1,105,214 Community Members

XP Antivirus Infection & now wireless doesn't work

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi,
Yesterday my computer became infected with the malware "XP Antivirus 2012". Among the usual malware activities, it also disabled my internet access. I cleaned it up to the best of my knowledge, and it seems that my computer is now clean, but I can't access my internet anymore!

Whenever I try to connect it tells me that either my wirelss radio is off, or my wifi is disabled in the bios. Not sure about the second option, but my radio button is definitely on, my wifi drivers are installed, and when i checked the wirelss device it is turned on from there as well. Not sure what is going on.

I have all my logs pasted below:

GMR One log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-03 14:10:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.08.0
Running: viz5mopi.exe; Driver: C:\DOCUME~1\OFF_BR~1\LOCALS~1\Temp\pwrdyfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMR Two log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-03 19:03:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.08.0
Running: viz5mopi.exe; Driver: C:\DOCUME~1\OFF_BR~1\LOCALS~1\Temp\pwrdyfob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 50003968 bytes
File C:\RRbackups\C\0\Data115 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data117 50003968 bytes
File C:\RRbackups\C\0\Data118 50003968 bytes
File C:\RRbackups\C\0\Data119 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data120 50003968 bytes
File C:\RRbackups\C\0\Data121 50003968 bytes
File C:\RRbackups\C\0\Data122 50003968 bytes
File C:\RRbackups\C\0\Data123 50003968 bytes
File C:\RRbackups\C\0\Data124 50003968 bytes
File C:\RRbackups\C\0\Data125 50003968 bytes
File C:\RRbackups\C\0\Data126 50003968 bytes
File C:\RRbackups\C\0\Data127 50003968 bytes
File C:\RRbackups\C\0\Data128 50003968 bytes
File C:\RRbackups\C\0\Data129 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data130 50003968 bytes
File C:\RRbackups\C\0\Data131 50003968 bytes
File C:\RRbackups\C\0\Data132 50003968 bytes
File C:\RRbackups\C\0\Data133 50003968 bytes
File C:\RRbackups\C\0\Data134 50003968 bytes
File C:\RRbackups\C\0\Data136 50003968 bytes
File C:\RRbackups\C\0\Data137 50003968 bytes
File C:\RRbackups\C\0\Data138 50003968 bytes
File C:\RRbackups\C\0\Data139 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data140 50003968 bytes
File C:\RRbackups\C\0\Data141 50003968 bytes
File C:\RRbackups\C\0\Data142 50003968 bytes
File C:\RRbackups\C\0\Data143 50003968 bytes
File C:\RRbackups\C\0\Data144 50003968 bytes
File C:\RRbackups\C\0\Data145 50003968 bytes
File C:\RRbackups\C\0\Data146 50003968 bytes
File C:\RRbackups\C\0\Data147 50003968 bytes
File C:\RRbackups\C\0\Data148 50003968 bytes
File C:\RRbackups\C\0\Data149 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data150 50003968 bytes
File C:\RRbackups\C\0\Data151 50003968 bytes
File C:\RRbackups\C\0\Data152 50003968 bytes
File C:\RRbackups\C\0\Data153 50003968 bytes
File C:\RRbackups\C\0\Data155 50003968 bytes
File C:\RRbackups\C\0\Data156 50003968 bytes
File C:\RRbackups\C\0\Data157 50003968 bytes
File C:\RRbackups\C\0\Data158 50003968 bytes
File C:\RRbackups\C\0\Data159 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data160 50003968 bytes
File C:\RRbackups\C\0\Data161 50003968 bytes
File C:\RRbackups\C\0\Data162 50003968 bytes
File C:\RRbackups\C\0\Data163 50003968 bytes
File C:\RRbackups\C\0\Data164 50003968 bytes
File C:\RRbackups\C\0\Data165 50003968 bytes
File C:\RRbackups\C\0\Data166 50003968 bytes
File C:\RRbackups\C\0\Data167 50003968 bytes
File C:\RRbackups\C\0\Data168 50003968 bytes
File C:\RRbackups\C\0\Data169 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data170 50003968 bytes
File C:\RRbackups\C\0\Data171 50003968 bytes
File C:\RRbackups\C\0\Data172 50003968 bytes
File C:\RRbackups\C\0\Data173 50003968 bytes
File C:\RRbackups\C\0\Data174 50003968 bytes
File C:\RRbackups\C\0\Data175 50003968 bytes
File C:\RRbackups\C\0\Data176 50003968 bytes
File C:\RRbackups\C\0\Data177 50003968 bytes
File C:\RRbackups\C\0\Data178 50003968 bytes
File C:\RRbackups\C\0\Data179 29552880 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data116 50003968 bytes
File C:\RRbackups\C\0\Data135 50003968 bytes
File C:\RRbackups\C\0\Data154 50003968 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\dats\cspContainer.dat 332 bytes
File C:\RRbackups\C\0\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\0\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\0\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 443814 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 45121090 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data100 50003968 bytes
File C:\RRbackups\C\1\Data101 50003968 bytes
File C:\RRbackups\C\1\Data102 50003968 bytes
File C:\RRbackups\C\1\Data103 50003968 bytes
File C:\RRbackups\C\1\Data104 50003968 bytes
File C:\RRbackups\C\1\Data105 50003968 bytes
File C:\RRbackups\C\1\Data106 50003968 bytes
File C:\RRbackups\C\1\Data107 50003968 bytes
File C:\RRbackups\C\1\Data108 50003968 bytes
File C:\RRbackups\C\1\Data109 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data110 50003968 bytes
File C:\RRbackups\C\1\Data111 50003968 bytes
File C:\RRbackups\C\1\Data112 50003968 bytes
File C:\RRbackups\C\1\Data113 50003968 bytes
File C:\RRbackups\C\1\Data114 50003968 bytes
File C:\RRbackups\C\1\Data115 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 50003968 bytes
File C:\RRbackups\C\1\Data42 50003968 bytes
File C:\RRbackups\C\1\Data43 50003968 bytes
File C:\RRbackups\C\1\Data44 50003968 bytes
File C:\RRbackups\C\1\Data45 50003968 bytes
File C:\RRbackups\C\1\Data47 50003968 bytes
File C:\RRbackups\C\1\Data48 50003968 bytes
File C:\RRbackups\C\1\Data49 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data50 50003968 bytes
File C:\RRbackups\C\1\Data51 50003968 bytes
File C:\RRbackups\C\1\Data52 50003968 bytes
File C:\RRbackups\C\1\Data53 50003968 bytes
File C:\RRbackups\C\1\Data54 50003968 bytes
File C:\RRbackups\C\1\Data55 50003968 bytes
File C:\RRbackups\C\1\Data56 50003968 bytes
File C:\RRbackups\C\1\Data57 50003968 bytes
File C:\RRbackups\C\1\Data58 50003968 bytes
File C:\RRbackups\C\1\Data59 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data60 50003968 bytes
File C:\RRbackups\C\1\Data61 50003968 bytes
File C:\RRbackups\C\1\Data62 50003968 bytes
File C:\RRbackups\C\1\Data63 50003968 bytes
File C:\RRbackups\C\1\Data64 50003968 bytes
File C:\RRbackups\C\1\Data66 50003968 bytes
File C:\RRbackups\C\1\Data67 50003968 bytes
File C:\RRbackups\C\1\Data68 50003968 bytes
File C:\RRbackups\C\1\Data69 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data70 50003968 bytes
File C:\RRbackups\C\1\Data71 50003968 bytes
File C:\RRbackups\C\1\Data72 50003968 bytes
File C:\RRbackups\C\1\Data73 50003968 bytes
File C:\RRbackups\C\1\Data74 50003968 bytes
File C:\RRbackups\C\1\Data75 50003968 bytes
File C:\RRbackups\C\1\Data76 50003968 bytes
File C:\RRbackups\C\1\Data77 50003968 bytes
File C:\RRbackups\C\1\Data78 50003968 bytes
File C:\RRbackups\C\1\Data79 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data80 50003968 bytes
File C:\RRbackups\C\1\Data81 50003968 bytes
File C:\RRbackups\C\1\Data82 50003968 bytes
File C:\RRbackups\C\1\Data83 50003968 bytes
