Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links being redirected


  • This topic is locked This topic is locked
3 replies to this topic

#1 dkomo

dkomo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 11 November 2010 - 05:52 AM

My google links are being redirected, and occasionally I get a pop-up that says I have an infection and it needs to be corrected.

I tried to install the DDS thing, but I can't seem to get it to run. My computer thinks it is a drawing script and when it runs a notepad pops-up instead of the program doing anything.

I was able to run the GMER program and that log is attached.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 05:47:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 HITACHI_ rev.FBEZ
Running: gmer.exe; Driver: C:\DOCUME~1\dkomorek\LOCALS~1\Temp\kfliapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0x98A43CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0x98A43BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0x98A44160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0x98A4408A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x98A43782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0x98A43C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x98A436C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x98A43726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0x98A43DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x98A4422E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0x98A43D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0x98A43EE6]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x98B07620]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x98A50BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x98A509D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x98A50B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP 98A50B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP 98A509D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP 98A4C5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP 98A4DFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP 98A50BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.rsrc C:\WINDOWS\system32\DRIVERS\imapi.sys entry point in ".rsrc" section [0xB94B6314]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe[624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\plugin-container.exe[1524] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1832] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE[3504] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F8F621 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 89EE7AEA
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 89EE7AEA

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat 9655DD20

AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHITACHI_HTS543225L9SA00_________________FBEZC4EC#4&1a5db773&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 488396912 (+254): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 100583 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 61440 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\usersids.dat 19760 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-500\6b29ae44e85efac3c72ff4d1865d73f1_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 53 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-500\83aa4cc77f591dfc2374580bbd95f6ba_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 45 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-352849584-356719398-3208308298-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-352849584-356719398-3208308298-500(2)\6b29ae44e85efac3c72ff4d1865d73f1_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 53 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-352849584-356719398-3208308298-500(2)\83aa4cc77f591dfc2374580bbd95f6ba_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 45 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-500\2cf180d9-70a6-46cc-a3bc-7117689c0158 664 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-500\a98d042b-3f37-4feb-9a5d-cc0258bd61d6 664 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-500\c6cfa36c-81ac-4e14-8ca1-dd8024f5213d 664 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-500(2)\2cf180d9-70a6-46cc-a3bc-7117689c0158 664 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-500(2)\a98d042b-3f37-4feb-9a5d-cc0258bd61d6 664 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-500(2)\c6cfa36c-81ac-4e14-8ca1-dd8024f5213d 664 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\administrator.DEXNET\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2) 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\6b29ae44e85efac3c72ff4d1865d73f1_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\d42cc0c3858a58db2db37658219e6400_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 893 bytes
File C:\RRbackups\Documents and Settings\Dave 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Dave\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-1241 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-1241\6b29ae44e85efac3c72ff4d1865d73f1_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 53 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-1241\83aa4cc77f591dfc2374580bbd95f6ba_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 45 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-352849584-356719398-3208308298-1241(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\6b29ae44e85efac3c72ff4d1865d73f1_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 53 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\83aa4cc77f591dfc2374580bbd95f6ba_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 45 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-1990082463-3616683309-1847877385-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1241 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1241\23677354-2218-4b5c-aa10-fc21503ad611 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1241\3b44f910-9ad9-40ac-ad3e-9dbec48134d5 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1241\824036fd-c24d-4e52-b26c-2bbd231f6d47 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1241\d21c75a3-be0b-465c-b4ef-5d22716af865 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1241\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-639616942-766176866-3058087902-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect\S-1-5-21-74213590-1558790973-3043615816-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\4dbaed9a-1fb3-4785-8996-4b2784f15229 388 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-1990082463-3616683309-1847877385-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-1241(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\23677354-2218-4b5c-aa10-fc21503ad611 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\3b44f910-9ad9-40ac-ad3e-9dbec48134d5 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\824036fd-c24d-4e52-b26c-2bbd231f6d47 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\d21c75a3-be0b-465c-b4ef-5d22716af865 664 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-352849584-356719398-3208308298-1241(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\be4d6dc6-b00f-4b13-82ed-e78a48fd4a7d 388 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-639616942-766176866-3058087902-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\ca9c8312-3d39-4025-9c6d-ce53a5de1d54 388 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\Protect(2)\S-1-5-21-74213590-1558790973-3043615816-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\dkomorek\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2068150246-2403178648-3508596360-2239 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2068150246-2403178648-3508596360-2239\3fb48e2efb61e4ab4e0e9d717dc6b113_10a7c025-ee55-4bf1-a33a-faa4ee2442da 48 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-1165 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Crypto\RSA\S-1-5-21-352849584-356719398-3208308298-1165\3fb48e2efb61e4ab4e0e9d717dc6b113_58592319-42d7-4521-b570-7deab0c8705e 48 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-1627391984-2110065877-349918736-500 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-1627391984-2110065877-349918736-500\d69778d1-b309-41bc-93cb-7b8932c3e3a1 388 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-1627391984-2110065877-349918736-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\1fc2061a-3688-4d73-8fcb-3ac3ccea78a2 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\3ea628cb-f625-48e9-8ece-ce3dce76b536 648 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\4cc9ef6c-0d05-4284-928f-976715cf44e4 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\4dde3b5a-12cb-4934-8b15-9675e66e726f 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\83b9b1d9-17cf-4545-8efd-afe8d592dfad 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\b2b22266-2ca7-4412-bafa-4fd212bf6178 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\b3a3f5c8-0542-45a4-90bd-1cafd7475599 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\b3b79491-a677-49f0-ad76-de9973778206 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\b5ef79a4-b225-4f2c-b31d-cfd8a2e38cd7 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\BK-DEXNET 860 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\c1374c40-833a-4892-be7f-9bec51b6ebe8 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\c947eab9-c579-49c5-86e1-3a30b069c9d5 740 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-2068150246-2403178648-3508596360-2239\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165\05f99db6-00a0-431f-927d-c6c8a175f053 664 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165\1fce3155-a3a8-4136-ad80-efb312f60c46 664 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165\5f59c734-52ad-4e97-a828-7557107b2f88 664 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165\6dc3a8df-ab06-4c50-8e33-7ac1061bbbec 664 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165\72c25410-d2f3-42b2-bb19-255ed9386936 664 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\Protect\S-1-5-21-352849584-356719398-3208308298-1165\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\jgalvan\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-20(2) 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-20(2)\94498385663a229a93d423c6d144ae0b_35e46a66-d5dc-40dd-ac0b-7b4832a6440a 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\12efca50-dda6-4934-a82b-6656965f3353 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\49263cf2-0906-4d65-9b48-dd9424d8a3f8 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2) 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2)\12efca50-dda6-4934-a82b-6656965f3353 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2)\49263cf2-0906-4d65-9b48-dd9424d8a3f8 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 16680 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 786432 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\WINDOWS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 124928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 29622272 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 5505024 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 147968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouhid.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 455680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 357248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 144128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 974848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 714752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2146304 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1288192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 163328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1852800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 832512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 10512 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1724416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
File C:\WINDOWS\system32\DRIVERS\imapi.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Thank you

