Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp Folder inaccessible after XP Security cleanup

Started by Gollios , Jan 22 2012 06:44 PM

  • Please log in to reply
20 replies to this topic

#1 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 22 January 2012 - 06:44 PM

Greetings all,

I used the XP Internet Security 2012 uninstall guide to try and rid my system of that rather nasty malware. It seems to have worked, but I am still having the following issues:

1. Although I was able to download and run RKill and MWB, I have not been able to successfully download or run unhide or tdsskiller. I downloaded both and an attempt to run unhide ends with the following error:"C?DOCUME~1\bl3xd\LOCALS~1\Temp\RarSFX3" folder is not accessible. This occurs as the file is being extracted from the WinRAR archive. The same error message pops up when I try to run RKill off my desktop (it was renamed iExplore). TDSSKiller does not seem to open; it is apparent my hard drive is being accessed for quite some time but the not results screen pops up.

2. As you probably suspected I have the search redirect virus. I've been able to work around it by cutting and pasting search results (those pop up with regular URLs), but any attempt to click through directs my to a random site.

3. I am not able to open word files. Attempting to do so gives me the message ".doc is locked for editing by 'another user.'" with the three standard options. Trying to open a read only file does not work.

4. Attempts to download any software gives me this message: C:\DOCUME~1\bl3xd\LOCALS~1\Temp could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location.

I was able to access my documents and programs by manually unhiding them. This made my program list (for the most part) populate in the start screen, but many programs show 'empty' when I scroll over them.

When I examine the 'Local settings' folder it appears to be read only; that is, there is no check, but the check box is colored. When I try to make it and the folders contained within no longer read only, the computer will process the request, give me the error message "An error occurred applying attributes to this file: Documents and Settings\bl...\CardSpace.db Access is denied., and after I 'ignore all' it seems to complete. But if I back up to the parent folder and move forward again, the folder is still marked as 'read only.' This happens regardless of what folder or where it is, either under 'my computer' or 'my documents.'

Within the 'Local Settings' folder, I see subfolders for 'Application Data' and 'Apps' but there is no 'Temp' folder. An attempt to create on gives me the following message: Cannot rename New Folder: A file with the name you specified already exists. Specify a different file name.

There is a temp folder as well as empty folders for some other applications in the 'application data' file.

Any ideas as to what I should do to restore functionality?

Thanks so much.

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 January 2012 - 07:42 PM

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 22 January 2012 - 08:06 PM

Will do as soon as I can download it. When I click on one of the links you have provided the new tab shuts down automatically. When I use 'open link in new tab' or 'window' I get the message:

C:\DOCUME~1\bl3xd\LOCALS~1\Temp could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location.

I will try to download it from a friend's computer tomorrow and transfer via USB drive.

Thanks for the quick response!

#4 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 22 January 2012 - 08:14 PM

Click on start button and type

cmd

right click-select-run as administrator

Now run this command

icacls C:\DOCUME~1\bl3xd\LOCALS~1\Temp /grant:r BUILTIN\Users:(CI)(S,WD,AD,X)

Restart your PC and try downloading again

good luck

#5 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 24 January 2012 - 08:09 PM

I've tried to use the commands you supplied. I keep getting the message:

'icacls' is not recognized as an internal or external command, operable program or batch file.

#6 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 24 January 2012 - 09:26 PM

Browse to this path

C:\DOCUME~1\bl3xd\LOCALS~1\Temp

Right click on TEMP folder-properties

Click on security tab-click on EDIT and click on ADD and type

Everyone and click ok

if you dont have a security option,then try the method here

http://support.microsoft.com/kb/307874

Now try to give full permissions to TEMP folder

#7 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 25 January 2012 - 10:17 AM

When I look in the local settings I do not see a temp folder. The only folders that appear are "Application Data" and "Apps."

If I try to create a "Temp" folder, I get the following message:

Cannot rename New Folder: A file with the name you specified already exists. Specify a different file name.

There is a "Temp" folder within the "Application Data" folder.

One more note-Inside the Documents and Setting folder there are six subfolders: Administrator, All Users, bl3xd, Default User, kwiseman, lawstudent (This computer was a mandatory purchase when I went to grad school). All subfolders except for bl3xd have a "Temp" folder within "Local Settings."

#8 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 25 January 2012 - 10:39 AM

Further news: I logged in as "Administrator" and found that I can download files. Should I run the scans you suggested as that user & post the results?

#9 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 25 January 2012 - 10:44 AM

Yes ,I thought of suggesting you the same thing.Go ahead :thumbup2:

I want you to run a full SCAN of malwarebytes.

Probably TEMP folder is hidden in specific user account.

