Inactive [A] Infected with Win32:Dropper-gen [Drp]

Status
Not open for further replies.
E

Eric Witzling

Posts: 120   +2
Those are the sage words of one aswMBR.

The story thus far!

A corrupted XP Pro SP3 machine, which showed nothing under TDSSkiller but some infection which LSPFix could locate. Let MalwareBytes, SuperAntiSpyware and Spybot run their own cleanup first, and since they could not remove the portions LSPFix located, I ran it as well. And then WinsockXPFix to follow. Was able to reboot the machine and reconnect my remote session and carry on.

Was looking clean, but DNS redirection remained. Cleaned up a HOSTS reference that looked bad, but ran some other tools to check elsewhere on the system. aswMBR picks up the reference included in the subject, and warns of something else in local settings. Ran DDS and GMER and logs galore are attached.

I am at your disposal..
 

Attachments

  • dds.txt
    11 KB · Views: 1
  • gmer.log.txt
    247.1 KB · Views: 2
  • attach.txt
    22.1 KB · Views: 1
  • aswMBR.txt
    2.2 KB · Views: 1
  • mbam-log-2012-08-21 (12-00-15).txt
    2.7 KB · Views: 1
  • Rkill.txt
    2.4 KB · Views: 1
No, not the same computer.

And sorry for attaching them, but some of these were very large, and the last time I was trying to paste a lot of large text I had a helluva time with it and had to split it multiple times, and occasionally lost a post trying to manage it. I figured this would keep them better organized. (And the last time a few things DID have to be attached.)

Will paste in the ones mentioned from the 5-step, and follow with any others:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912082108