File C:\RRbackups\C\1\Data117 50003968 bytes
File C:\RRbackups\C\1\Data118 50003968 bytes
File C:\RRbackups\C\1\Data119 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data120 50003968 bytes
File C:\RRbackups\C\1\Data121 50003968 bytes
File C:\RRbackups\C\1\Data122 50003968 bytes
File C:\RRbackups\C\1\Data123 50003968 bytes
File C:\RRbackups\C\1\Data124 50003968 bytes
File C:\RRbackups\C\1\Data125 50003968 bytes
File C:\RRbackups\C\1\Data126 50003968 bytes
File C:\RRbackups\C\1\Data127 50003968 bytes
File C:\RRbackups\C\1\Data128 50003968 bytes
File C:\RRbackups\C\1\Data129 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data130 50003968 bytes
File C:\RRbackups\C\1\Data131 50003968 bytes
File C:\RRbackups\C\1\Data132 50003968 bytes
File C:\RRbackups\C\1\Data133 50003968 bytes
File C:\RRbackups\C\1\Data134 50003968 bytes
File C:\RRbackups\C\1\Data136 50003968 bytes
File C:\RRbackups\C\1\Data137 50003968 bytes
File C:\RRbackups\C\1\Data138 50003968 bytes
File C:\RRbackups\C\1\Data139 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data140 50003968 bytes
File C:\RRbackups\C\1\Data141 50003968 bytes
File C:\RRbackups\C\1\Data142 50003968 bytes
File C:\RRbackups\C\1\Data143 50003968 bytes
File C:\RRbackups\C\1\Data144 50003968 bytes
File C:\RRbackups\C\1\Data145 50003968 bytes
File C:\RRbackups\C\1\Data146 50003968 bytes
File C:\RRbackups\C\1\Data147 50003968 bytes
File C:\RRbackups\C\1\Data148 50003968 bytes
File C:\RRbackups\C\1\Data149 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data150 50003968 bytes
File C:\RRbackups\C\1\Data151 50003968 bytes
File C:\RRbackups\C\1\Data152 50003968 bytes
File C:\RRbackups\C\1\Data153 50003968 bytes
File C:\RRbackups\C\1\Data155 50003968 bytes
File C:\RRbackups\C\1\Data156 50003968 bytes
File C:\RRbackups\C\1\Data157 50003968 bytes
File C:\RRbackups\C\1\Data158 50003968 bytes
File C:\RRbackups\C\1\Data159 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data160 50003968 bytes
File C:\RRbackups\C\1\Data161 50003968 bytes
File C:\RRbackups\C\1\Data162 50003968 bytes
File C:\RRbackups\C\1\Data163 50003968 bytes
File C:\RRbackups\C\1\Data164 50003968 bytes
File C:\RRbackups\C\1\Data165 50003968 bytes
File C:\RRbackups\C\1\Data166 50003968 bytes
File C:\RRbackups\C\1\Data167 50003968 bytes
File C:\RRbackups\C\1\Data168 50003968 bytes
File C:\RRbackups\C\1\Data169 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data170 50003968 bytes
File C:\RRbackups\C\1\Data171 50003968 bytes
File C:\RRbackups\C\1\Data172 50003968 bytes
File C:\RRbackups\C\1\Data116 50003968 bytes
File C:\RRbackups\C\1\Data135 50003968 bytes
File C:\RRbackups\C\1\Data154 50003968 bytes
File C:\RRbackups\C\1\Data173 50003968 bytes
File C:\RRbackups\C\1\Data192 50003968 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data46 50003968 bytes
File C:\RRbackups\C\1\Data65 50003968 bytes
File C:\RRbackups\C\1\Data84 50003968 bytes
File C:\RRbackups\C\1\Data174 50003968 bytes
File C:\RRbackups\C\1\Data175 50003968 bytes
File C:\RRbackups\C\1\Data176 50003968 bytes
File C:\RRbackups\C\1\Data177 50003968 bytes
File C:\RRbackups\C\1\Data178 50003968 bytes
File C:\RRbackups\C\1\Data179 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data180 50003968 bytes
File C:\RRbackups\C\1\Data181 50003968 bytes
File C:\RRbackups\C\1\Data182 50003968 bytes
File C:\RRbackups\C\1\Data183 50003968 bytes
File C:\RRbackups\C\1\Data184 50003968 bytes
File C:\RRbackups\C\1\Data185 50003968 bytes
File C:\RRbackups\C\1\Data186 50003968 bytes
File C:\RRbackups\C\1\Data187 50003968 bytes
File C:\RRbackups\C\1\Data188 50003968 bytes
File C:\RRbackups\C\1\Data189 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data190 50003968 bytes
File C:\RRbackups\C\1\Data191 50003968 bytes
File C:\RRbackups\C\1\Data193 50003968 bytes
File C:\RRbackups\C\1\Data194 50003968 bytes
File C:\RRbackups\C\1\Data195 50003968 bytes
File C:\RRbackups\C\1\Data196 50003968 bytes
File C:\RRbackups\C\1\Data197 50003968 bytes
File C:\RRbackups\C\1\Data198 50003968 bytes
File C:\RRbackups\C\1\Data199 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data200 50003968 bytes
File C:\RRbackups\C\1\Data201 50003968 bytes
File C:\RRbackups\C\1\Data202 50003968 bytes
File C:\RRbackups\C\1\Data203 50003968 bytes
File C:\RRbackups\C\1\Data204 50003968 bytes
File C:\RRbackups\C\1\Data205 50003968 bytes
File C:\RRbackups\C\1\Data206 50003968 bytes
File C:\RRbackups\C\1\Data207 50003968 bytes
File C:\RRbackups\C\1\Data208 41931318 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data85 50003968 bytes
File C:\RRbackups\C\1\Data86 50003968 bytes
File C:\RRbackups\C\1\Data87 50003968 bytes
File C:\RRbackups\C\1\Data88 50003968 bytes
File C:\RRbackups\C\1\Data89 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\Data90 50003968 bytes
File C:\RRbackups\C\1\Data91 50003968 bytes
File C:\RRbackups\C\1\Data92 50003968 bytes
File C:\RRbackups\C\1\Data93 50003968 bytes
File C:\RRbackups\C\1\Data94 50003968 bytes
File C:\RRbackups\C\1\Data95 50003968 bytes
File C:\RRbackups\C\1\Data96 50003968 bytes
File C:\RRbackups\C\1\Data97 50003968 bytes
File C:\RRbackups\C\1\Data98 50003968 bytes
File C:\RRbackups\C\1\Data99 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\dats\cspContainer.dat 332 bytes
File C:\RRbackups\C\1\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\1\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\1\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 479730 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 48772550 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data12 50003968 bytes
File C:\RRbackups\C\2\Data13 50003968 bytes
File C:\RRbackups\C\2\Data14 50003968 bytes
File C:\RRbackups\C\2\Data15 49195881 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\dats\cspContainer.dat 332 bytes
File C:\RRbackups\C\2\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\2\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\2\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 483498 bytes
File C:\RRbackups\C\2\Info 756 bytes
File C:\RRbackups\C\2\TOCFile 49155630 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\C\3\Data27 50003968 bytes
File C:\RRbackups\C\3\Data0 50003968 bytes
File C:\RRbackups\C\3\Data1 50003968 bytes
File C:\RRbackups\C\3\Data10 50003968 bytes
File C:\RRbackups\C\3\Data11 50003968 bytes
File C:\RRbackups\C\3\Data12 50003968 bytes
File C:\RRbackups\C\3\Data13 50003968 bytes
File C:\RRbackups\C\3\Data14 50003968 bytes
File C:\RRbackups\C\3\Data15 50003968 bytes
File C:\RRbackups\C\3\Data16 50003968 bytes
File C:\RRbackups\C\3\Data17 50003968 bytes
File C:\RRbackups\C\3\Data18 50003968 bytes
File C:\RRbackups\C\3\Data19 50003968 bytes
File C:\RRbackups\C\3\Data2 50003968 bytes
File C:\RRbackups\C\3\Data20 50003968 bytes
File C:\RRbackups\C\3\Data21 50003968 bytes
File C:\RRbackups\C\3\Data22 50003968 bytes
File C:\RRbackups\C\3\Data23 50003968 bytes
File C:\RRbackups\C\3\Data24 50003968 bytes
File C:\RRbackups\C\3\Data25 50003968 bytes
File C:\RRbackups\C\3\Data26 50003968 bytes
File C:\RRbackups\C\3\Data28 50003968 bytes
File C:\RRbackups\C\3\Data29 50003968 bytes
File C:\RRbackups\C\3\Data3 50003968 bytes
File C:\RRbackups\C\3\Data30 50003968 bytes
File C:\RRbackups\C\3\Data31 50003968 bytes
File C:\RRbackups\C\3\Data32 50003968 bytes
File C:\RRbackups\C\3\Data33 50003968 bytes