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:29 PM

Posted 11 November 2010 - 03:26 PM

Good evening. :)

Right click DDS and change the file extension to .exe and see if it will run then.

So long, and thanks for all the fish.

 

 


#3 dkomo

dkomo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 12 November 2010 - 06:14 AM

Thank you for the DDS help here is the log -


DDS (Ver_10-11-10.01) - NTFSx86
Run by Dkomorek at 6:09:29.06 on Fri 11/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dkomorek\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\fdfgs.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\dkomorek\startm~1\programs\startup\pandora.lnk - c:\program files\pandora\Pandora.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 10.254.15.9 s10b5b8c.dextech.net
Hosts: 10.254.15.10 dextech1.dextech.net
Hosts: 10.254.15.68 dexnetsvr01.dextech.net
Hosts: 74.125.113.121 mail.dextech.net

============= SERVICES / DRIVERS ===============


=============== File Associations ===============

.scr=ft000001

=============== Created Last 30 ================

2010-11-10 12:27:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-08 09:04:37 4958 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-05 12:08:52 -------- d-----w- c:\docume~1\dkomorek\applic~1\SUPERAntiSpyware.com
2010-11-05 12:08:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-05 12:07:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-05 10:31:40 -------- d-----w- c:\docume~1\dkomorek\applic~1\Malwarebytes
2010-11-04 16:22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 16:22:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-01 09:13:16 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-01 09:13:15 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-01 09:13:15 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-01 09:13:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-01 09:07:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-01 09:07:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-01 09:05:08 -------- d-----w- c:\program files\JRE
2010-11-01 08:54:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-01 08:54:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-01 08:12:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-01 08:02:09 38848 ----a-w- c:\windows\avastSS.scr
2010-11-01 08:01:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-01 07:55:46 0 ----a-w- c:\windows\Ohekoqusiwojiye.bin
2010-11-01 07:55:45 -------- d-----w- c:\docume~1\dkomorek\locals~1\applic~1\{35BBF869-6F3F-4A52-B464-64A3338F3AD4}
2010-10-27 03:49:00 380928 ----a-w- c:\windows\system32\ac3filter.acm
2010-10-27 03:48:58 -------- d-----w- c:\program files\AC3Filter

==================== Find3M ====================

2010-11-11 13:27:39 90112 ----a-w- c:\windows\system32\p2mpi01.dll
2010-10-29 09:44:59 205312 ----a-w- c:\windows\aziyanamisuno.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HITACHI_ rev.FBEZ -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89D52EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8530b872; SUB DWORD [EBP-0x4], 0x8530b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA41678]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A068030]
[0x89E3DB10] -> IRP_MJ_CREATE -> 0x89D52EC5
kernel: MBR read successfully
_asm { JMP 0x10; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHITACHI_HTS543225L9SA00_________________FBEZC4EC#4&1a5db773&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x89D52AEA
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 6:11:48.09 ===============

Thank you for the response.

#4 dkomo

dkomo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 12 November 2010 - 08:18 AM

I noticed at the end of the log there was a line that said possible TDL3 rootkit infection, so I did a search for what the heck that meant and found another article on the website - http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

This summed up exactly what was happening with me. I followed the instructions and used the TDSS killer, and my computer seems all good. You can close this thread if you'd like. I should be all set now.

Thanks a lot for the help you guys do. Working for free on peoples computers undoing the work of people and / or businesses that try to make money off this malware is a great service.

Dave K.
Ann Arbor, MI




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users