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

8/21/2012 12:00:15 PM
mbam-log-2012-08-21 (12-00-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 497405
Time elapsed: 50 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\036DFF6129457C2FFC8C7C1C7B07D287 (Trojan.LameShield) -> Value: 036DFF6129457C2FFC8C7C1C7B07D287 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32\(default) (Trojan.Zaccess) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32\(default) (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{4e574d6a-7fdd-34c4-ebf4-80ae2e550b6a}\n.) Good: (wbemess.dll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\036dff6129457c2ffc8c7c1c7b07d287\036dff6129457c2ffc8c7c1c7b07d287.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
c:\documents and settings\ddomanich\application data\Sun\Java\deployment\cache\6.0\24\2d1732d8-590fc73f (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\ddomanich\local settings\Temp\147gge.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\ddomanich\local settings\Temp\506.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
c:\documents and settings\ddomanich\local settings\Temp\~!#505.tmp (Trojan.Reza) -> Quarantined and deleted successfully.
c:\WINDOWS\installer\{4e574d6a-7fdd-34c4-ebf4-80ae2e550b6a}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-21 16:33:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3160815AS rev.4.CCC
Running: jqtdzt18.exe; Driver: C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\fwrdrkow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xA8F824D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xA8F82520]
---- Kernel code sections - GMER 1.0.15 ----
? gqods.sys The system cannot find the file specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS The system cannot find the path specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS The system cannot find the path specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E354846 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3547C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35480B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E354753 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35478D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E354881 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20177A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E354A43 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by ddomanich at 13:14:49 on 2012-08-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2408 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Documents and Settings\ddomanich\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.EXE
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\RMHLPDSK.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtdrHlpDk.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\program files\lenovo\system update\suservice.exe
C:\Documents and Settings\ddomanich\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ddomanich\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Hudson Place Realty
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LenovoFSC] c:\program files\lenovo\fanspeedcontrol\LenovoFSC.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uExplorerRun: [Primax] c:\documents and settings\ddomanich\application data\EBBD10.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
Trusted Zone: xmlsweb.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://hudson.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286393692930
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://mimosadigital.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.0.10 208.67.222.222 208.67.220.220
TCP: Interfaces\{7AE95898-093C-4B87-B9A0-90D22ADB3430} : DhcpNameServer = 192.168.0.10 208.67.222.222 208.67.220.220
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Hosts: 127.0.0.1www.spywareinfo.com
Hosts: 85.13.206.115 u07012010u.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ddomanich\application data\mozilla\firefox\profiles\vxwszvmp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\ddomanich\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ddoman~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\ddoman~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ddoman~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\ddoman~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-9-19 21592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-9-19 212568]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRescue_46ee1c74-be0f-4a54-9c13-f0a737cd6608;LogMeIn Rescue (46ee1c74-be0f-4a54-9c13-f0a737cd6608);c:\documents and settings\ddomanich\local settings\application data\logmein rescue applet\lmir0001.tmp\LMI_Rescue_srv.exe [2012-8-21 2487208]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-7 47640]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-7-13 82760]
R2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-7-13 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.EXE [2011-7-12 81920]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2011-7-12 73728]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2011-7-12 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2011-7-12 77824]
R2 SAAZWatchDog;SAAZWatchDog;"c:\progra~1\saazod\\saazwatchdog" --> c:\progra~1\saazod\\SAAZWatchDog [?]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2011-6-23 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-19 74200]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2011-6-23 181584]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2008-3-6 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-11-19 37184]
S2 gupdate1ca9bb07c538bb6;Google Update Service (gupdate1ca9bb07c538bb6);c:\program files\google\update\GoogleUpdate.exe [2010-1-22 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-22 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 113120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 ZEvtSVC;ZEvtSVC;c:\progra~1\saazod\zscc\zEvtSVC.exe [2011-8-11 230216]
.
=============== Created Last 30 ================
.
2012-08-21 16:59:33865776----a-w-c:\program files\mozilla firefox\uninstall\helper.exe
2012-08-21 14:41:57--------d-----w-c:\documents and settings\ddomanich\local settings\application data\LogMeIn Rescue Applet
2012-08-20 23:10:45--------d-----w-c:\documents and settings\all users\application data\036DFF6129457C2FFC8C7C1C7B07D287
2012-08-20 23:09:5158368---ha-w-c:\windows\system32\gdihone.dll
2012-08-20 23:09:32154112--sha-w-c:\documents and settings\ddomanich\application data\iretnk.dll
2012-07-30 21:52:13103904----a-w-c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-07-12 17:46:0387456----a-w-c:\windows\system32\LMIinit.dll
2012-07-12 17:46:0383392----a-w-c:\windows\system32\LMIRfsClientNP.dll
2012-06-05 15:50:251372672----a-w-c:\windows\system32\msxml6.dll
2012-06-05 15:50:251172480----a-w-c:\windows\system32\msxml3.dll
2012-06-04 04:32:08152576----a-w-c:\windows\system32\schannel.dll
.
============= FINISH: 13:24:10.53 ===============
(GMER too big. Will try to post it alone afterward.)
 
GMER is still too large to post properly. That one will have to run from the attachment. Meanwhile, the extras...
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 13:42:35
-----------------------------
13:42:35.955 OS Version: Windows 5.1.2600 Service Pack 3
13:42:35.955 Number of processors: 2 586 0x1706
13:42:35.955 ComputerName: HPR-TC7269-009 UserName: ddomanich
13:42:36.611 Initialize success
13:44:51.908 AVAST engine defs: 12082100
13:47:39.224 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
13:47:39.224 Disk 0 Vendor: ST3160815AS 4.CCC Size: 152627MB BusType: 3
13:47:39.239 Disk 0 MBR read successfully
13:47:39.239 Disk 0 MBR scan
13:47:39.270 Disk 0 unknown MBR code
13:47:39.286 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149939 MB offset 2048
13:47:39.317 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 2686 MB offset 307077120
13:47:39.333 Disk 0 scanning sectors +312578048
13:47:39.395 Disk 0 scanning C:\WINDOWS\system32\drivers
13:47:45.536 Service scanning
13:47:59.693 Modules scanning
13:48:02.865 Disk 0 trace - called modules:
13:48:02.880 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:48:02.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4b8ab8]
13:48:02.896 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a5204e8]
13:48:02.896 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a48fd98]
13:48:03.396 AVAST engine scan C:\WINDOWS
13:48:12.896 AVAST engine scan C:\WINDOWS\system32
13:48:28.287 File: C:\WINDOWS\system32\gdihone.dll **INFECTED** Win32:Dropper-gen [Drp]
13:50:03.727 AVAST engine scan C:\WINDOWS\system32\drivers
13:50:15.649 AVAST engine scan C:\Documents and Settings\ddomanich
13:52:05.822 File: C:\Documents and Settings\ddomanich\Local Settings\Application Data\{4e574d6a-7fdd-34c4-ebf4-80ae2e550b6a}\n **INFECTED** Win32:Sirefef-AIG [Trj]
13:52:29.401 AVAST engine scan C:\Documents and Settings\All Users
13:52:55.166 Scan finished successfully
13:54:59.824 Disk 0 MBR has been saved successfully to "C:\downloads\MBR.dat"
13:54:59.839 The log file has been saved successfully to "C:\downloads\aswMBR.txt"
Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/21/2012 01:12:33 PM in x86 mode.
Windows Version: Windows XP Service Pack 3
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* C:\WINDOWS\system32\ICO.EXE (PID: 3268) [WD-HEUR]
* C:\WINDOWS\system32\FSRremoS.EXE (PID: 3680) [WD-HEUR]
* C:\WINDOWS\system32\Pelmiced.exe (PID: 3828) [WD-HEUR]
3 proccesses terminated!
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* No issues found.
Checking Windows Service Integrity:
* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/21/2012 01:12:58 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)
 