Good luck

#10 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 25 January 2012 - 04:07 PM

Here's the scan:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-25 16:06:38
Windows 5.1.2600 Service Pack 3
Running: nqw3qj3y.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxrdapog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x68 0x7A 0x94 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0xA6 0x7B 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xDD 0x56 0x2A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x68 0x7A 0x94 0x85 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3C 0xA6 0x7B 0xB3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xDD 0x56 0x2A ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D414BCA974396B044A35E5BFD25BD9AF\Usage@SAVService 1077506787

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 16384 bytes
File C:\RRbackups\common\rr.log 37206 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 77824 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 23920 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3769787863-1513688831-2775522246-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-500\80dd52b1-f02c-4024-9475-ab09000aac31 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42b5bcbac3e1a2e2fe8a7106f7aea1bd_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b1541e21e76f2d57987bd197f2517e8_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5bac492b8a12a9b6bf4a5681cc06a21_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 888 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d97d58a4097267cd3ad6d52629afe328_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef2d49704935b98519dd730da788ee08_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\980c209e-fdb0-4eb9-b714-7beda8be6437 388 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\EAF9417E-E856-40FE-8EF5-79808CE7ED6E 388 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1177238915-1767777339-682003330-45302 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1177238915-1767777339-682003330-45302\146482325737612d5fbcd71839d49d49_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 50 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1177238915-1767777339-682003330-45302\5550e7cb640347345a345c63aa7a6848_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 59 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1177238915-1767777339-682003330-45302\6649e3916bcfabbcb1050711657ca58d_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 2482 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1177238915-1767777339-682003330-45302\6b29ae44e85efac3c72ff4d1865d73f1_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 53 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1177238915-1767777339-682003330-45302\83aa4cc77f591dfc2374580bbd95f6ba_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 45 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\6e35d4b9-85e4-4bae-bb9e-00fe34da8cbc 368 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\0b7659f5-fe03-4da1-9b65-e0d26ab4e2e1 368 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\3913c97e-82a7-4dcb-b4c2-956b6818782f 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\58b93740-d9bb-4da2-9f4a-478db7786f5c 368 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\613e3b2b-3c88-4a46-a8d9-203d27b67d4c 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\6720ad64-cb7b-4177-b532-0ecd73e6574b 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\6a9f39b7-f958-4534-b87d-80399b860e32 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\6db168c4-5751-4abf-aedf-6304db3157a6 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\8f123a61-3630-4616-958e-7e050fb5167a 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\916b3015-c5c7-42d8-b13e-b015a9cfa603 368 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\a1bddd43-24e1-4a5c-a3a2-f8fd6fe9a7f9 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\b247603b-ee47-4a28-b5d0-0be2330bfbab 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\be684121-f7ff-44a5-91b1-08da4bdfc257 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\BK-RICHMOND 864 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\c0a7f33e-913f-428f-b640-616411a350e6 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\d1f6a048-b7e9-4451-84b5-c7c7912ecbb6 368 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\e4a02f5a-c464-4dfa-9f44-7479da995ace 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\ef35acda-edc8-4079-be5f-d3af0965d48a 368 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\fcd8e579-7715-433d-8b09-d2fb1b651d99 740 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1177238915-1767777339-682003330-45302\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\980c209e-fdb0-4eb9-b714-7beda8be6437 388 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\EAF9417E-E856-40FE-8EF5-79808CE7ED6E 388 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\bl3xd\Application Data\Microsoft\SystemCertificates\Request\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\980c209e-fdb0-4eb9-b714-7beda8be6437 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\EAF9417E-E856-40FE-8EF5-79808CE7ED6E 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\kwiseman\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\980c209e-fdb0-4eb9-b714-7beda8be6437 388 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\EAF9417E-E856-40FE-8EF5-79808CE7ED6E 388 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\lawstudent\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_615196ca-bffa-41d5-b9d1-7d32ecd3bdc2 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\09f74987-f661-47cd-93f9-3babc370da5f 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\1fb6795f-48fd-4a4a-9ad6-e68d424ed5e7 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\450c38ac-f880-448d-a7c4-b2b6eccc4bad 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\4e4a4009-c9bb-4e80-a4a0-022dd3b0dfb1 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\4f4b1646-3044-4826-b900-6c7ec2482bc7 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\67c443ea-4bfe-491c-acfe-97bd1c4b8b19 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\67f1e5da-4f9e-4fd3-a16d-89fa41f54d39 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\6f76e7f8-7f8d-4d5d-9af8-4feda47d0803 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\75547324-1895-492c-a505-51eaf2583c8b 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\eaf9417e-e856-40fe-8ef5-79808ce7ed6e 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\TEMP 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\559a9ed6-5933-4cfa-bf16-3d46bc1b93dc 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1229918255-1630345338-3891192290-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\980c209e-fdb0-4eb9-b714-7beda8be6437 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\EAF9417E-E856-40FE-8EF5-79808CE7ED6E 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3769787863-1513688831-2775522246-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\f193bc69-56ff-4421-8e72-274604d0edc8 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-553161747-2240275774-3559072047-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\9cbf0e54-5d76-474e-9890-bea39d79664c 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-994746025-3374325068-638940644-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes

---- EOF - GMER 1.0.15 ----

#11 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 25 January 2012 - 08:49 PM

Download

TDSSkiller

Launch it Click on "Scan".Please post the LOG report


Run the aswmbr and post the log

Good luck

Edited by narenxp, 25 January 2012 - 08:53 PM.

