Data95 50003968 bytes
File C:\RRbackups\C\MERGE\Data96 50003968 bytes
File C:\RRbackups\C\MERGE\Data97 50003968 bytes
File C:\RRbackups\C\MERGE\Data98 50003968 bytes
File C:\RRbackups\C\MERGE\Data99 50003968 bytes
File C:\RRbackups\C\MERGE\EFSFile 0 bytes
File C:\RRbackups\C\MERGE\HashFile 590766 bytes
File C:\RRbackups\C\MERGE\Info 0 bytes
File C:\RRbackups\C\MERGE\TOCFile 60061210 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\bt2.dat 32256 bytes
File C:\RRbackups\common\bt3.dat 32256 bytes
File C:\RRbackups\common\bt4.dat 32256 bytes
File C:\RRbackups\common\bt5.dat 32256 bytes
File C:\RRbackups\common\css.dat 12288 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 2027500 bytes
File C:\RRbackups\common\SAM 28672 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 57344 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 0 bytes
File C:\RRbackups\common\usersids.dat 16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes

File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
 
more gmer:

File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\8218d643-d2a9-490b-b55d-bbf9c84e3ead 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\1f8c7a2f-8f74-4066-b727-376430af39df 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\c245fc58-b62b-4883-9eab-500fb1dae96d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3503f5a2c98d23bc2c6c45c894e260e9_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 1307 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 893 bytes
File C:\RRbackups\Documents and Settings\Claudia 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Lenovo\Client Security Solution\encobject.dat 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\8218d643-d2a9-490b-b55d-bbf9c84e3ead 388 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\1f8c7a2f-8f74-4066-b727-376430af39df 388 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\c245fc58-b62b-4883-9eab-500fb1dae96d 388 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Claudia\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\8218d643-d2a9-490b-b55d-bbf9c84e3ead 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\1f8c7a2f-8f74-4066-b727-376430af39df 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\c245fc58-b62b-4883-9eab-500fb1dae96d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
 
more gmer:

File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\129330de-b604-41aa-846e-eb44247a0b3c 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\2b485b92-6fb4-4321-a268-4fda03641640 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\4a18e8d2-1bcb-431d-9be9-fba5c013a0be 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\b67285bd-d79f-4a4d-b8a1-c7f9cfd09032 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\de8b305e-07fd-4ad2-9de0-1d4826fc9985 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\fc55437d-bf9a-4f0c-9244-d35583ca96ce 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Randy 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\pwmaction.dat 120 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\Randy.pwm 2862 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\Randy.pwm.bak 1966 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\1f711ae8b67c64110c5a80e5650e2489_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 46 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\4bd07e1ba952c6aa9bf83a8d98c08949_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 54 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\533145ef011ddf5ca3983e2545a902b4_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 2075 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\66a04cd651316d1aae0d1688a1076e96_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 47 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\6b29ae44e85efac3c72ff4d1865d73f1_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 53 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\83aa4cc77f591dfc2374580bbd95f6ba_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 45 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\8f71098770f72c7a67cd8f1151619865_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 54 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\dbe5a52f49f0c5500c270a9769f89b92_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 45 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1195841968-921038128-693736591-1008\eded8bdcf834043eeb8e54de84b041c2_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 53 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\CREDHIST 296 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\975a79f4-10a4-4cf3-95f8-7e29ad3bf5b1 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\25c1bafb-d1d9-4317-ad01-0d7e1c163e44 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\26c7cfb8-b6fc-41e2-a9d3-63c45e4e93e2 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\31923b0e-61cc-4e67-9809-aff26861768c 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\3db26caa-669d-4cb8-acc4-f109235c133f 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\60318a0d-06fd-4918-8525-acac1a337be2 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\7911993a-a548-4ebd-9e30-4320f33ca10f 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\7dd3f32d-87eb-42f8-afeb-09c16613f0ec 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\a8d7e855-1003-461d-8584-33a524af2709 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\b545c19f-20b7-4ec1-b41f-a6d5556b4061 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\b7680f5b-d65b-4ce4-9dc9-a00429c601c0 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\ba5e8252-6ef3-464b-ae6f-b736c6a9457d 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\c0563aa7-5c6e-46c1-8de0-71012cf5a111 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\c7170152-cb8d-42b1-a50d-2ed663f8ca68 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\d4316646-7995-47ae-9ebb-85adc8f9dcc4 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\d7a99488-bb2b-4c03-bcc6-e086f3afb00c 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\d9db70d8-3b7a-46ea-95e2-3cca47c89b45 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\e12fdeb3-e9d1-46ab-a64f-a84254317ad7 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\e69c4061-b585-4925-b299-a8aaf3df3174 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\ee983360-d068-4c6f-b0b1-db2613600844 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1195841968-921038128-693736591-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\8218d643-d2a9-490b-b55d-bbf9c84e3ead 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\1f8c7a2f-8f74-4066-b727-376430af39df 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\c245fc58-b62b-4883-9eab-500fb1dae96d 388 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Randy\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2052151345-2250342621-3819923535-1595 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2052151345-2250342621-3819923535-1595\1f711ae8b67c64110c5a80e5650e2489_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 46 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2052151345-2250342621-3819923535-1595\533145ef011ddf5ca3983e2545a902b4_a34041e2-1da3-4c03-9d1d-2bdb89d07ae3 2075 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\8218d643-d2a9-490b-b55d-bbf9c84e3ead 388 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-1858378282-4023308648-3923668170-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-2052151345-2250342621-3819923535-1595 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-2052151345-2250342621-3819923535-1595\07c6f6ac-a330-41c2-b2c2-807e62597a5e 664 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-2052151345-2250342621-3819923535-1595\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\1f8c7a2f-8f74-4066-b727-376430af39df 388 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-2247407839-4140385560-253806225-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\c245fc58-b62b-4883-9eab-500fb1dae96d 388 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\Protect\S-1-5-21-4180639121-3455437780-3159826400-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Randy.HEDRICK\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes
File C:\RRbackups\SIS\C\0\Data0 27241 bytes
File C:\RRbackups\SIS\C\0\Data1 15358 bytes
File C:\RRbackups\SIS\C\0\HashFile 12 bytes
File C:\RRbackups\SIS\C\0\TOCFile 1220 bytes
File C:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\64WYDWYV\pingCAIS0OZN.gif 43 bytes

---- EOF - GMER 1.0.15 ----
 
now DSS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Randy at 15:08:21 on 2012-08-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.982.153 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WISPTIS.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://search.coupons.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB07898 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\coupons.com couponbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
TB: Coupons.com CouponBar: {8660e5b3-6c41-44de-8503-98d99bbecd41} - c:\program files\coupons.com couponbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [BYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\pmremind.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: iact1.com\www
Trusted Zone: myvoffice.com\www.doterra
DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///D:/components/hidinputmonitorx.ocx
DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file:///D:/components/A9.ocx
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} - file:///D:/components/wmvhdrating.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.5
TCP: Interfaces\{248AC7B6-28DB-46D0-A97D-A272A9BB2159} : DhcpNameServer = 192.168.1.5
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 78.159.110.50www.google.de
Hosts: 78.159.110.50www.google.fr
Hosts: 78.159.110.50www.google.com.br
Hosts: 78.159.110.50www.google.it
Hosts: 78.159.110.50www.google.es
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 MpKsl8269a678;MpKsl8269a678;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00059ac7-1425-48e9-8ad6-ffb9a6f50661}\MpKsl8269a678.sys [2012-8-15 29904]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-15 655944]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-3-11 34916]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-15 22344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-28 136176]
.
=============== Created Last 30 ================
.
2012-08-15 20:05:2829904------w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00059ac7-1425-48e9-8ad6-ffb9a6f50661}\MpKsl8269a678.sys
2012-08-15 19:15:30--------d-----w-c:\documents and settings\randy\application data\Malwarebytes
2012-08-15 19:15:06--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2012-08-15 19:15:0222344------w-c:\windows\system32\drivers\mbam.sys
2012-08-15 19:15:02--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-15 15:07:146891424------w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00059ac7-1425-48e9-8ad6-ffb9a6f50661}\mpengine.dll
2012-08-13 23:20:246891424------w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-20 20:37:44--------d-----w-c:\documents and settings\all users\application data\ClubSanDisk
.
==================== Find3M ====================
.
2012-08-14 23:44:26426184------w-c:\windows\system32\FlashPlayerApp.exe
2012-08-14 23:44:2570344------w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:591866112------w-c:\windows\system32\win32k.sys
2012-06-05 15:50:251372672------w-c:\windows\system32\msxml6.dll
2012-06-05 15:50:251172480------w-c:\windows\system32\msxml3.dll
2012-06-04 04:32:08152576------w-c:\windows\system32\schannel.dll
2012-06-02 22:19:4422040------w-c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38219160------w-c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:3815384------w-c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:3415384------w-c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:3017944------w-c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58275696------w-c:\windows\system32\mucltui.dll
2012-06-02 22:18:58214256------w-c:\windows\system32\muweb.dll
2012-06-02 22:18:5817136------w-c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09599040------w-c:\windows\system32\crypt32.dll
.
============= FINISH: 15:09:41.68 ===============
 
and Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2007 7:18:29 AM
System Uptime: 8/15/2012 7:53:44 AM (8 hours ago)
.
Motherboard: LENOVO | | 6465CTO
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | None | 778/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 25.727 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3A06B116C20
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3A06B116C20
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
==== System Restore Points ===================
.
RP337: 5/18/2012 10:58:34 AM - System Checkpoint
RP338: 5/20/2012 8:22:28 AM - Software Distribution Service 3.0
RP339: 5/21/2012 9:15:31 AM - System Checkpoint
RP340: 5/21/2012 12:05:24 PM - Software Distribution Service 3.0
RP341: 5/22/2012 1:25:10 PM - Software Distribution Service 3.0
RP342: 5/24/2012 7:37:12 AM - Software Distribution Service 3.0
RP343: 5/25/2012 4:14:05 PM - System Checkpoint
RP344: 5/28/2012 5:17:49 PM - Software Distribution Service 3.0
RP345: 6/6/2012 5:54:37 AM - Software Distribution Service 3.0
RP346: 6/6/2012 10:37:37 AM - Software Distribution Service 3.0
RP347: 6/7/2012 7:43:04 AM - Software Distribution Service 3.0
RP348: 6/8/2012 7:47:38 AM - Software Distribution Service 3.0
RP349: 6/16/2012 12:51:23 PM - System Checkpoint
RP350: 6/17/2012 2:27:12 PM - System Checkpoint
RP351: 6/18/2012 2:55:38 PM - System Checkpoint
RP352: 6/21/2012 3:09:54 PM - System Checkpoint
RP353: 6/22/2012 5:42:05 PM - System Checkpoint
RP354: 6/24/2012 1:10:20 PM - Software Distribution Service 3.0
RP355: 6/24/2012 1:43:03 PM - Software Distribution Service 3.0
RP356: 6/24/2012 10:41:14 PM - Software Distribution Service 3.0
RP357: 6/25/2012 7:19:25 AM - Software Distribution Service 3.0
RP358: 6/26/2012 7:39:40 AM - System Checkpoint
RP359: 6/26/2012 6:50:23 PM - Software Distribution Service 3.0
RP360: 6/27/2012 7:23:27 PM - System Checkpoint
RP361: 6/27/2012 8:45:10 PM - Software Distribution Service 3.0
RP362: 6/28/2012 8:46:00 PM - System Checkpoint
RP363: 6/29/2012 12:31:45 PM - Software Distribution Service 3.0
RP364: 7/1/2012 3:16:14 PM - Software Distribution Service 3.0
RP365: 7/4/2012 9:38:03 PM - Software Distribution Service 3.0
RP366: 7/6/2012 8:02:49 AM - System Checkpoint
RP367: 7/7/2012 3:29:55 PM - Software Distribution Service 3.0
RP368: 7/8/2012 4:02:11 PM - System Checkpoint
RP369: 7/9/2012 7:32:30 AM - Software Distribution Service 3.0
RP370: 7/12/2012 11:47:13 AM - Software Distribution Service 3.0
RP371: 7/12/2012 2:53:09 PM - Software Distribution Service 3.0
RP372: 7/13/2012 1:04:59 PM - Software Distribution Service 3.0
RP373: 7/16/2012 1:30:35 PM - System Checkpoint
RP374: 7/17/2012 1:58:06 PM - System Checkpoint
RP375: 7/18/2012 12:32:20 PM - Software Distribution Service 3.0
RP376: 7/20/2012 8:52:08 AM - Software Distribution Service 3.0
RP377: 7/22/2012 8:29:11 AM - Software Distribution Service 3.0
RP378: 7/23/2012 9:14:03 AM - Software Distribution Service 3.0
RP379: 7/24/2012 9:34:26 AM - System Checkpoint
RP380: 7/27/2012 11:26:14 AM - Software Distribution Service 3.0