File C:\RRbackups\C\3\Data34 50003968 bytes
File C:\RRbackups\C\3\Data35 50003968 bytes
File C:\RRbackups\C\3\Data36 50003968 bytes
File C:\RRbackups\C\3\Data37 50003968 bytes
File C:\RRbackups\C\3\Data38 50003968 bytes
File C:\RRbackups\C\3\Data39 50003968 bytes
File C:\RRbackups\C\3\Data4 50003968 bytes
File C:\RRbackups\C\3\Data40 50003968 bytes
File C:\RRbackups\C\3\Data41 50003968 bytes
File C:\RRbackups\C\3\Data42 50003968 bytes
File C:\RRbackups\C\3\Data43 50003968 bytes
File C:\RRbackups\C\3\Data44 50003968 bytes
File C:\RRbackups\C\3\Data45 50003968 bytes
File C:\RRbackups\C\3\Data46 50003968 bytes
File C:\RRbackups\C\3\Data47 50003968 bytes
File C:\RRbackups\C\3\Data48 50003968 bytes
File C:\RRbackups\C\3\Data49 50003968 bytes
File C:\RRbackups\C\3\Data5 50003968 bytes
File C:\RRbackups\C\3\Data50 50003968 bytes
File C:\RRbackups\C\3\Data51 50003968 bytes
File C:\RRbackups\C\3\Data52 50003968 bytes
File C:\RRbackups\C\3\Data53 50003968 bytes
File C:\RRbackups\C\3\Data54 50003968 bytes
File C:\RRbackups\C\3\Data55 35503638 bytes
File C:\RRbackups\C\3\Data6 50003968 bytes
File C:\RRbackups\C\3\Data7 50003968 bytes
File C:\RRbackups\C\3\Data8 50003968 bytes
File C:\RRbackups\C\3\Data9 50003968 bytes
File C:\RRbackups\C\3\dats 0 bytes
File C:\RRbackups\C\3\dats\cspContainer.dat 332 bytes
File C:\RRbackups\C\3\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\3\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\3\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\3\EFSFile 0 bytes
File C:\RRbackups\C\3\HashFile 517254 bytes
File C:\RRbackups\C\3\Info 756 bytes
File C:\RRbackups\C\3\TOCFile 52587490 bytes
File C:\RRbackups\C\4 0 bytes
File C:\RRbackups\C\4\Data27 50003968 bytes
File C:\RRbackups\C\4\Data0 50003968 bytes
File C:\RRbackups\C\4\Data1 50003968 bytes
File C:\RRbackups\C\4\Data10 50003968 bytes
File C:\RRbackups\C\4\Data11 50003968 bytes
File C:\RRbackups\C\4\Data12 50003968 bytes
File C:\RRbackups\C\4\Data13 50003968 bytes
File C:\RRbackups\C\4\Data14 50003968 bytes
File C:\RRbackups\C\4\Data15 50003968 bytes
File C:\RRbackups\C\4\Data16 50003968 bytes
File C:\RRbackups\C\4\Data17 50003968 bytes
File C:\RRbackups\C\4\Data18 50003968 bytes
File C:\RRbackups\C\4\Data19 50003968 bytes
File C:\RRbackups\C\4\Data2 50003968 bytes
File C:\RRbackups\C\4\Data20 50003968 bytes
File C:\RRbackups\C\4\Data21 50003968 bytes
File C:\RRbackups\C\4\Data22 50003968 bytes
File C:\RRbackups\C\4\Data23 50003968 bytes
File C:\RRbackups\C\4\Data24 50003968 bytes
File C:\RRbackups\C\4\Data25 50003968 bytes
File C:\RRbackups\C\4\Data26 50003968 bytes
File C:\RRbackups\C\4\Data28 50003968 bytes
File C:\RRbackups\C\4\Data29 50003968 bytes
File C:\RRbackups\C\4\Data3 50003968 bytes
File C:\RRbackups\C\4\Data30 50003968 bytes
File C:\RRbackups\C\4\Data31 50003968 bytes
File C:\RRbackups\C\4\Data32 50003968 bytes
File C:\RRbackups\C\4\Data33 50003968 bytes
File C:\RRbackups\C\4\Data34 50003968 bytes
File C:\RRbackups\C\4\Data35 50003968 bytes
File C:\RRbackups\C\4\Data36 50003968 bytes
File C:\RRbackups\C\4\Data37 50003968 bytes
File C:\RRbackups\C\4\Data38 50003968 bytes
File C:\RRbackups\C\4\Data39 24301682 bytes
File C:\RRbackups\C\4\Data4 50003968 bytes
File C:\RRbackups\C\4\Data5 50003968 bytes
File C:\RRbackups\C\4\Data6 50003968 bytes
File C:\RRbackups\C\4\Data7 50003968 bytes
File C:\RRbackups\C\4\Data8 50003968 bytes
File C:\RRbackups\C\4\Data9 50003968 bytes
File C:\RRbackups\C\4\dats 0 bytes
File C:\RRbackups\C\4\dats\cspContainer.dat 332 bytes
File C:\RRbackups\C\4\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\4\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\4\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\4\EFSFile 0 bytes
File C:\RRbackups\C\4\HashFile 523998 bytes
File C:\RRbackups\C\4\Info 756 bytes
File C:\RRbackups\C\4\TOCFile 53273130 bytes
File C:\RRbackups\C\5 0 bytes
File C:\RRbackups\C\5\Data27 50003968 bytes
File C:\RRbackups\C\5\Data46 50003968 bytes
File C:\RRbackups\C\5\Data0 50003968 bytes
File C:\RRbackups\C\5\Data1 50003968 bytes
File C:\RRbackups\C\5\Data10 50003968 bytes
File C:\RRbackups\C\5\Data11 50003968 bytes
File C:\RRbackups\C\5\Data12 50003968 bytes
File C:\RRbackups\C\5\Data13 50003968 bytes
File C:\RRbackups\C\5\Data14 50003968 bytes
File C:\RRbackups\C\5\Data15 50003968 bytes
File C:\RRbackups\C\5\Data16 50003968 bytes
File C:\RRbackups\C\5\Data17 50003968 bytes
File C:\RRbackups\C\5\Data18 50003968 bytes
File C:\RRbackups\C\5\Data19 50003968 bytes
File C:\RRbackups\C\5\Data2 50003968 bytes
File C:\RRbackups\C\5\Data20 50003968 bytes
File C:\RRbackups\C\5\Data21 50003968 bytes
File C:\RRbackups\C\5\Data22 50003968 bytes
File C:\RRbackups\C\5\Data23 50003968 bytes
File C:\RRbackups\C\5\Data24 50003968 bytes
File C:\RRbackups\C\5\Data25 50003968 bytes
File C:\RRbackups\C\5\Data26 50003968 bytes
File C:\RRbackups\C\5\Data28 50003968 bytes
File C:\RRbackups\C\5\Data29 50003968 bytes
File C:\RRbackups\C\5\Data3 50003968 bytes
File C:\RRbackups\C\5\Data30 50003968 bytes
File C:\RRbackups\C\5\Data31 50003968 bytes
File C:\RRbackups\C\5\Data32 50003968 bytes
File C:\RRbackups\C\5\Data33 50003968 bytes
File C:\RRbackups\C\5\Data34 50003968 bytes
File C:\RRbackups\C\5\Data35 50003968 bytes
File C:\RRbackups\C\5\Data36 50003968 bytes
File C:\RRbackups\C\5\Data37 50003968 bytes
File C:\RRbackups\C\5\Data38 50003968 bytes
File C:\RRbackups\C\5\Data39 50003968 bytes
File C:\RRbackups\C\5\Data4 50003968 bytes
File C:\RRbackups\C\5\Data40 50003968 bytes
File C:\RRbackups\C\5\Data41 50003968 bytes
File C:\RRbackups\C\5\Data42 50003968 bytes
File C:\RRbackups\C\5\Data43 50003968 bytes
File C:\RRbackups\C\5\Data44 50003968 bytes
File C:\RRbackups\C\5\Data45 50003968 bytes
File C:\RRbackups\C\5\Data47 50003968 bytes
File C:\RRbackups\C\5\Data48 50003968 bytes
File C:\RRbackups\C\5\Data49 50003968 bytes
File C:\RRbackups\C\5\Data5 50003968 bytes
File C:\RRbackups\C\5\Data50 50003968 bytes
File C:\RRbackups\C\5\Data51 50003968 bytes
File C:\RRbackups\C\5\Data52 50003968 bytes
File C:\RRbackups\C\5\Data53 50003968 bytes
File C:\RRbackups\C\5\Data54 50003968 bytes
File C:\RRbackups\C\5\Data55 50003968 bytes
File C:\RRbackups\C\5\Data56 50003968 bytes
File C:\RRbackups\C\5\Data57 50003968 bytes
File C:\RRbackups\C\5\Data58 50003968 bytes
File C:\RRbackups\C\5\Data59 50003968 bytes
File C:\RRbackups\C\5\Data6 50003968 bytes
File C:\RRbackups\C\5\Data60 50003968 bytes
File C:\RRbackups\C\5\Data61 50003968 bytes
File C:\RRbackups\C\5\Data62 50003968 bytes
File C:\RRbackups\C\5\Data63 50003968 bytes
File C:\RRbackups\C\5\Data64 50003968 bytes
File C:\RRbackups\C\5\Data65 50003968 bytes
File C:\RRbackups\C\5\Data66 50003968 bytes
File C:\RRbackups\C\5\Data67 50003968 bytes
File C:\RRbackups\C\5\Data68 50003968 bytes
File C:\RRbackups\C\5\Data69 50003968 bytes
File C:\RRbackups\C\5\Data7 50003968 bytes
File C:\RRbackups\C\5\Data70 50003968 bytes
File C:\RRbackups\C\5\Data71 50003968 bytes
File C:\RRbackups\C\5\Data72 3272220 bytes
File C:\RRbackups\C\5\Data8 50003968 bytes
File C:\RRbackups\C\5\Data9 50003968 bytes
File C:\RRbackups\C\5\dats 0 bytes
File C:\RRbackups\C\5\dats\cspContainer.dat 332 bytes
File C:\RRbackups\C\5\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\5\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\5\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\5\EFSFile 0 bytes