#12 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 25 January 2012 - 10:27 PM

And Here is the ASWMBR log:

ë L NPú3À¼ fŽÐPPûü¿ ¾ |¹ ó¥P¿/WË» ¾¶ ¸º€ ͹ » ¾ ñè ë
³¾Aˆé€ è$ <tïèI <tèègèéé¾
ˆ±» èÌ Ã¾ è ¾#€< t < t°èÙÿ°ð ù N2À‹ÙŠ2Ââøù Q¸ ÷á ‹ðèàÿ^V¶Œã8ÁuYââ° ÃY°èšÿ°þ¶ ¸» |º€ Í‹óè®ÿ¾¶ ã/8Át+°èpÿ¾¯è”¾¶ €ÁQ¹€>è" Yâö¾A€<tèÿ ;¾ ¿¾}¹ ó¥ë ê | Päa$Šàäa$8àtøâôXÃ2í¸º€ ÍÃQN¶ 㸺€ Íë Yâêà ,Dc÷†í € ïÿÿ? ‘yN
ÁÿïÿÿÐyN
@ºª Uª

#13 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 25 January 2012 - 10:35 PM

This is the TDSS log. I'll run ASWMBR again:

22:33:32.0820 4116 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
22:33:33.0367 4116 ============================================================
22:33:33.0367 4116 Current date / time: 2012/01/25 22:33:33.0367
22:33:33.0367 4116 SystemInfo:
22:33:33.0367 4116
22:33:33.0367 4116 OS Version: 5.1.2600 ServicePack: 3.0
22:33:33.0367 4116 Product type: Workstation
22:33:33.0367 4116 ComputerName: LS-BL3XD
22:33:33.0367 4116 UserName: Administrator
22:33:33.0367 4116 Windows directory: C:\WINDOWS
22:33:33.0367 4116 System windows directory: C:\WINDOWS
22:33:33.0367 4116 Processor architecture: Intel x86
22:33:33.0367 4116 Number of processors: 2
22:33:33.0367 4116 Page size: 0x1000
22:33:33.0367 4116 Boot type: Normal boot
22:33:33.0367 4116 ============================================================
22:33:34.0101 4116 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:33:34.0164 4116 Initialize success
22:33:37.0492 4068 ============================================================
22:33:37.0492 4068 Scan started
22:33:37.0492 4068 Mode: Manual;
22:33:37.0492 4068 ============================================================
22:33:39.0023 4068 Abiosdsk - ok
22:33:39.0055 4068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:33:39.0164 4068 abp480n5 - ok
22:33:39.0211 4068 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
22:33:39.0226 4068 ac97intc - ok
22:33:39.0273 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:39.0289 4068 ACPI - ok
22:33:39.0336 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:33:39.0351 4068 ACPIEC - ok
22:33:39.0414 4068 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:33:39.0430 4068 ADIHdAudAddService - ok
22:33:39.0539 4068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:33:39.0617 4068 adpu160m - ok
22:33:39.0648 4068 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
22:33:39.0680 4068 AEAudioService - ok
22:33:39.0695 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:33:39.0711 4068 aec - ok
22:33:39.0773 4068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:33:39.0789 4068 AFD - ok
22:33:39.0851 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:33:39.0851 4068 agp440 - ok
22:33:39.0867 4068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:33:39.0883 4068 agpCPQ - ok
22:33:39.0914 4068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:33:40.0008 4068 Aha154x - ok
22:33:40.0101 4068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:33:40.0180 4068 aic78u2 - ok
22:33:40.0211 4068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:33:40.0320 4068 aic78xx - ok
22:33:40.0336 4068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:33:40.0367 4068 AliIde - ok
22:33:40.0383 4068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:33:40.0383 4068 alim1541 - ok
22:33:40.0398 4068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:33:40.0414 4068 amdagp - ok
22:33:40.0430 4068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:33:40.0445 4068 amsint - ok
22:33:40.0492 4068 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
22:33:40.0508 4068 ANC - ok
22:33:40.0601 4068 AR5416 (182cdb8234456b1a4413b88fdcc0a893) C:\WINDOWS\system32\DRIVERS\ar5416.sys
22:33:40.0930 4068 AR5416 - ok
22:33:41.0070 4068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:33:41.0164 4068 asc - ok
22:33:41.0180 4068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:33:41.0273 4068 asc3350p - ok
22:33:41.0289 4068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:33:41.0367 4068 asc3550 - ok
22:33:41.0398 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:41.0414 4068 AsyncMac - ok
22:33:41.0445 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:41.0445 4068 atapi - ok
22:33:41.0461 4068 Atdisk - ok
22:33:41.0648 4068 ati2mtag (5a13723fb8bfdd2090defb2d0cb98a27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:33:41.0836 4068 ati2mtag - ok
22:33:41.0961 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:41.0976 4068 Atmarpc - ok
22:33:42.0008 4068 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
22:33:42.0023 4068 atmeltpm - ok
22:33:42.0070 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:42.0070 4068 audstub - ok
22:33:42.0086 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:33:42.0101 4068 Beep - ok
22:33:42.0164 4068 btaudio (6b7d6ca0db38b36c1d95447757741d1a) C:\WINDOWS\system32\drivers\btaudio.sys
22:33:42.0273 4068 btaudio - ok
22:33:42.0664 4068 BTDriver (48e37289bae3d006d5583a661168ca00) C:\WINDOWS\system32\DRIVERS\btport.sys
22:33:42.0711 4068 BTDriver - ok
22:33:42.0789 4068 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:33:42.0836 4068 BTKRNL - ok