RP381: 7/28/2012 1:57:38 PM - Software Distribution Service 3.0
RP382: 7/30/2012 7:52:38 AM - Software Distribution Service 3.0
RP383: 7/31/2012 8:38:42 AM - Software Distribution Service 3.0
RP384: 8/1/2012 9:14:10 AM - System Checkpoint
RP385: 8/1/2012 7:12:32 PM - Software Distribution Service 3.0
RP386: 8/1/2012 11:44:04 PM - Software Distribution Service 3.0
RP387: 8/5/2012 10:25:20 AM - Software Distribution Service 3.0
RP388: 8/8/2012 11:50:09 AM - Software Distribution Service 3.0
RP389: 8/9/2012 1:20:23 AM - Software Distribution Service 3.0
RP390: 8/9/2012 4:10:17 PM - Software Distribution Service 3.0
RP391: 8/11/2012 7:11:50 AM - Software Distribution Service 3.0
RP392: 8/12/2012 2:17:36 PM - Software Distribution Service 3.0
RP393: 8/13/2012 4:20:16 PM - Software Distribution Service 3.0
RP394: 8/14/2012 4:59:38 PM - System Checkpoint
RP395: 8/15/2012 8:07:06 AM - Software Distribution Service 3.0
.
==== Hosts File Hijack ======================
.
Hosts: 78.159.110.50www.google.de
Hosts: 78.159.110.50www.google.fr
Hosts: 78.159.110.50www.google.com.br
Hosts: 78.159.110.50www.google.it
Hosts: 78.159.110.50www.google.es
Hosts: 78.159.110.50www.google.co.jp
Hosts: 78.159.110.50www.google.com.mx
Hosts: 78.159.110.50www.google.ca
Hosts: 78.159.110.50www.google.com.au
Hosts: 78.159.110.50www.google.nl
Hosts: 78.159.110.50www.google.co.za
Hosts: 78.159.110.50www.google.be
Hosts: 78.159.110.50www.google.gr
Hosts: 78.159.110.50www.google.at
Hosts: 78.159.110.50www.google.se
Hosts: 78.159.110.50www.google.ch
Hosts: 78.159.110.50www.google.pt
Hosts: 78.159.110.50www.google.dk
Hosts: 78.159.110.50www.google.fi
Hosts: 78.159.110.50www.google.ie
Hosts: 78.159.110.50www.google.no
Hosts: 78.159.110.50search.yahoo.com
Hosts: 78.159.110.50us.search.yahoo.com
Hosts: 78.159.110.50uk.search.yahoo.com
Hosts: 78.159.110.50www.bing.com
.
==== Installed Programs ======================
.
.
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Amazon Kindle
AnswerWorks 5.0 English Runtime
CCleaner
Coupon Printer for Windows
CouponBar
Critical Update for Windows Media Player 11 (KB959772)
DAO 3.5
GearDrvs
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 825c series
hp deskjet 825c series (Remove only)
HP Image Zone 4.7
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 3
Lenovo ThinkVantage Toolbox
LG Verizon United Drivers
Malwarebytes Anti-Malware version 1.62.0.1300
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
OGA Notifier 2.0.0048.0
On Screen Display
Picasa 2
Presentation Director
PrintMaster 12
Productivity Center Supplement for ThinkPad
QFolder
Quicken 2010
Quicken Basic 2000
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
RemoveIT Pro v4 - SE
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
SAPI Wrapper
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TTS Wrapper
Turbo Lister 2
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wallpapers
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Themes
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Randy [Admin rights]
Mode: Scan -- Date: 08/15/2012 16:03:08