Weirdly squeezing together my enter-key spacing, too.


DDS didn't produce an OTL.txt or extras.txt automatically, though it did produce an attach.txt. It's possible that I renamed OTL to "dds.txt" without thinking about it, which is pasted above.
 
OK, no renaming. DDS.txt and Attach.txt were the only two it created. Did they change their procedure, and hence the process of Step 4?
 
Please pay attention to our instructions.

I still need Attach.txt part of DDS and GMER logs.
 
I tried splitting that bugger in quarters and it still failed, but I'll try again. I figured there might be an upper bound as to how many parts you're fine with this splitting. ;-)

Sorry about the confusion for attach.txt, meanwhile. I opened it and the first lines say "UNLESS SPECIFICALLY REQUESTED" so I misread the "No need for that though..." part of your Step 4. (Last PC I was working with never got DDS to successfully run, so I hadn't been able to post any of that.)

Starting with the latter, and then I'll run the GMER-splitting gamut.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/29/2009 2:16:29 PM
System Uptime: 8/21/2012 12:04:19 PM (1 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel Pentium III Xeon processor | CPU 1 | 2493/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 118.593 GiB free.
D: is CDROM (CDFS)
N: is NetworkDisk (NTFS) - 255 GiB total, 175.246 GiB free.
V: is NetworkDisk (NTFS) - 2760 GiB total, 2446.739 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6750: 8/8/2012 6:42:48 PM - Spybot-S&D Spyware removal
RP6751: 8/8/2012 8:42:38 PM - Spybot-S&D Spyware removal
RP6752: 8/8/2012 10:42:38 PM - Spybot-S&D Spyware removal
RP6753: 8/9/2012 12:46:56 AM - Spybot-S&D Spyware removal
RP6754: 8/9/2012 12:31:53 PM - Spybot-S&D Spyware removal
RP6755: 8/9/2012 2:32:37 PM - Spybot-S&D Spyware removal
RP6756: 8/9/2012 4:32:36 PM - Spybot-S&D Spyware removal
RP6757: 8/9/2012 6:32:38 PM - Spybot-S&D Spyware removal
RP6758: 8/9/2012 8:32:41 PM - Spybot-S&D Spyware removal
RP6759: 8/9/2012 10:32:38 PM - Spybot-S&D Spyware removal
RP6760: 8/10/2012 12:37:50 AM - Spybot-S&D Spyware removal
RP6761: 8/10/2012 12:31:55 PM - Spybot-S&D Spyware removal
RP6762: 8/10/2012 2:31:42 PM - Spybot-S&D Spyware removal
RP6763: 8/10/2012 4:31:42 PM - Spybot-S&D Spyware removal
RP6764: 8/10/2012 6:31:57 PM - Spybot-S&D Spyware removal
RP6765: 8/10/2012 8:31:52 PM - Spybot-S&D Spyware removal
RP6766: 8/10/2012 10:31:49 PM - Spybot-S&D Spyware removal
RP6767: 8/11/2012 12:29:49 AM - Spybot-S&D Spyware removal
RP6768: 8/11/2012 12:32:00 PM - Spybot-S&D Spyware removal
RP6769: 8/11/2012 2:32:02 PM - Spybot-S&D Spyware removal
RP6770: 8/11/2012 4:32:04 PM - Spybot-S&D Spyware removal
RP6771: 8/11/2012 6:32:00 PM - Spybot-S&D Spyware removal
RP6772: 8/11/2012 10:23:08 PM - Spybot-S&D Spyware removal
RP6773: 8/12/2012 12:33:01 PM - Spybot-S&D Spyware removal
RP6774: 8/12/2012 1:52:55 PM - System Checkpoint
RP6775: 8/12/2012 2:32:35 PM - Spybot-S&D Spyware removal
RP6776: 8/12/2012 4:32:35 PM - Spybot-S&D Spyware removal
RP6777: 8/12/2012 6:32:35 PM - Spybot-S&D Spyware removal
RP6778: 8/12/2012 8:33:33 PM - Spybot-S&D Spyware removal
RP6779: 8/12/2012 10:33:33 PM - Spybot-S&D Spyware removal
RP6780: 8/13/2012 12:50:33 AM - Spybot-S&D Spyware removal
RP6781: 8/13/2012 12:32:48 PM - Spybot-S&D Spyware removal
RP6782: 8/13/2012 2:32:35 PM - Spybot-S&D Spyware removal
RP6783: 8/13/2012 4:32:37 PM - Spybot-S&D Spyware removal
RP6784: 8/13/2012 6:33:33 PM - Spybot-S&D Spyware removal
RP6785: 8/13/2012 8:33:33 PM - Spybot-S&D Spyware removal
RP6786: 8/13/2012 10:33:34 PM - Spybot-S&D Spyware removal
RP6787: 8/14/2012 12:39:41 AM - Spybot-S&D Spyware removal
RP6788: 8/14/2012 12:31:48 PM - Spybot-S&D Spyware removal
RP6789: 8/14/2012 2:31:35 PM - Spybot-S&D Spyware removal
RP6790: 8/14/2012 4:31:46 PM - Spybot-S&D Spyware removal
RP6791: 8/14/2012 6:32:00 PM - Spybot-S&D Spyware removal
RP6792: 8/14/2012 8:31:53 PM - Spybot-S&D Spyware removal
RP6793: 8/14/2012 10:31:45 PM - Spybot-S&D Spyware removal
RP6794: 8/15/2012 1:34:54 AM - Spybot-S&D Spyware removal
RP6795: 8/15/2012 12:32:54 PM - Spybot-S&D Spyware removal
RP6796: 8/15/2012 2:32:50 PM - Spybot-S&D Spyware removal
RP6797: 8/15/2012 6:07:47 PM - Spybot-S&D Spyware removal
RP6798: 8/15/2012 8:07:36 PM - Spybot-S&D Spyware removal
RP6799: 8/15/2012 10:07:33 PM - Spybot-S&D Spyware removal
RP6800: 8/16/2012 12:45:44 AM - Spybot-S&D Spyware removal
RP6801: 8/16/2012 12:32:45 PM - Spybot-S&D Spyware removal
RP6802: 8/16/2012 2:32:32 PM - Spybot-S&D Spyware removal
RP6803: 8/16/2012 4:32:32 PM - Spybot-S&D Spyware removal
RP6804: 8/16/2012 6:33:01 PM - Spybot-S&D Spyware removal
RP6805: 8/16/2012 8:32:33 PM - Spybot-S&D Spyware removal
RP6806: 8/16/2012 10:32:33 PM - Spybot-S&D Spyware removal
RP6807: 8/17/2012 12:38:05 AM - Spybot-S&D Spyware removal
RP6808: 8/17/2012 12:31:50 PM - Spybot-S&D Spyware removal
RP6809: 8/17/2012 2:31:37 PM - Spybot-S&D Spyware removal
RP6810: 8/17/2012 4:31:38 PM - Spybot-S&D Spyware removal
RP6811: 8/17/2012 6:31:38 PM - Spybot-S&D Spyware removal
RP6812: 8/17/2012 8:31:47 PM - Spybot-S&D Spyware removal
RP6813: 8/17/2012 10:31:38 PM - Spybot-S&D Spyware removal
RP6814: 8/18/2012 12:08:56 AM - Software Distribution Service 3.0
RP6815: 8/18/2012 12:10:16 AM - Software Distribution Service 3.0
RP6816: 8/18/2012 12:11:34 AM - Software Distribution Service 3.0
RP6817: 8/18/2012 12:31:48 PM - Spybot-S&D Spyware removal
RP6818: 8/18/2012 2:31:36 PM - Spybot-S&D Spyware removal
RP6819: 8/18/2012 4:31:35 PM - Spybot-S&D Spyware removal