22:33:42.0976 4068 BTWDNDIS (8103112c1016ddc68dc292a083b02487) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:33:43.0008 4068 BTWDNDIS - ok
22:33:43.0039 4068 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
22:33:43.0164 4068 BTWUSB - ok
22:33:43.0242 4068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:33:43.0273 4068 cbidf - ok
22:33:43.0289 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:43.0289 4068 cbidf2k - ok
22:33:43.0320 4068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:33:43.0336 4068 CCDECODE - ok
22:33:43.0351 4068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:33:43.0430 4068 cd20xrnt - ok
22:33:43.0461 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:43.0461 4068 Cdaudio - ok
22:33:43.0523 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:43.0523 4068 Cdfs - ok
22:33:43.0633 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:43.0633 4068 Cdrom - ok
22:33:43.0648 4068 Changer - ok
22:33:43.0695 4068 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:33:43.0711 4068 CmBatt - ok
22:33:43.0742 4068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:33:43.0773 4068 CmdIde - ok
22:33:43.0789 4068 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:33:43.0805 4068 Compbatt - ok
22:33:43.0836 4068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:33:43.0883 4068 Cpqarray - ok
22:33:43.0898 4068 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:33:43.0930 4068 CVirtA - ok
22:33:43.0992 4068 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:33:44.0148 4068 CVPNDRVA - ok
22:33:44.0305 4068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:33:44.0430 4068 dac2w2k - ok
22:33:44.0476 4068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:33:44.0586 4068 dac960nt - ok
22:33:44.0633 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:44.0664 4068 Disk - ok
22:33:44.0711 4068 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:33:44.0805 4068 DLABOIOM - ok
22:33:44.0820 4068 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:33:44.0883 4068 DLACDBHM - ok
22:33:44.0914 4068 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:33:44.0945 4068 DLADResN - ok
22:33:44.0961 4068 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:33:44.0992 4068 DLAIFS_M - ok
22:33:45.0086 4068 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:33:45.0180 4068 DLAOPIOM - ok
22:33:45.0211 4068 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:33:45.0289 4068 DLAPoolM - ok
22:33:45.0320 4068 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:33:45.0414 4068 DLARTL_N - ok
22:33:45.0430 4068 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:33:45.0476 4068 DLAUDFAM - ok
22:33:45.0492 4068 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:33:45.0523 4068 DLAUDF_M - ok
22:33:45.0586 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:33:45.0617 4068 dmboot - ok
22:33:45.0711 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:33:45.0726 4068 dmio - ok
22:33:45.0773 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:33:45.0773 4068 dmload - ok
22:33:45.0820 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:33:45.0836 4068 DMusic - ok
22:33:45.0867 4068 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:33:45.0898 4068 DNE - ok
22:33:45.0898 4068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:33:45.0930 4068 dpti2o - ok
22:33:45.0945 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:45.0945 4068 drmkaud - ok
22:33:45.0976 4068 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:33:46.0023 4068 DRVMCDB - ok
22:33:46.0055 4068 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:33:46.0148 4068 DRVNDDM - ok
22:33:46.0289 4068 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:33:46.0289 4068 E100B - ok
22:33:46.0351 4068 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:33:46.0383 4068 e1express - ok
22:33:46.0430 4068 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
22:33:46.0461 4068 EGATHDRV - ok
22:33:46.0492 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:46.0492 4068 Fastfat - ok
22:33:46.0508 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:33:46.0523 4068 Fdc - ok
22:33:46.0555 4068 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
22:33:46.0601 4068 FilterService - ok
22:33:46.0648 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:33:46.0648 4068 Fips - ok
22:33:46.0758 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:33:46.0789 4068 Flpydisk - ok
22:33:46.0836 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:33:46.0836 4068 FltMgr - ok
22:33:46.0898 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:46.0898 4068 Fs_Rec - ok
22:33:46.0914 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:46.0945 4068 Ftdisk - ok
22:33:46.0992 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:33:47.0023 4068 GEARAspiWDM - ok
22:33:47.0055 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:47.0070 4068 Gpc - ok
22:33:47.0117 4068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:33:47.0117 4068 HDAudBus - ok
22:33:47.0258 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:47.0258 4068 HidUsb - ok