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] VZWNotiAgent.exe -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
78.159.110.50www.google.de
78.159.110.50www.google.fr
78.159.110.50www.google.com.br
78.159.110.50www.google.it
78.159.110.50www.google.es
78.159.110.50www.google.co.jp
78.159.110.50www.google.com.mx
78.159.110.50www.google.ca
78.159.110.50www.google.com.au
78.159.110.50www.google.nl
78.159.110.50www.google.co.za
78.159.110.50www.google.be
78.159.110.50www.google.gr
78.159.110.50www.google.at
78.159.110.50www.google.se
78.159.110.50www.google.ch
78.159.110.50www.google.pt
78.159.110.50www.google.dk
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS541680J9SA00 +++++
--- User ---
[MBR] cb27011bb16c7ca7ea76bb1f5299bbe8
[BSP] 234e20c20829df28cc2d53b2848949d8 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70616 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 144622800 | Size: 5699 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Patriot Memory USB Device +++++
--- User ---
[MBR] 4a6ed4a4f57c70c1880101608d150a3c
[BSP] 67900c162a89c3b27f6778edb464070b : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt




here is the rk report.

when I ran the ansMBR, it ran for a couple of hours, then when I clicked "save log", the amsMBR froze, then rebooted, and no log.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 17:52:32
-----------------------------
17:52:32.953 OS Version: Windows 5.1.2600 Service Pack 3
17:52:32.953 Number of processors: 2 586 0xF0D
17:52:32.953 ComputerName: RANDY UserName: Randy
17:52:51.203 Initialize success
17:53:23.187 AVAST engine defs: 12081503
17:53:32.781 The log file has been saved successfully to "E:\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 17:52:32
-----------------------------
17:52:32.953 OS Version: Windows 5.1.2600 Service Pack 3
17:52:32.953 Number of processors: 2 586 0xF0D
17:52:32.953 ComputerName: RANDY UserName: Randy
17:52:51.203 Initialize success
17:53:23.187 AVAST engine defs: 12081503
17:53:32.781 The log file has been saved successfully to "E:\aswMBR.txt"
17:54:19.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:54:19.046 Disk 0 Vendor: HITACHI_ SB2I Size: 76319MB BusType: 3
17:54:19.078 Disk 0 MBR read successfully
17:54:19.078 Disk 0 MBR scan
17:54:19.140 Disk 0 unknown MBR code
17:54:19.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70616 MB offset 63
17:54:19.187 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5699 MB offset 144622800
17:54:19.500 Disk 0 scanning sectors +156295440
17:54:19.578 Disk 0 scanning C:\WINDOWS\system32\drivers
17:54:56.500 Service scanning
17:55:20.406 Service MpKsla5241e63 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\MpKsla5241e63.sys **LOCKED** 32
17:55:48.984 Modules scanning
17:55:57.718 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:55:59.078 Disk 0 trace - called modules:
17:55:59.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
17:55:59.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8693dab8]
17:55:59.109 3 CLASSPNP.SYS[f76adfd7] -> nt!IofCallDriver -> \Device\0000008e[0x8685ea18]
17:55:59.109 5 ACPI.sys[f7544620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8693e030]
17:55:59.671 AVAST engine scan C:\WINDOWS
17:56:12.671 AVAST engine scan C:\WINDOWS\system32
18:03:24.031 AVAST engine scan C:\WINDOWS\system32\drivers
18:04:07.296 AVAST engine scan C:\Documents and Settings\Randy
18:15:03.562 AVAST engine scan C:\Documents and Settings\All Users
18:20:40.781 Scan finished successfully
19:09:09.625 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
19:09:09.625 The log file has been saved successfully to "E:\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Combofix log, in pieces:

ComboFix 12-08-15.02 - Randy 08/15/2012 20:59:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.982.338 [GMT -7:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Randy\Application Data\Toolbar4
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0753dc69e4d9bd29ba5a4f0b2ed6449b
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\24234224fe547fa5f61335a325f858b5
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5dcc33988f89c01e09411de1fadabde2
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8f1108fa39f3bc8170ca65bce26afa10
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9222ff6c3153356869fc34c2bec05e71
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b3df571fa6f6ff811aec53f4f8e39093
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe6e9435289d779f70dff3e65824a72a
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
c:\documents and settings\Randy\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
c:\documents and settings\Randy\System
c:\documents and settings\Randy\System\win_qs8.jqx
c:\documents and settings\Randy\WINDOWS
c:\program files\Internet Explorer\SET15.tmp
c:\program files\Internet Explorer\SET16.tmp
c:\program files\Internet Explorer\SET17.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesW.ini
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\windows\EventSystem.log
 
More:

c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 04:21 . 2012-08-16 04:21 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\MpKsl43322cab.sys
2012-08-15 19:15 . 2012-08-15 19:15 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2012-08-15 19:15 . 2012-08-15 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-15 19:15 . 2012-08-15 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-15 19:15 . 2012-07-03 20:46 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-08-15 15:07 . 2012-06-29 08:44 6891424 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\mpengine.dll
2012-08-13 23:20 . 2012-06-29 08:44 6891424 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 20:37 . 2012-07-20 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ClubSanDisk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:44 . 2012-05-06 00:01 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 23:44 . 2011-08-14 01:15 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2006-04-30 06:55 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 23:43 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-04-30 06:55 1172480 ------w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-04-30 06:55 152576 ------w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-07-31 03:18 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-07-31 03:19 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-04-30 07:11 329240 ------w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-04-30 07:11 210968 ------w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2006-04-30 07:11 219160 ------w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2007-07-31 03:19 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-07-31 03:19 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 53784 ------w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2006-04-30 07:11 35864 ------w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-04-30 06:55 97304 ------w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-07-31 03:18 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 577048 ------w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-04-30 07:11 1933848 ------w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2008-01-02 03:48 275696 ------w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2008-01-02 03:48 214256 ------w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2008-01-02 03:48 17136 ------w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-04-30 06:55 599040 ------w- c:\windows\system32\crypt32.dll
.
 
more:


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 200704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-06 196608]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\pmremind.exe [2008-1-8 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-09-05 16:18 208896 ------w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10 120368 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9/28/2007 5:28 PM 19504]
R1 MpKsl43322cab;MpKsl43322cab;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\MpKsl43322cab.sys [8/15/2012 9:21 PM 29904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2012 12:15 PM 655944]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [3/11/2008 9:13 PM 34916]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 2:11 PM 569344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/15/2012 12:15 PM 22344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 4:59 PM 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2012 10:27 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 5:02 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2012 10:27 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL43322CAB
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ------w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 23:44]
.
2012-08-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-29 05:27]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-29 05:27]
.
2012-08-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-07-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2012-08-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-yie8
mStart Page = hxxp://search.coupons.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: iact1.com\www
Trusted Zone: myvoffice.com\www.doterra
TCP: DhcpNameServer = 192.168.1.5
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ACNotify - ACNotify.dll
AddRemove-Quicken Basic 2000 - c:\quickenw\Uninst.isu
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1195841968-921038128-693736591-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\program files\PC-Doctor\ATLPcdToolbar580224.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe
c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2012-08-15 21:31:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 04:31
.
Pre-Run: 27,415,846,912 bytes free
Post-Run: 27,832,594,432 bytes free
.
- - End Of File - - 0E7C7304C9C7C4AF1DA160329188E0A3
 
rkill:

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/15/2012 09:44:33 PM in x86 mode.
Windows Version: Windows XP
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@"was reset to comfile!