RP6820: 8/18/2012 6:31:35 PM - Spybot-S&D Spyware removal
RP6821: 8/18/2012 8:31:35 PM - Spybot-S&D Spyware removal
RP6822: 8/18/2012 10:32:03 PM - Spybot-S&D Spyware removal
RP6823: 8/19/2012 12:42:21 AM - Spybot-S&D Spyware removal
RP6824: 8/19/2012 12:31:51 PM - Spybot-S&D Spyware removal
RP6825: 8/19/2012 2:31:36 PM - Spybot-S&D Spyware removal
RP6826: 8/19/2012 4:31:36 PM - Spybot-S&D Spyware removal
RP6827: 8/19/2012 6:31:36 PM - Spybot-S&D Spyware removal
RP6828: 8/19/2012 8:31:36 PM - Spybot-S&D Spyware removal
RP6829: 8/19/2012 10:31:37 PM - Spybot-S&D Spyware removal
RP6830: 8/20/2012 12:32:29 AM - Spybot-S&D Spyware removal
RP6831: 8/20/2012 12:31:56 PM - Spybot-S&D Spyware removal
RP6832: 8/20/2012 2:32:03 PM - Spybot-S&D Spyware removal
RP6833: 8/20/2012 4:32:01 PM - Spybot-S&D Spyware removal
RP6834: 8/20/2012 6:31:58 PM - Spybot-S&D Spyware removal
RP6835: 8/21/2012 12:20:49 PM - _21-Aug-2012 12:20:38 PM
RP6836: 8/21/2012 12:38:33 PM - Spybot-S&D Spyware removal
RP6837: 8/21/2012 12:58:07 PM - Removed Java(TM) 6 Update 11
RP6838: 8/21/2012 1:00:09 PM - Removed Windows Live Toolbar
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
FanSpeedControl
Google Chrome
Google Earth
Google Update Helper
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
ITSupport247-DPMA
Java Auto Updater
Lenovo System Toolbox
LogMeIn
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Publisher 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mouse Suite
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Octoshape add-in for Adobe Flash Player
Online Data Backup
Productivity Center Supplement for ThinkCentre
Realtek High Definition Audio Driver
Rescue and Recovery
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy SBE
Sunbelt Enterprise Agent
System Update
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
XP Themes
ZSCC
.
==== Event Viewer Messages From Past Week ========
.
8/21/2012 9:25:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL sbaphd tvtumon
8/21/2012 9:24:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The VIPRE Enterprise Agent service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZWatchDog service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZServerPlus service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZScheduler service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZRemoteSupport service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZDPMACTL service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZ RMM Agent Presence-SC service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The SAAZ RMM Agent Presence-PR service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
8/21/2012 9:14:26 AM, error: Service Control Manager [7031] - The TVT Windows Update Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
8/21/2012 9:14:26 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
8/21/2012 9:14:26 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/21/2012 9:14:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVT Windows Update Monitor service to connect.
8/21/2012 9:14:26 AM, error: Service Control Manager [7000] - The TVT Windows Update Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/21/2012 12:06:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC Pcmcia
8/21/2012 12:04:51 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/19/2012 12:26:58 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HUDSON due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
8/15/2012 4:04:26 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf405c5b, parameter3 a6d288a4, parameter4 00000000.
.
==== End Of File ===========================
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-21 16:33:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST3160815AS rev.4.CCC
Running: jqtdzt18.exe; Driver: C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\fwrdrkow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xA8F824D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xA8F82520]
---- Kernel code sections - GMER 1.0.15 ----
? gqods.sys The system cannot find the file specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS The system cannot find the path specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS The system cannot find the path specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\DDOMAN~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E354846 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3547C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35480B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E354753 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35478D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E354881 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20177A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E354A43 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[456] @ C:\WINDOWS\system32\WININET.DLL [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[844] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe[1160] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMUI.exe[1508] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe[1976] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\ddomanich\Local Settings\Temporary Internet Files\Content.IE5\EVX5IWC7\JavaSetup7u5[1].exe[2128] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\Shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\Shell32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2568] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe[2584] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
 