22:33:47.0273 4068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:33:47.0367 4068 hpn - ok
22:33:47.0414 4068 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:33:47.0445 4068 HSFHWAZL - ok
22:33:47.0492 4068 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:33:47.0555 4068 HSF_DPV - ok
22:33:47.0695 4068 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
22:33:47.0711 4068 HSXHWAZL - ok
22:33:47.0773 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:47.0773 4068 HTTP - ok
22:33:47.0867 4068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:33:47.0898 4068 i2omgmt - ok
22:33:47.0945 4068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:33:47.0976 4068 i2omp - ok
22:33:47.0992 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:48.0008 4068 i8042prt - ok
22:33:48.0086 4068 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:33:48.0133 4068 iaStor - ok
22:33:48.0258 4068 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
22:33:48.0273 4068 IBMPMDRV - ok
22:33:48.0305 4068 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
22:33:48.0336 4068 IBMTPCHK - ok
22:33:48.0367 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:48.0367 4068 Imapi - ok
22:33:48.0414 4068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:33:48.0508 4068 ini910u - ok
22:33:48.0539 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:33:48.0555 4068 IntelIde - ok
22:33:48.0586 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:33:48.0586 4068 intelppm - ok
22:33:48.0695 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:33:48.0711 4068 Ip6Fw - ok
22:33:48.0711 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:48.0726 4068 IpFilterDriver - ok
22:33:48.0758 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:48.0758 4068 IpInIp - ok
22:33:48.0789 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:48.0789 4068 IpNat - ok
22:33:48.0851 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:48.0851 4068 IPSec - ok
22:33:48.0867 4068 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
22:33:48.0883 4068 irda - ok
22:33:48.0898 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:48.0914 4068 IRENUM - ok
22:33:49.0023 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:49.0023 4068 isapnp - ok
22:33:49.0055 4068 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
22:33:49.0070 4068 Iviaspi - ok
22:33:49.0101 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:49.0101 4068 Kbdclass - ok
22:33:49.0148 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:49.0164 4068 kbdhid - ok
22:33:49.0211 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:33:49.0226 4068 kmixer - ok
22:33:49.0336 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:49.0351 4068 KSecDD - ok
22:33:49.0367 4068 lbrtfdc - ok
22:33:49.0414 4068 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
22:33:49.0461 4068 lvpopflt - ok
22:33:49.0508 4068 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:33:49.0508 4068 LVPr2Mon - ok
22:33:49.0539 4068 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
22:33:49.0930 4068 LVRS - ok
22:33:49.0992 4068 LVUVC (bfbbf371b4f87c202124728b6160fa8b) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:33:51.0008 4068 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\lvuvc.sys. Real md5: bfbbf371b4f87c202124728b6160fa8b, Fake md5: a240e42a7402e927a71b6e8aa4629b13
22:33:51.0039 4068 LVUVC ( ForgedFile.Multi.Generic ) - warning
22:33:51.0039 4068 LVUVC - detected ForgedFile.Multi.Generic (1)
22:33:51.0180 4068 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:33:51.0195 4068 mdmxsdk - ok
22:33:51.0242 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:51.0242 4068 mnmdd - ok
22:33:51.0289 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:33:51.0305 4068 Modem - ok
22:33:51.0336 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:51.0336 4068 Mouclass - ok
22:33:51.0383 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:51.0383 4068 mouhid - ok
22:33:51.0414 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:51.0414 4068 MountMgr - ok
22:33:51.0430 4068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:33:51.0477 4068 mraid35x - ok
22:33:51.0570 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:51.0570 4068 MRxDAV - ok
22:33:51.0648 4068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:51.0680 4068 MRxSmb - ok
22:33:51.0742 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:33:51.0742 4068 Msfs - ok
22:33:51.0758 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:51.0758 4068 MSKSSRV - ok
22:33:51.0773 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:51.0805 4068 MSPCLOCK - ok
22:33:51.0805 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:51.0836 4068 MSPQM - ok
22:33:51.0898 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:51.0914 4068 mssmbios - ok
22:33:51.0961 4068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:33:51.0977 4068 MSTEE - ok
22:33:52.0008 4068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:33:52.0023 4068 Mup - ok
22:33:52.0133 4068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:33:52.0148 4068 NABTSFEC - ok