Performing miscellaneous checks.
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/15/2012 09:45:40 PM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)
 
Combofix log looks good.
We have one issue though:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...
At this moment Combofix has a problem with installing Recovery Console because MS links are broken so we have to do it manually.

Download following file: http://download.cnet.com/Windows-XP...Floppy-Boot-Install/3000-2383_4-10727796.html to your Desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

RC1-4.gif



  • Drag downloaded file onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    whatnext.png



  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt.
 
ComboFix 12-08-15.02 - Randy 08/16/2012 8:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.982.387 [GMT -7:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randy\Desktop\WinXP_EN_PRO_BF.EXE
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 15:24 . 2012-08-16 15:24 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\offreg.dll
2012-08-16 10:38 . 2012-08-16 10:38 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\MpKsl36329d1b.sys
2012-08-15 19:15 . 2012-08-15 19:15 -------- d-----w- c:\documents and settings\Randy\Application Data\Malwarebytes
2012-08-15 19:15 . 2012-08-15 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-15 19:15 . 2012-08-15 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-15 19:15 . 2012-07-03 20:46 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-08-15 15:07 . 2012-06-29 08:44 6891424 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\mpengine.dll
2012-08-13 23:20 . 2012-06-29 08:44 6891424 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 20:37 . 2012-07-20 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ClubSanDisk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:44 . 2012-05-06 00:01 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 23:44 . 2011-08-14 01:15 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2006-04-30 06:55 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2007-05-15 23:43 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-04-30 06:55 1172480 ------w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-04-30 06:55 152576 ------w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-07-31 03:18 22040 ------w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-07-31 03:19 15384 ------w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-04-30 07:11 329240 ------w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-04-30 07:11 210968 ------w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2006-04-30 07:11 219160 ------w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2007-07-31 03:19 45080 ------w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-07-31 03:19 15384 ------w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 53784 ------w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2006-04-30 07:11 35864 ------w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-04-30 06:55 97304 ------w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-07-31 03:18 17944 ------w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 577048 ------w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-04-30 07:11 1933848 ------w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2008-01-02 03:48 275696 ------w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2008-01-02 03:48 214256 ------w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2008-01-02 03:48 17136 ------w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-04-30 06:55 599040 ------w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-16_04.25.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 10:38 . 2012-08-16 10:38 16384 c:\windows\Temp\Perflib_Perfdata_38c.dat
+ 2006-04-30 06:55 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
- 2006-04-30 06:55 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2006-11-08 05:03 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-04-30 06:55 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
- 2006-04-30 06:55 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2009-06-21 17:37 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-21 17:37 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2006-11-08 05:03 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:55 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-10-10 23:55 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 20:05 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 20:05 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-11-08 05:03 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-07-06 13:58 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll
- 2011-11-17 23:01 . 2012-07-13 20:09 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-16 10:02 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2006-04-30 06:56 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
- 2006-04-30 06:56 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2006-04-30 06:55 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2006-04-30 06:55 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2006-04-30 06:55 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
- 2006-04-30 06:55 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2006-04-30 06:55 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2006-11-08 05:03 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
- 2006-04-30 06:55 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2006-04-30 06:55 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
- 2006-04-30 06:55 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2006-04-30 06:55 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
- 2006-04-30 06:55 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2006-04-30 06:55 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
+ 2006-04-30 06:55 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
- 2006-04-30 06:55 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
- 2006-04-30 00:03 . 2012-07-13 20:29 328296 c:\windows\system32\FNTCACHE.DAT
+ 2006-04-30 00:03 . 2012-08-16 10:37 328296 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-08 05:03 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