File C:\RRbackups\C\5\HashFile 471930 bytes
File C:\RRbackups\C\5\Info 756 bytes
File C:\RRbackups\C\5\TOCFile 47979550 bytes
File C:\RRbackups\C\MERGE 0 bytes
File C:\RRbackups\C\MERGE\Data116 50003968 bytes
File C:\RRbackups\C\MERGE\Data135 50003968 bytes
File C:\RRbackups\C\MERGE\Data27 50003968 bytes
File C:\RRbackups\C\MERGE\Data46 50003968 bytes
File C:\RRbackups\C\MERGE\Data65 50003968 bytes
File C:\RRbackups\C\MERGE\Data0 50003968 bytes
File C:\RRbackups\C\MERGE\Data1 50003968 bytes
File C:\RRbackups\C\MERGE\Data10 50003968 bytes
File C:\RRbackups\C\MERGE\Data100 50003968 bytes
File C:\RRbackups\C\MERGE\Data101 50003968 bytes
File C:\RRbackups\C\MERGE\Data102 50003968 bytes
File C:\RRbackups\C\MERGE\Data103 50003968 bytes
File C:\RRbackups\C\MERGE\Data104 50003968 bytes
File C:\RRbackups\C\MERGE\Data105 50003968 bytes
File C:\RRbackups\C\MERGE\Data106 50003968 bytes
File C:\RRbackups\C\MERGE\Data107 50003968 bytes
File C:\RRbackups\C\MERGE\Data108 50003968 bytes
File C:\RRbackups\C\MERGE\Data109 50003968 bytes
File C:\RRbackups\C\MERGE\Data11 50003968 bytes
File C:\RRbackups\C\MERGE\Data110 50003968 bytes
File C:\RRbackups\C\MERGE\Data111 50003968 bytes
File C:\RRbackups\C\MERGE\Data112 50003968 bytes
File C:\RRbackups\C\MERGE\Data113 50003968 bytes
File C:\RRbackups\C\MERGE\Data114 50003968 bytes
File C:\RRbackups\C\MERGE\Data115 50003968 bytes
File C:\RRbackups\C\MERGE\Data28 50003968 bytes
File C:\RRbackups\C\MERGE\Data29 50003968 bytes
File C:\RRbackups\C\MERGE\Data3 50003968 bytes
File C:\RRbackups\C\MERGE\Data30 50003968 bytes
File C:\RRbackups\C\MERGE\Data31 50003968 bytes
File C:\RRbackups\C\MERGE\Data32 50003968 bytes
File C:\RRbackups\C\MERGE\Data33 50003968 bytes
File C:\RRbackups\C\MERGE\Data34 50003968 bytes
File C:\RRbackups\C\MERGE\Data35 50003968 bytes
File C:\RRbackups\C\MERGE\Data36 50003968 bytes
File C:\RRbackups\C\MERGE\Data37 50003968 bytes
File C:\RRbackups\C\MERGE\Data38 50003968 bytes
File C:\RRbackups\C\MERGE\Data39 50003968 bytes
File C:\RRbackups\C\MERGE\Data4 50003968 bytes
File C:\RRbackups\C\MERGE\Data40 50003968 bytes
File C:\RRbackups\C\MERGE\Data41 50003968 bytes
File C:\RRbackups\C\MERGE\Data42 50003968 bytes
File C:\RRbackups\C\MERGE\Data43 50003968 bytes
File C:\RRbackups\C\MERGE\Data44 50003968 bytes
File C:\RRbackups\C\MERGE\Data45 50003968 bytes
File C:\RRbackups\C\MERGE\Data47 50003968 bytes
File C:\RRbackups\C\MERGE\Data48 50003968 bytes
File C:\RRbackups\C\MERGE\Data49 50003968 bytes
File C:\RRbackups\C\MERGE\Data5 50003968 bytes
File C:\RRbackups\C\MERGE\Data50 50003968 bytes
File C:\RRbackups\C\MERGE\Data51 50003968 bytes
File C:\RRbackups\C\MERGE\Data52 50003968 bytes
File C:\RRbackups\C\MERGE\Data53 50003968 bytes
File C:\RRbackups\C\MERGE\Data54 50003968 bytes
File C:\RRbackups\C\MERGE\Data55 50003968 bytes
File C:\RRbackups\C\MERGE\Data56 50003968 bytes
File C:\RRbackups\C\MERGE\Data57 50003968 bytes
File C:\RRbackups\C\MERGE\Data58 50003968 bytes
File C:\RRbackups\C\MERGE\Data59 50003968 bytes
File C:\RRbackups\C\MERGE\Data6 50003968 bytes
File C:\RRbackups\C\MERGE\Data60 50003968 bytes
File C:\RRbackups\C\MERGE\Data61 50003968 bytes
File C:\RRbackups\C\MERGE\Data62 50003968 bytes
File C:\RRbackups\C\MERGE\Data63 50003968 bytes
File C:\RRbackups\C\MERGE\Data64 50003968 bytes
File C:\RRbackups\C\MERGE\Data66 50003968 bytes
File C:\RRbackups\C\MERGE\Data67 50003968 bytes
File C:\RRbackups\C\MERGE\Data68 50003968 bytes
File C:\RRbackups\C\MERGE\Data69 50003968 bytes
File C:\RRbackups\C\MERGE\Data7 50003968 bytes
File C:\RRbackups\C\MERGE\Data70 50003968 bytes
File C:\RRbackups\C\MERGE\Data71 50003968 bytes
File C:\RRbackups\C\MERGE\Data72 50003968 bytes
File C:\RRbackups\C\MERGE\Data73 50003968 bytes
File C:\RRbackups\C\MERGE\Data74 50003968 bytes
File C:\RRbackups\C\MERGE\Data75 50003968 bytes
File C:\RRbackups\C\MERGE\Data76 50003968 bytes
File C:\RRbackups\C\MERGE\Data77 50003968 bytes
File C:\RRbackups\C\MERGE\Data78 50003968 bytes
File C:\RRbackups\C\MERGE\Data79 50003968 bytes
File C:\RRbackups\C\MERGE\Data8 50003968 bytes
File C:\RRbackups\C\MERGE\Data80 50003968 bytes
File C:\RRbackups\C\MERGE\Data81 50003968 bytes
File C:\RRbackups\C\MERGE\Data82 50003968 bytes
File C:\RRbackups\C\MERGE\Data83 50003968 bytes
File C:\RRbackups\C\MERGE\Data84 50003968 bytes
File C:\RRbackups\C\MERGE\Data85 50003968 bytes
File C:\RRbackups\C\MERGE\Data86 50003968 bytes
File C:\RRbackups\C\MERGE\Data87 50003968 bytes
File C:\RRbackups\C\MERGE\Data88 50003968 bytes
File C:\RRbackups\C\MERGE\Data89 50003968 bytes
File C:\RRbackups\C\MERGE\Data9 50003968 bytes
File C:\RRbackups\C\MERGE\Data90 50003968 bytes
File C:\RRbackups\C\MERGE\Data91 50003968 bytes
File C:\RRbackups\C\MERGE\Data92 50003968 bytes
File C:\RRbackups\C\MERGE\Data93 50003968 bytes
File C:\RRbackups\C\MERGE\Data94 50003968 bytes
File C:\RRbackups\C\MERGE\Data95 50003968 bytes
File C:\RRbackups\C\MERGE\Data96 50003968 bytes
File C:\RRbackups\C\MERGE\Data97 50003968 bytes
File C:\RRbackups\C\MERGE\Data98 50003968 bytes
File C:\RRbackups\C\MERGE\Data99 50003968 bytes
File C:\RRbackups\C\MERGE\EFSFile 0 bytes
File C:\RRbackups\C\MERGE\HashFile 483498 bytes
File C:\RRbackups\C\MERGE\Info 0 bytes
File C:\RRbackups\C\MERGE\TOCFile 49155630 bytes
File C:\RRbackups\C\MERGE\Data117 50003968 bytes
File C:\RRbackups\C\MERGE\Data118 50003968 bytes
File C:\RRbackups\C\MERGE\Data119 50003968 bytes
File C:\RRbackups\C\MERGE\Data12 50003968 bytes
File C:\RRbackups\C\MERGE\Data120 50003968 bytes
File C:\RRbackups\C\MERGE\Data121 50003968 bytes
File C:\RRbackups\C\MERGE\Data122 50003968 bytes
File C:\RRbackups\C\MERGE\Data123 50003968 bytes
File C:\RRbackups\C\MERGE\Data124 50003968 bytes
File C:\RRbackups\C\MERGE\Data125 50003968 bytes
File C:\RRbackups\C\MERGE\Data126 50003968 bytes
File C:\RRbackups\C\MERGE\Data127 50003968 bytes
File C:\RRbackups\C\MERGE\Data128 50003968 bytes
File C:\RRbackups\C\MERGE\Data129 50003968 bytes
File C:\RRbackups\C\MERGE\Data13 50003968 bytes
File C:\RRbackups\C\MERGE\Data130 50003968 bytes
File C:\RRbackups\C\MERGE\Data131 50003968 bytes
File C:\RRbackups\C\MERGE\Data132 50003968 bytes
File C:\RRbackups\C\MERGE\Data133 50003968 bytes
File C:\RRbackups\C\MERGE\Data134 50003968 bytes
File C:\RRbackups\C\MERGE\Data136 50003968 bytes
File C:\RRbackups\C\MERGE\Data137 50003968 bytes
File C:\RRbackups\C\MERGE\Data138 50003968 bytes
File C:\RRbackups\C\MERGE\Data139 50003968 bytes
File C:\RRbackups\C\MERGE\Data14 50003968 bytes
File C:\RRbackups\C\MERGE\Data140 50003968 bytes
File C:\RRbackups\C\MERGE\Data141 50003968 bytes
File C:\RRbackups\C\MERGE\Data142 50003968 bytes
File C:\RRbackups\C\MERGE\Data143 50003968 bytes
File C:\RRbackups\C\MERGE\Data144 50003968 bytes
File C:\RRbackups\C\MERGE\Data145 50003968 bytes
File C:\RRbackups\C\MERGE\Data146 50003968 bytes
File C:\RRbackups\C\MERGE\Data147 50003968 bytes
File C:\RRbackups\C\MERGE\Data148 50003968 bytes
File C:\RRbackups\C\MERGE\Data149 50003968 bytes
File C:\RRbackups\C\MERGE\Data15 50003968 bytes
File C:\RRbackups\C\MERGE\Data150 50003968 bytes
File C:\RRbackups\C\MERGE\Data151 50003968 bytes
File C:\RRbackups\C\MERGE\Data152 50003968 bytes
File C:\RRbackups\C\MERGE\Data16 50003968 bytes
File C:\RRbackups\C\MERGE\Data17 50003968 bytes
File C:\RRbackups\C\MERGE\Data18 50003968 bytes