22:33:52.0195 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:33:52.0195 4068 NDIS - ok
22:33:52.0211 4068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:33:52.0227 4068 NdisIP - ok
22:33:52.0273 4068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:52.0289 4068 NdisTapi - ok
22:33:52.0336 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:52.0336 4068 Ndisuio - ok
22:33:52.0352 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:52.0367 4068 NdisWan - ok
22:33:52.0492 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:52.0492 4068 NDProxy - ok
22:33:52.0570 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:52.0570 4068 NetBIOS - ok
22:33:52.0602 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:52.0602 4068 NetBT - ok
22:33:52.0633 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:33:52.0633 4068 Npfs - ok
22:33:52.0664 4068 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
22:33:52.0680 4068 NSCIRDA - ok
22:33:52.0727 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:52.0742 4068 Ntfs - ok
22:33:52.0883 4068 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:33:52.0898 4068 NuidFltr - ok
22:33:52.0945 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:33:52.0945 4068 Null - ok
22:33:53.0055 4068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:33:53.0148 4068 nv - ok
22:33:53.0258 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:53.0320 4068 NwlnkFlt - ok
22:33:53.0336 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:53.0430 4068 NwlnkFwd - ok
22:33:53.0461 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:33:53.0461 4068 Parport - ok
22:33:53.0492 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:53.0508 4068 PartMgr - ok
22:33:53.0523 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:53.0539 4068 ParVdm - ok
22:33:53.0570 4068 PcdrNdisuio (20230469c200d9da0059e0fcd555cc86) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
22:33:53.0570 4068 PcdrNdisuio - ok
22:33:53.0602 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:53.0602 4068 PCI - ok
22:33:53.0617 4068 PCIDump - ok
22:33:53.0664 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:33:53.0664 4068 PCIIde - ok
22:33:53.0773 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:33:53.0789 4068 Pcmcia - ok
22:33:53.0805 4068 PDCOMP - ok
22:33:53.0820 4068 PDFRAME - ok
22:33:53.0820 4068 PDRELI - ok
22:33:53.0836 4068 PDRFRAME - ok
22:33:53.0883 4068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:33:53.0945 4068 perc2 - ok
22:33:53.0977 4068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:33:53.0992 4068 perc2hib - ok
22:33:54.0039 4068 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
22:33:54.0070 4068 pmem - ok
22:33:54.0102 4068 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
22:33:54.0133 4068 Point32 - ok
22:33:54.0180 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:33:54.0180 4068 PptpMiniport - ok
22:33:54.0305 4068 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
22:33:54.0336 4068 PrivateDisk - ok
22:33:54.0461 4068 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
22:33:54.0508 4068 PROCDD - ok
22:33:54.0648 4068 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:33:54.0664 4068 Processor - ok
22:33:54.0711 4068 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
22:33:54.0727 4068 psadd - ok
22:33:54.0773 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:33:54.0773 4068 PSched - ok
22:33:54.0820 4068 PTDUBus (dbaf8a53d7669efb4742896b458181d0) C:\WINDOWS\system32\DRIVERS\PTDUBus.sys
22:33:55.0008 4068 PTDUBus - ok
22:33:55.0102 4068 PTDUMdm (fa4e2a5cf478624d3154fb045fb2d076) C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys
22:33:55.0414 4068 PTDUMdm - ok
22:33:55.0492 4068 PTDUVsp (9c489b38ca13f251289004fe4f8631dd) C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys
22:33:55.0820 4068 PTDUVsp - ok
22:33:56.0086 4068 PTDUWFLT (37a75ac00d26364a5ea2050a6f85c2d0) C:\WINDOWS\system32\DRIVERS\PTDUWFLT.sys
22:33:56.0133 4068 PTDUWFLT - ok
22:33:56.0195 4068 PTDUWWAN (f4a789a94ff74a47eb321be4465259d0) C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys
22:33:56.0211 4068 PTDUWWAN - ok
22:33:56.0258 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:33:56.0258 4068 Ptilink - ok
22:33:56.0383 4068 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:33:56.0477 4068 PxHelp20 - ok
22:33:56.0508 4068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:33:56.0586 4068 ql1080 - ok
22:33:56.0602 4068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:33:56.0680 4068 Ql10wnt - ok
22:33:56.0711 4068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:33:56.0758 4068 ql12160 - ok
22:33:56.0789 4068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:33:56.0836 4068 ql1240 - ok
22:33:56.0852 4068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:33:56.0898 4068 ql1280 - ok
22:33:56.0930 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:33:56.0930 4068 RasAcd - ok
22:33:56.0977 4068 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:33:56.0992 4068 Rasirda - ok
22:33:57.0102 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:33:57.0117 4068 Rasl2tp - ok