- 2006-11-08 05:03 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2006-10-17 20:05 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 20:05 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-11 02:58 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2006-10-17 20:04 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 20:04 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-10-25 01:16 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-11-08 05:03 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-10-10 23:55 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:55 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
+ 2012-06-24 20:11 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2012-06-24 20:11 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2009-06-21 17:37 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-21 17:37 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-08 05:03 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-15 21:34 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-15 21:34 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-11-07 11:27 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 11:27 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 11:26 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 11:26 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-07-18 22:46 . 2012-07-18 22:46 593408 c:\windows\Installer\139cdc5.msp
- 2011-11-17 23:01 . 2012-07-13 20:09 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-23 17:54 . 2011-06-23 17:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-16 10:02 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-16 10:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-16 10:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-16 10:02 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-16 10:02 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2006-04-30 06:56 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
- 2006-04-30 06:56 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2006-04-30 06:55 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
- 2006-10-17 19:57 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2006-10-17 19:57 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
+ 2008-10-15 02:11 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
- 2008-10-15 02:11 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
- 2006-11-08 05:03 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-11-08 05:03 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 23:55 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2007-10-10 23:55 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-06-27 01:03 . 2012-06-27 01:03 3875840 c:\windows\Installer\146d551.msp
+ 2012-07-18 22:53 . 2012-07-18 22:53 5009920 c:\windows\Installer\139cd9f.msp
+ 2011-11-17 23:01 . 2012-08-16 10:17 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-11-17 23:01 . 2012-08-16 10:17 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2011-11-17 23:01 . 2012-07-13 20:09 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-16 10:02 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-16 10:02 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2007-12-31 04:15 . 2012-08-16 10:07 59884088 c:\windows\system32\MRT.exe
+ 2006-11-08 05:03 . 2012-07-03 06:19 11111424 c:\windows\system32\ieframe.dll
- 2006-11-08 05:03 . 2012-05-12 03:12 11111424 c:\windows\system32\ieframe.dll
+ 2007-10-10 23:55 . 2012-07-03 06:19 11111424 c:\windows\system32\dllcache\ieframe.dll
- 2007-10-10 23:55 . 2012-05-12 03:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-07-25 23:59 . 2012-07-25 23:59 11032064 c:\windows\Installer\139cdd8.msp
+ 2012-07-18 22:53 . 2012-07-18 22:53 10937344 c:\windows\Installer\139cdb2.msp
+ 2011-08-04 03:53 . 2011-08-04 03:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-08-16 10:02 . 2012-05-12 03:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-02-06 2664864]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 200704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-06 196608]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\pmremind.exe [2008-1-8 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ------w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-09-05 16:18 208896 ------w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10 120368 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9/28/2007 5:28 PM 19504]
R1 MpKsl36329d1b;MpKsl36329d1b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00059AC7-1425-48E9-8AD6-FFB9A6F50661}\MpKsl36329d1b.sys [8/16/2012 3:38 AM 29904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2012 12:15 PM 655944]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [3/11/2008 9:13 PM 34916]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 2:11 PM 569344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/15/2012 12:15 PM 22344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 4:59 PM 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2012 10:27 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 5:02 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2012 10:27 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL36329D1B
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ------w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 23:44]
.
2012-08-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-29 05:27]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-29 05:27]
.
2012-07-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2012-08-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-yie8
mStart Page = hxxp://search.coupons.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: iact1.com\www
Trusted Zone: myvoffice.com\www.doterra
TCP: DhcpNameServer = 192.168.1.5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 08:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1195841968-921038128-693736591-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1352)
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2012-08-16 08:46:32
ComboFix-quarantined-files.txt 2012-08-16 15:46
ComboFix2.txt 2012-08-16 04:32
.
Pre-Run: 27,528,601,600 bytes free
Post-Run: 27,504,832,512 bytes free
.
WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 07319D9D7126A93026724731F551FD2E
 
Very good :)

Any current issues?

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
12K
Broni
Broni

Latest posts

Back