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\aswMBR.exe[2676] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\downloads\jqtdzt18.exe[2880] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\msiexec.exe[3300] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe[3380] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\RTHDCPL.EXE[3532] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[3872] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[3904] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E45605] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\userenv.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxpers.exe[3940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E45600] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[3980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 64197 bytes
File C:\RRbackups\common\SAM 28672 bytes
File C:\RRbackups\common\seccache.dat 12288 bytes
File C:\RRbackups\common\secpolicy.dat 61440 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\usersids.dat 14560 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-500\17db6919-f579-4035-99ba-c2bb847cad56 664 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator.HUDSON\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\enroll.ini 26 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\144faf601f29a18ee290f94c55c9fe88_58564b1d-26b1-47e3-beca-93cca2a6f4f3 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\401980b81d01e7546f609b5e13c65a60_58564b1d-26b1-47e3-beca-93cca2a6f4f3 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\582b6ff751eb33889063ba14b200378f_58564b1d-26b1-47e3-beca-93cca2a6f4f3 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65915979460a775acaba3ff6101ba56d_58564b1d-26b1-47e3-beca-93cca2a6f4f3 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8dca6567da0d98be72f09b220495774_58564b1d-26b1-47e3-beca-93cca2a6f4f3 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d08d1a48b43fe620c31cf86abcb969eb_58564b1d-26b1-47e3-beca-93cca2a6f4f3 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0387c36d70c5c8fcaceb92cc0b5720d_58564b1d-26b1-47e3-beca-93cca2a6f4f3 891 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_58564b1d-26b1-47e3-beca-93cca2a6f4f3 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\a81bb17e1f5dc49a730b06b63f6d28e9_58564b1d-26b1-47e3-beca-93cca2a6f4f3 61 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_58564b1d-26b1-47e3-beca-93cca2a6f4f3 893 bytes
File C:\RRbackups\Documents and Settings\bdziman 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\bdziman\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\cisaac 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\cisaac\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1613 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1613\67d16e75-e4ff-4500-a4d0-565625a13fc5 664 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1613\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\cisaac.HUDSON\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1133 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1133\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1133\83aa4cc77f591dfc2374580bbd95f6ba_58564b1d-26b1-47e3-beca-93cca2a6f4f3 45 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1133\a81bb17e1f5dc49a730b06b63f6d28e9_58564b1d-26b1-47e3-beca-93cca2a6f4f3 61 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\77ba7ec1-916d-4ace-a3e4-68b1749b4853 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\141858a0-9cf3-44d3-bf60-a75da30d0429 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\143146f4-a9c8-4054-9010-4f434eb316ca 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\1951e6f3-53ab-48ca-9bd2-4cb2d083f214 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\26a68d95-8f15-4f4d-a08f-c1b54cc8cdc7 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\2c07130c-2e38-417d-8c71-bbeee00facee 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\3a59949a-63c4-4c28-8043-c80d0a96ffd8 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\3db1f211-4e26-4f52-b1ec-46b0e8ac4ff7 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\89bb5df3-13a5-46be-bdb7-c9d13b54b936 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\8b6a9a82-6207-44ac-b568-68a91502004b 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\d0482935-a923-4469-b2a6-3d3d594317e7 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\d360d162-cadc-4b29-a566-bb5eed2309a7 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\e3668e12-a6e7-4628-b3e2-7573e5ff34ae 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\e510ea47-d9fa-4330-bb40-78abc39d60c4 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\f8e97fd4-8ef2-4b04-8407-9683cb79a38b 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\f9d6f255-4af6-4e4f-80ca-71f8eb52bc89 664 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1133\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\ddomanich\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
 