22:33:57.0148 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:33:57.0148 4068 RasPppoe - ok
22:33:57.0211 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:33:57.0211 4068 Raspti - ok
22:33:57.0227 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:33:57.0242 4068 Rdbss - ok
22:33:57.0258 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:33:57.0258 4068 RDPCDD - ok
22:33:57.0305 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:33:57.0367 4068 rdpdr - ok
22:33:57.0492 4068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:33:57.0508 4068 RDPWD - ok
22:33:57.0539 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:33:57.0555 4068 redbook - ok
22:33:57.0617 4068 SAVOnAccessControl (4f5b28e160e3037d373b863b3b714206) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
22:33:57.0633 4068 SAVOnAccessControl - ok
22:33:57.0695 4068 SAVOnAccessFilter (7ea62c66bbc7c52bac9f6cac9ddc7ff3) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
22:33:57.0695 4068 SAVOnAccessFilter - ok
22:33:57.0758 4068 sdcfilter (4f21774e1259a546b992d9eaacdfd778) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
22:33:57.0836 4068 sdcfilter - ok
22:33:57.0945 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:33:57.0961 4068 Secdrv - ok
22:33:57.0992 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:33:58.0008 4068 serenum - ok
22:33:58.0039 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:33:58.0055 4068 Serial - ok
22:33:58.0070 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:33:58.0086 4068 Sfloppy - ok
22:33:58.0117 4068 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
22:33:58.0148 4068 ShockMgr - ok
22:33:58.0180 4068 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
22:33:58.0211 4068 Shockprf - ok
22:33:58.0227 4068 Simbad - ok
22:33:58.0258 4068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:33:58.0273 4068 sisagp - ok
22:33:58.0414 4068 SKMScan (e407a8eea2fd4bf560c05c0ebf1793b3) C:\WINDOWS\system32\DRIVERS\skmscan.sys
22:33:58.0430 4068 SKMScan - ok
22:33:58.0477 4068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:33:58.0492 4068 SLIP - ok
22:33:58.0539 4068 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
22:33:58.0633 4068 Smapint - ok
22:33:58.0711 4068 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
22:33:58.0742 4068 smi2 - ok
22:33:58.0805 4068 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
22:33:58.0852 4068 smihlp - ok
22:33:58.0930 4068 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
22:33:58.0977 4068 SMSIVZAM5 - ok
22:33:59.0117 4068 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
22:33:59.0117 4068 SophosBootDriver - ok
22:33:59.0164 4068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:33:59.0195 4068 Sparrow - ok
22:33:59.0242 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:33:59.0242 4068 splitter - ok
22:33:59.0320 4068 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
22:33:59.0320 4068 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
22:33:59.0320 4068 sptd ( LockedFile.Multi.Generic ) - warning
22:33:59.0320 4068 sptd - detected LockedFile.Multi.Generic (1)
22:33:59.0430 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:33:59.0430 4068 sr - ok
22:33:59.0477 4068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:33:59.0492 4068 Srv - ok
22:33:59.0523 4068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:33:59.0555 4068 streamip - ok
22:33:59.0602 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:33:59.0602 4068 swenum - ok
22:33:59.0680 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:33:59.0711 4068 swmidi - ok
22:33:59.0758 4068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:33:59.0852 4068 symc810 - ok
22:33:59.0898 4068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:33:59.0992 4068 symc8xx - ok
22:34:00.0086 4068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:34:00.0195 4068 sym_hi - ok
22:34:00.0227 4068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:34:00.0320 4068 sym_u3 - ok
22:34:00.0367 4068 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:34:00.0383 4068 SynTP - ok
22:34:00.0445 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:34:00.0461 4068 sysaudio - ok
22:34:00.0523 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:34:00.0539 4068 Tcpip - ok
22:34:00.0680 4068 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
22:34:00.0773 4068 TcUsb - ok
22:34:00.0789 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:34:00.0805 4068 TDPIPE - ok
22:34:00.0852 4068 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
22:34:00.0883 4068 TDSMAPI - ok
22:34:00.0930 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:34:00.0930 4068 TDTCP - ok
22:34:00.0961 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:34:00.0961 4068 TermDD - ok
22:34:01.0008 4068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:34:01.0023 4068 TosIde - ok
22:34:01.0133 4068 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
22:34:01.0211 4068 TPHKDRV - ok
22:34:01.0242 4068 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
22:34:01.0273 4068 TPPWRIF - ok