File C:\RRbackups\C\MERGE\Data19 50003968 bytes
File C:\RRbackups\C\MERGE\Data2 50003968 bytes
File C:\RRbackups\C\MERGE\Data20 50003968 bytes
File C:\RRbackups\C\MERGE\Data21 50003968 bytes
File C:\RRbackups\C\MERGE\Data22 50003968 bytes
File C:\RRbackups\C\MERGE\Data23 50003968 bytes
File C:\RRbackups\C\MERGE\Data24 50003968 bytes
File C:\RRbackups\C\MERGE\Data25 50003968 bytes
File C:\RRbackups\C\MERGE\Data26 50003968 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\bt2.dat 32256 bytes
File C:\RRbackups\common\bt3.dat 32256 bytes
File C:\RRbackups\common\bt4.dat 32256 bytes
File C:\RRbackups\common\bt5.dat 32256 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\rr.log 106636 bytes
File C:\RRbackups\common\SAM 24576 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 184320 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 10400 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\admin 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1010 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1010\0f5007522459c86e95ffcc62f32308f1_3a4d64e0-4302-4eae-81dd-c702ac24a29e 46 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1010\83aa4cc77f591dfc2374580bbd95f6ba_3a4d64e0-4302-4eae-81dd-c702ac24a29e 45 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1010\8f71098770f72c7a67cd8f1151619865_3a4d64e0-4302-4eae-81dd-c702ac24a29e 54 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003\65966303-3f3f-4bb5-8945-cba3d0283e38 388 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1010 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1010\3a535b90-be05-4bb1-b1a5-316703831321 388 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1010\6688e699-7ee5-40aa-a652-ccd61a9d36af 388 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1010\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003\9b5ceefb-0a86-4f00-ad82-32069f63b96b 388 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003\b83487d6-d509-41ea-a603-59f788e3d41f 388 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\admin\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_3a4d64e0-4302-4eae-81dd-c702ac24a29e 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_3a4d64e0-4302-4eae-81dd-c702ac24a29e 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\533145ef011ddf5ca3983e2545a902b4_3a4d64e0-4302-4eae-81dd-c702ac24a29e 2075 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_3a4d64e0-4302-4eae-81dd-c702ac24a29e 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_3a4d64e0-4302-4eae-81dd-c702ac24a29e 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_3a4d64e0-4302-4eae-81dd-c702ac24a29e 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_3a4d64e0-4302-4eae-81dd-c702ac24a29e 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_3a4d64e0-4302-4eae-81dd-c702ac24a29e 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003\65966303-3f3f-4bb5-8945-cba3d0283e38 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003\9b5ceefb-0a86-4f00-ad82-32069f63b96b 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003\b83487d6-d509-41ea-a603-59f788e3d41f 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_3a4d64e0-4302-4eae-81dd-c702ac24a29e 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\e3332c73-4170-4b9f-9dec-512724c3a3a6 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\encobject.dat 17688 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\hwkeys.dat 10620 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\Off_Broadway.pwm 7136 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\pwdrecovery.dat 1104 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\pwmaction.dat 560 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009\533145ef011ddf5ca3983e2545a902b4_3a4d64e0-4302-4eae-81dd-c702ac24a29e 2075 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009\53938318c53847a76c1489b85120413d_3a4d64e0-4302-4eae-81dd-c702ac24a29e 53 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009\6b29ae44e85efac3c72ff4d1865d73f1_3a4d64e0-4302-4eae-81dd-c702ac24a29e 53 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009\83aa4cc77f591dfc2374580bbd95f6ba_3a4d64e0-4302-4eae-81dd-c702ac24a29e 45 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009\8f71098770f72c7a67cd8f1151619865_3a4d64e0-4302-4eae-81dd-c702ac24a29e 54 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3277485088-823723382-2248790331-1009\932a2db58c237abd381d22df4c63a04a_3a4d64e0-4302-4eae-81dd-c702ac24a29e 87 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\CREDHIST 296 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003\65966303-3f3f-4bb5-8945-cba3d0283e38 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-1869538641-2146926258-302818940-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\5dd87dda-79da-48bb-bd6a-4f0444f53c33 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\01377f6f-49b1-4cb9-bc63-1d1b5a2b5dd6 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\05fe9026-60b6-41a6-acaf-65451f8af1dd 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\1106687e-c61f-4545-98d5-ac97268194e4 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\13d50f8e-3380-42a2-9528-060326310ff0 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\338cb3a4-88db-4de1-acca-e9ed2145e56d 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\357ea97b-0f2c-40bc-babb-dee4b64d5f18 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\42d935c7-84a4-4053-86ae-d858c79bce52 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\67508a34-44a8-4fae-8fb7-bae34e4a9b62 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\725bb718-d14b-4859-a971-97443258b490 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\81eb9c44-15c4-4c2b-ad1c-806ee5973d4a 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\89dbc20c-e1a2-4271-9934-1f842150056b 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\91ce3f2f-3b58-4f23-a1b7-e515b0f4ee62 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\b2c239c9-71f4-414b-84a4-2f4af76388fc 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\c890e1d0-6b69-42c2-8fce-243ac9c81c90 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\fb42dbcd-e832-4225-8b17-45d52e01c080 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\ffdf82c6-a4bf-498e-8e76-9e7a20f17cbf 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3277485088-823723382-2248790331-1009\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003\9b5ceefb-0a86-4f00-ad82-32069f63b96b 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-3586043181-1867784627-3137574409-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003\b83487d6-d509-41ea-a603-59f788e3d41f 388 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\Protect\S-1-5-21-4200681666-179198300-858223744-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Off_Broadway\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Owner 0 bytes
File C:\RRbackups\Documents and Settings\Owner\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Owner\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Owner\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Owner\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes
File C:\WINDOWS\$NtUninstallKB45883$\171161864 0 bytes
File C:\WINDOWS\$NtUninstallKB45883$\171161864\L 0 bytes
File C:\WINDOWS\$NtUninstallKB45883$\171161864\U 0 bytes
File C:\WINDOWS\$NtUninstallKB45883$\1911934254 0 bytes