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\dmader 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1139 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1139\065a1cf742179fbefd3cb06035b06ff0_58564b1d-26b1-47e3-beca-93cca2a6f4f3 47 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1139\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1139\83aa4cc77f591dfc2374580bbd95f6ba_58564b1d-26b1-47e3-beca-93cca2a6f4f3 45 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1139 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1139\fdf43333-6e5c-44ec-9c46-bd611a66f6b7 664 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1139\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\dmader\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\iperello 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1114 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1114\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1114 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1114\91881a2c-cef2-4560-b728-c60a636806d7 664 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1114\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\iperello\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\jsisti 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1117 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1117\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1117 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1117\033ff273-5640-464b-af5b-5a06bf96031d 664 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1117\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\jsisti\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_58564b1d-26b1-47e3-beca-93cca2a6f4f3 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\f2f21162-48ad-48a7-a7cf-b56388716a82 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rjr 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1604 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1604\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1604 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1604\d8b97013-738c-4cc8-a3b4-63bc544f98c5 664 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1604\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\rjr\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1635 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1635\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1635 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1635\321b222f-6239-4085-8d12-976e2e183249 664 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1635\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\rjrsinc\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\setup 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4004932450-1465086130-1026130749-1008 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4004932450-1465086130-1026130749-1008\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-4004932450-1465086130-1026130749-1008 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-4004932450-1465086130-1026130749-1008\659b8ad8-2db8-4c72-9546-9f86aa2544c8 388 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-4004932450-1465086130-1026130749-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\setup\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
 
File C:\RRbackups\Documents and Settings\vtrifunovich 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1637 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Crypto\RSA\S-1-5-21-682003330-1303643608-725345543-1637\6b29ae44e85efac3c72ff4d1865d73f1_58564b1d-26b1-47e3-beca-93cca2a6f4f3 53 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\8abc429b-bfa2-4e15-aa09-6a436ef8ebd1 388 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-2273348228-642103315-1769036909-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\9291c1f4-0e0e-4522-8c4e-49282827191a 388 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-3426481922-1982825300-3071030363-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\e40ebff5-1405-4446-b85c-9aa16e1bbfea 388 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-513344562-209844627-1131122685-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1637 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1637\98eb9fc2-af27-46cc-a98d-14bf40cbb03d 664 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\Protect\S-1-5-21-682003330-1303643608-725345543-1637\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\vtrifunovich\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 16680 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 786432 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\WINDOWS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 124928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 23592960 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 4980736 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 147968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouhid.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 455936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes
 
executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 357888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 143872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 148480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 978944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes
 
executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 714752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2148352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1288704 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 220160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1862272 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 832512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 10512 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1724416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
---- EOF - GMER 1.0.15 ----
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Was hoping to hold off on ComboFix since it always breaks LMI Rescue, but... I guess I'll hope my other connection stays up for a bit.
 
Was finally able to walk them through things to get Combofix run remotely, and it seems to have cleaned up the remainder of the crap. Was just hoping to find a strategically-targetted tool that wouldn't be a victim to scheduling, since Combofix breaks my remotes so often. Heh...

Feel free to close out and such.
 
Cleaning process doesn't work that way.
Once it's started it has to be finished.

I'd like to see Combofix log.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive [A] Help! Infected with RootKit.ZeroAccess Virus
2 3 4
Replies
85
Views
16K
Broni
Broni
5
  • Locked
[Not curable - Ramnit] My XP Laptop is infected with the win32/zbot.g
Replies
10
Views
7K
Broni
Broni

Latest posts

Back