22:34:01.0305 4068 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
22:34:01.0477 4068 TSMAPIP - ok
22:34:01.0555 4068 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
22:34:01.0586 4068 tvtfilter - ok
22:34:01.0648 4068 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
22:34:01.0680 4068 TVTPktFilter - ok
22:34:01.0695 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:34:01.0727 4068 Udfs - ok
22:34:01.0852 4068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:34:01.0930 4068 ultra - ok
22:34:01.0992 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:34:01.0992 4068 Update - ok
22:34:02.0117 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:34:02.0117 4068 usbaudio - ok
22:34:02.0164 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:34:02.0164 4068 usbccgp - ok
22:34:02.0211 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:34:02.0211 4068 usbehci - ok
22:34:02.0258 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:34:02.0258 4068 usbhub - ok
22:34:02.0289 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:34:02.0352 4068 usbprint - ok
22:34:02.0367 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:34:02.0398 4068 usbscan - ok
22:34:02.0492 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:34:02.0492 4068 USBSTOR - ok
22:34:02.0555 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:34:02.0555 4068 usbuhci - ok
22:34:02.0617 4068 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:34:02.0648 4068 usbvideo - ok
22:34:02.0742 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:34:02.0742 4068 VgaSave - ok
22:34:02.0820 4068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:34:02.0836 4068 viaagp - ok
22:34:02.0898 4068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:34:02.0914 4068 ViaIde - ok
22:34:02.0977 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:34:02.0977 4068 VolSnap - ok
22:34:03.0039 4068 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
22:34:03.0336 4068 vsdatant - ok
22:34:03.0445 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:34:03.0445 4068 Wanarp - ok
22:34:03.0477 4068 wbwuxthtrplctfnm - ok
22:34:03.0523 4068 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:34:03.0555 4068 Wdf01000 - ok
22:34:03.0570 4068 WDICA - ok
22:34:03.0602 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:34:03.0602 4068 wdmaud - ok
22:34:03.0695 4068 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:34:03.0742 4068 winachsf - ok
22:34:03.0883 4068 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\WINDOWS\system32\DRIVERS\wsimd.sys
22:34:03.0914 4068 WSIMD - ok
22:34:03.0930 4068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:34:03.0961 4068 WSTCODEC - ok
22:34:03.0992 4068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:34:04.0039 4068 WudfPf - ok
22:34:04.0070 4068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:34:04.0102 4068 WudfRd - ok
22:34:04.0133 4068 MBR (0x1B8) (ba43154c150b5e8e79ec0f1a16c1546c) \Device\Harddisk0\DR0
22:34:04.0164 4068 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
22:34:04.0164 4068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
22:34:04.0164 4068 Boot (0x1200) (fccb52bedb08622d8d9013f9b8d5aa38) \Device\Harddisk0\DR0\Partition0
22:34:04.0164 4068 \Device\Harddisk0\DR0\Partition0 - ok
22:34:04.0164 4068 ============================================================
22:34:04.0164 4068 Scan finished
22:34:04.0164 4068 ============================================================
22:34:04.0180 4996 Detected object count: 3
22:34:04.0180 4996 Actual detected object count: 3
22:34:25.0399 4996 LVUVC ( ForgedFile.Multi.Generic ) - skipped by user
22:34:25.0399 4996 LVUVC ( ForgedFile.Multi.Generic ) - User select action: Skip
22:34:25.0399 4996 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:34:25.0399 4996 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:34:25.0492 4996 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
22:34:25.0508 4996 \Device\Harddisk0\DR0 - ok
22:34:25.0508 4996 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

#14 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 26 January 2012 - 12:04 AM

:thumbup2:

#15 Gollios

Gollios

    New Member

  • Members
  • Pip
  • 12 posts

Posted 26 January 2012 - 09:37 PM

The rootkit is gone . . . thanks so much for your help! One more question . . . you mentioned that my temp folder may be hidden under another user. Any idea how to tell which it is? And once I find it, should move file work to get it back where it belongs? I'll work some more on finding it and post results later.

Also, many of the program files in the start menu have 'empty' listed. I think for most of them I'll be able to manually start them by finding the folder on the C drive, and for anything that's essential I can always create a shortcut, but after wrestling with this laptop I'd like to get it where it should be (plus I'm learning a lot).

In any case, I can do what I need to do logged in as Administrator, and everything else I can figure out over time. Thanks so much for your help. Great site!
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·