---- EOF - GMER 1.0.15 ----

MBAM log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/3/2011 08:12:39 PM
mbam-log-2011-12-03 (20-12-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 234890
Time elapsed: 1 hour(s), 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Off_Broadway at 19:04:13 on 2011-12-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1188 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PNUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://beta.trstone.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.gwu.edu/dana-cached/sc/JuniperSetupClient.cab
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\off_broadway\application data\mozilla\firefox\profiles\kpnyhx3w.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\off_broadway\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\off_broadway\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-17 64512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-6-4 13480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl141cf26a;MpKsl141cf26a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl141cf26a.sys [2011-12-2 29904]
R1 MpKsl2d1a1eb1;MpKsl2d1a1eb1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl2d1a1eb1.sys [2011-12-3 29904]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\VCdRom.sys [2008-1-1 8576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R2 PNUpdate;Provision Networks Update Service;c:\windows\system32\pnupdate.exe -run --> c:\windows\system32\PNUpdate.exe -RUN [?]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-6-4 63928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S1 MpKsl0293b9ca;MpKsl0293b9ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af3033b0-e9bc-4ff2-afca-0eb3272f40ac}\mpksl0293b9ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{af3033b0-e9bc-4ff2-afca-0eb3272f40ac}\MpKsl0293b9ca.sys [?]
S1 MpKsl35b6fbd9;MpKsl35b6fbd9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15341bef-407f-44d5-863c-b7a42b3dfb8f}\mpksl35b6fbd9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15341bef-407f-44d5-863c-b7a42b3dfb8f}\MpKsl35b6fbd9.sys [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-6-4 45496]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
.
=============== Created Last 30 ================
.
2011-12-03 16:49:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl2d1a1eb1.sys
2011-12-03 03:02:29 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl141cf26a.sys
2011-12-03 03:02:26 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\offreg.dll
2011-12-02 21:39:01 -------- dc----w- c:\documents and settings\all users\application data\PC Tools
2011-12-02 21:38:59 -------- d-----w- c:\documents and settings\off_broadway\application data\TestApp
2011-12-02 21:36:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-02 21:35:56 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
2011-12-02 17:49:58 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl66da296a.sys
2011-12-02 17:48:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl1c45e3fa.sys
2011-12-02 17:45:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsla67c90a9.sys
2011-12-02 17:39:07 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl407a89df.sys
2011-12-02 17:33:25 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\MpKsl24649549.sys
2011-12-02 17:21:46 289280 ----a-w- c:\documents and settings\off_broadway\local settings\application data\yrw.exe
2011-12-02 17:01:27 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853ccd21-94da-4c4b-9d1b-7a28acd8cedc}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-27 05:00:01 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-11-20 17:23:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:04:30.84 ===============

And I attached the 'attach DDS' file since it said so in the instructions.


Thank you in advance for any help!
aeaism

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Please remove that zip file, and copy/paste the log here. We don't open attachments. Instructions are very clear in the Read Me Sticky,

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Here is the 'attach dds'

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2007 10:14:31 AM
System Uptime: 12/3/2011 11:49:06 AM (8 hours ago)
.
Motherboard: LENOVO | | 8743CTO
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | None | 1994/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 11.508 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP352: 11/12/2011 08:28:07 AM - Software Distribution Service 3.0
RP353: 11/12/2011 04:34:33 PM - Software Distribution Service 3.0
RP354: 11/13/2011 05:48:07 PM - System Checkpoint
RP355: 11/14/2011 06:36:15 PM - System Checkpoint
RP356: 11/14/2011 08:58:15 PM - Software Distribution Service 3.0
RP357: 11/16/2011 06:57:39 PM - Software Distribution Service 3.0
RP358: 11/18/2011 01:19:31 PM - Software Distribution Service 3.0
RP359: 11/19/2011 01:29:45 PM - System Checkpoint
RP360: 11/19/2011 01:47:29 PM - Software Distribution Service 3.0
RP361: 11/20/2011 02:03:33 AM - Software Distribution Service 3.0
RP362: 11/21/2011 07:40:50 PM - Software Distribution Service 3.0
RP363: 11/22/2011 07:42:06 PM - System Checkpoint
RP364: 11/26/2011 07:25:02 PM - Software Distribution Service 3.0
RP365: 11/27/2011 01:55:50 AM - Software Distribution Service 3.0
RP366: 11/28/2011 08:20:09 AM - Software Distribution Service 3.0
RP367: 11/29/2011 08:14:58 PM - Software Distribution Service 3.0
RP368: 12/2/2011 12:00:51 PM - Software Distribution Service 3.0
RP369: 12/3/2011 12:44:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Access Help
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Amazon Kindle For PC
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CCleaner
Citrix Presentation Server Client
Client Security Solution
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 27
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Lenovo Battery Program
Lenovo System Interface Driver
Maintenance Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDriver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
mMHouse
Move Media Player
Mozilla Firefox 4.0 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
Octoshape add-in for Adobe Flash Player
On Screen Display
OpenOffice.org 3.3
Presentation Director
Print-IT Client 5.6 (Release 7)
Productivity Center Supplement for ThinkPad
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rescue and Recovery
Rescue and Recovery Critical Patch for Windows Update (KB917422)
Script and Calligraphy Fonts
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skins
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Configuration
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
TreeSize Free V2.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VirtualLab Client 6.0.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Wallpapers
WebFldrs XP
Windows Easy Transfer
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
12/3/2011 05:33:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.179.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/2/2011 12:33:24 PM, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The system cannot find the file specified.
12/2/2011 07:44:28 PM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2011 07:44:28 PM, error: Service Control Manager [7034] - The Provision Networks Update Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2011 07:44:28 PM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2011 07:44:28 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
12/2/2011 03:16:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'mrxsmb.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/2/2011 03:16:46 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
12/2/2011 03:16:40 PM, error: Workstation [5727] - Could not load RDR device driver.
11/29/2011 04:52:04 AM, error: PlugPlayManager [12] - The device 'Intel(R) PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
11/28/2011 08:08:11 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
11/28/2011 08:08:11 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The dependency service or group failed to start.
11/28/2011 08:08:11 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/28/2011 08:08:11 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
11/28/2011 05:56:22 PM, error: Dhcp [1002] - The IP address lease 10.10.36.9 for the Network Card with network address 001CBF6858FD has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
11/27/2011 03:51:02 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001CBF6858FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/27/2011 03:49:22 AM, error: Dhcp [1002] - The IP address lease 192.168.1.9 for the Network Card with network address 001CBF6858FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/26/2011 07:19:36 PM, error: Dhcp [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 001CBF6858FD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Thanks you for posting the Attach.txt log, I have removed your zip attachment.
Have you tried a full reset of the modem and router according to instructions given in link below?

http://www.ehow.com/how_2178176_highspeed-internet-modem-wireless-router.html

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Yes, I did that, as well as even tried a different router just to be sure. As of now, every other wireless device I have can connect to my wifi except the laptop I posted about.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Can you connect the laptop directly to the internet using modem cable?

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

You said you cleaned this infection off the computer...how did you do this? What tools did you use?
I need to see the logs from the tools you used then, not the logs from today.

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I won't have a chance tonight to plug it straight into the modem. I will do so as soon as possible.

But here are the logs from the scans i had originally used to clean: I ran MBAM twice, lavasoft antiadaware, and Microsoft security essentials. I couldn't find an easy way to get the log for MSE so I was unable to past it below. of course, i couldn't connect to the internet so I didn't have the latest updates.

First MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.org


Database version: 8251


Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702


12/2/2011 03:15:11 PM
mbam-log-2011-12-02 (15-15-11).txt


Scan type: Full scan (C:\|D:\|)
Objects scanned: 237205
Time elapsed: 55 minute(s), 19 second(s)


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0


Memory Processes Infected:
(No malicious items detected)


Memory Modules Infected:
(No malicious items detected)


Registry Keys Infected:
(No malicious items detected)


Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.


Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.


Folders Infected:
(No malicious items detected)


Files Infected:
(No malicious items detected)


Second MBAM:


Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.org


Database version: 8251


Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702


12/2/2011 07:40:57 PM
mbam-log-2011-12-02 (19-40-57).txt


Scan type: Full scan (C:\|D:\|)
Objects scanned: 237502
Time elapsed: 1 hour(s), 9 minute(s), 33 second(s)


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0


Memory Processes Infected:
(No malicious items detected)


Memory Modules Infected:
(No malicious items detected)


Registry Keys Infected:
(No malicious items detected)


Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.


Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.


Folders Infected:
(No malicious items detected)


Files Infected:
(No malicious items detected)



Ad-aware:


Logfile created: 12/2/2011 15:21:48
Ad-Aware version: 9.5.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Off_Broadway


*********************** Definitions database information ***********************
Lavasoft definition file: 150.622
Genotype definition file version: 2011/10/12 12:14:17
Extended engine definition file: 11098.0


******************************** Scan results: *********************************
Scan profile name: Full Scan  (ID: full)
Objects scanned: 108029
Objects detected: 20



Type              Detected
==========================
Processes.......:        0
Registry entries:        0
Hostfile entries:        0
Files...........:        0
Folders.........:        0
LSPs............:        0
Cookies.........:       20
Browser hijacks.:        0
MRU objects.....:        0


Removed items:
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0
Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *casalemedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409152 Family ID: 0
Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0


Scan and cleaning complete: Finished correctly after 3998 seconds


*********************************** Settings ***********************************


Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true


Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A


Scheduled scan settings:
<Empty>


Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Sep 04 15:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Sep 04 21:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Sep 04 03:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Sep 04 09:24:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Sep 04 15:24:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false


Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language


Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true



****************************** System information ******************************
Computer name: THINKPADT60
Processor name: Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Processor speed: ~1994MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 1140887552 bytes
Physical memory total: 2145759232 bytes
Virtual memory available: 1936482304 bytes
Virtual memory total: 2147352576 bytes
Memory load: 46%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:


Running processes:
PID: 1536 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1592 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1624 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1668 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1680 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1808 name: C:\WINDOWS\system32\ibmpmsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1864 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1984 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2032 name: c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 208 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 248 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 336 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 432 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 616 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 688 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1052 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1132 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1164 name: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1180 name: C:\WINDOWS\system32\IPSSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1204 name: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1280 name: C:\Program Files\Juniper Networks\Common Files\dsNcService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1432 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1508 name: C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1528 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 408 name: C:\WINDOWS\system32\PNUpdate.exe owner: SYSTEM domain: NT AUTHORITY
PID: 504 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 608 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 644 name: C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 828 name: C:\WINDOWS\system32\TpKmpSVC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 884 name: C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1456 name: C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1896 name: C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2100 name: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2132 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2192 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2224 name: C:\Program Files\Common Files\Lenovo\Logger\logmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2436 name: c:\program files\lenovo\system update\suservice.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2528 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2832 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3304 name: C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1104 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2912 name: C:\Program Files\Lenovo\Client Security Solution\cssauth.exe owner: Off_Broadway domain: THINKPADT60
PID: 2956 name: C:\WINDOWS\Explorer.EXE owner: Off_Broadway domain: THINKPADT60
PID: 1404 name: C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe owner: Off_Broadway domain: THINKPADT60
PID: 592 name: C:\WINDOWS\system32\ctfmon.exe owner: Off_Broadway domain: THINKPADT60
PID: 896 name: C:\Documents and Settings\Off_Broadway\Local Settings\Application Data\yrw.exe owner: Off_Broadway domain: THINKPADT60
PID: 2752 name: c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3128 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2524 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3452 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Off_Broadway domain: THINKPADT60
PID: 3880 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Off_Broadway domain: THINKPADT60


Startup items:
Name: DWQueuedReporting
imagepath: "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: UPnPMonitor
imagepath: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: SunJavaUpdateSched
imagepath: C:\Program Files\Java\jre6\bin\jusched.exe
Name: Malwarebytes' Anti-Malware (reboot)
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini


Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete


Running services:
Name: AcPrfMgrSvc
displayname: Ac Profile Manager Service
Name: AcSvc
displayname: Access Connections Main Service
Name: ALG
displayname: Application Layer Gateway Service
Name: Ati HotKey Poller
displayname: Ati HotKey Poller
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: dsNcService
displayname: Juniper Network Connect Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: EvtEng
displayname: Intel(R) PROSet/Wireless Event Log
Name: helpsvc
displayname: Help and Support
Name: HTTPFilter
displayname: HTTP SSL
Name: IBMPMSVC
displayname: ThinkPad PM Service
Name: IPSSVC
displayname: IPS Core Service
Name: Irmon
displayname: Infrared Monitor
Name: IviRegMgr
displayname: IviRegMgr
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MsMpSvc
displayname: Microsoft Antimalware Service
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PNUpdate
displayname: Provision Networks Update Service
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RegSrvc
displayname: Intel(R) PROSet/Wireless Registry Service
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: S24EventMonitor
displayname: Intel(R) PROSet/Wireless Service
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SUService
displayname: System Update
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: ThinkVantage Registry Monitor Service
displayname: ThinkVantage Registry Monitor Service
Name: TPHKSVC
displayname: On Screen Display
Name: TpKmpSVC
displayname: IBM KCU Service
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: TSSCoreService
displayname: TSS Core Service
Name: TVT Backup Service
displayname: TVT Backup Service
Name: TVT Scheduler
displayname: TVT Scheduler
Name: tvtnetwk
displayname: tvtnetwk
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration
Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Also, whenever I needed to open an application that was blocked by the infection, I would use the following reg fix

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Yes, if I connect my laptop to the modem directly I'm able to access the internet.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Then we know that the computer can connect and the problem is with wireless only.
Try these steps:
Go to control panel Administrative Tools, Services.
Look for Wireless Zero Configuration on the list in the right pane. The list is alphabetical, so you should be able to locate it maybe third from the bottom.
Double-click it to open it.
Click on the STOP button to stop it (lower left). If it is not highlighted or is grayed out, then the service is stopped. (it should also say that the SERVICE STATUS is stopped).
Look for STARTUP TYPE drop-down menu. Change it from AUTOMATIC to DISABLED. then click on APPLY (lower right).
Then just change it right back from disabled to automatic and click on apply again.
Click on START button (right beside the STOP button) on the same window to start the service.
Close the services local window.

Go to Start and then Control Panel. Network Connections. If you don't see Wireless Network Connections or Local Area Connection after opening Network Connections, kindly look for Network Connections again (it maybe on the lower right).
Right-click on the icon for Wireless Network Connections then left-click on Properties.
You should have several tabs. Click on Wireless Network Connections tab (near the top of the window).
Make sure you have a checkmark on where it says, "Use windows to configure your wireless connections..." or something like that.

Make sure first that you have the following CORRECT information: (1) your own SSID; (2) Network key (if you have one) - WEP or WPA or whichever encryption you are using.

Then on the list that shows on the same window, remove everything on the list. That list shows all the wireless networks that you have been connected to before.

Don't worry about deleting them. The next time that you connect to each wireless network, it will be automatically added back into this list.
Once everything is removed, close the window.

Go back to where you have the Wireless Network Connections icon again.
Right-click again the icon and left-click on View Wireless Network Connections.
If your wireless router is broadcasting your SSID, then you should be able to see it on the list of wireless network(s) that will appear on the screen.
Select your SSID and hit Connect.
It should be asking for your network key. Type it in. In might ask you to confirm the network key. Just type it in again.
It will attempt to connect it. And you will get a notification that you are connected.
Once you are connected, go back to the window where you have the Wireless Network Connections icon you were working on before.
That icon should say that it is connected.
Double-click it. It should open a new window.
You should have a General tab and a Support tab.
General tab should say it is connected.
Click on the Support tab.
Now confirm if your IP Address says 192.168.x.x. where x can represent any number. Example: 192.168.0.100
If you have these confirmed. Try to see if you can now get into the internet or into your network.

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I followed all those steps, but it is still not able to connect.

It can detect the SSID, I put in my password, it accepts it, etc. At one point, it even showed that it was connected for one second, but that it does not stay connected.

But it's most def not a problem with my router/wifi since my phone, my other laptop, and my VoIP landline are all working and connected to my wifi.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Try going into the Device Manager and Uninstall the card, reboot and let the computer find and install it again.

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thank you, that solved it! I can now connect to my wifi again.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Fantastic! Do you feel things are running ok now?

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I do!

The only thing I'm worried about is my completely malware free. After I was able to connect to the internet, I updated my MBAM and scanned my laptop again. With the new update, it found one more trojan (post below). Do you think I need to download any other anti-malware program and scan again?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8309

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/4/2011 02:26:04 PM
mbam-log-2011-12-04 (14-26-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 236928
Time elapsed: 1 hour(s), 18 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\off_broadway\local settings\application data\yrw.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Actually, false hope. I had to restart my computer again, and upon logging in the wifi problems returned :(

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

Ok do this, if you have to use a flash drive to get this program, that is fine, if you can fix the WiFi and do it with the computer that is fine too:

Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);

Run the TDSSKiller.exe file;

Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.

Post back with the log.

Member Avatar
aeaism
Newbie Poster
22 posts since Jul 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Scan comes up clear. 0 events found.

Member Avatar
jholland1964
Posting Expert
5,610 posts since Jul 2008
Reputation Points: 650 [?]
Q&As Helped to Solve: 343 [?]
Skill Endorsements: 3 [?]
Team Colleague
Featured
 
0
 

I really find this odd. So you still cannot use wifi?
Removing that infection should not have damaged the connection.
If you can find a way to go online then do this scan:
ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with the log.

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: