Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Empty start menu, windows explorer, no desktop icons, etc etc


  • Please log in to reply
17 replies to this topic

#1 Angela12345

Angela12345

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 28 August 2011 - 04:06 PM

My husband's computer ... No programs show in the start menu, nothing in windows explorer, no desktop icons, etc etc. I was able to attach a file to an email before the computer was off by typing in the name of the file when I browsed (there was nothing listed in the browse). Also, I can start Internet explorer from the 'Run' command prompt. So I think everything is still on the computer, it's just hidden.

I have a screen shot of some of the popups he was getting but cannot figure out how to upload it. They say the following ...
1. Hard drive failure
The system has detected a failure with one or more Installed IDE / SATA hard disks. It is recommended that you restart the system.

2. Windows - delayed write filed
Windows was unable to save all the data for the file \\system32\\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

3. Critical hard disk drive error
Windows XP Repair detected a Bad sector on your hard disk drive. This error may cause the following problems :
- data corruption and loss
- Hard drive inaccessibility
- system errors and failures
It is strongly recommended that you fix the detected problem immediately. Please run a full system scan and fix errors.

4. Windows XP Repair
PC performance & stability analysis report
11 errors detected
(this is waaaaaaay too long to type out on an iPad!!)

He does have adaware, spybot, maybe others, but I do not know the command prompts for them. Also, I do not know the command prompt to run the program to connect to the Internet (on thinkpad, it is ThinkVantage Access Connections). So if I need to download something to fix it, I am not sure if I can figure out how to get it onto his computer.

I hope someone can help me fix his computer!! I had just gotten onto his laptop because the fan went out in mine literally right before and I cannot boot it. I am having to order a new fan. Talk about bad luck. Am on the iPad right now. Ugh

BTW, how do I change the title of my thread ? I would like to include 'Windows XP Repair' as the subtitle.

Edited by Angela12345, 28 August 2011 - 05:10 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 28 August 2011 - 06:11 PM

Start with following these instructions: http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-recovery

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 29 August 2011 - 07:14 AM

Thank you for an incredibly quick response.

Have run RKill (worked perfectly) and TDSSKiller (was clean-nothing found). Running Malwarebytes now.

Internet automatically connected on startup, so that was not a problem. I was able to go to bleeping computer from the ipad and instant message the links to the programs from the iPad to his computer, so I didn't even have to worry about using the Run command prompt to access Internet explorer. Plus could leave instructions on iPad screen instead of having to print them out.

Just wanted to give you an update so you would know I am working on it. Thanks !!!

Edited by Angela12345, 29 August 2011 - 07:21 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 29 August 2011 - 10:34 AM

Cool. Post Malwarebytes log when done.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 29 August 2011 - 12:30 PM

Sorry for the delay responding ...

The log for Malwarebytes seems very short (see below). I did step 18 Unhide program and that seemed to work. I don't know for sure, because I don't know how many programs he had on the left side when you click start button. 'All Programs' from start button seems to show everything. Desktop icons look like they are all there and Windows Explorer shows files. Have done step 19 restored the desktop so it is no longer a blank screen.

I have tried to do step 20 the Secunia Personal Software Inspector. It is loaded on the computer, but when I click on it, it looks like it is starting to come up for a moment but then goes away. I have not been able to complete this step.

Also, every time I tried to come into this thread from IE, it makes that window of IE crash. I am able to view it in Firefox. I am able to access other websites from IE without it crashing.

Adobe Reader 8.1.3 is asking me to install the update. This is ok ?

-----------------------------------------

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7604

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/29/2011 8:49:52 AM
mbam-log-2011-08-29 (08-49-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 258275
Time elapsed: 44 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCPnpjMsSrIRBiL (Trojan.FakeAlert) -> Value: HCPnpjMsSrIRBiL -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\hcpnpjmssrirbil.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\17817380.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Edited by Angela12345, 29 August 2011 - 12:31 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 29 August 2011 - 07:36 PM

All good news :)

Adobe Reader 8.1.3 is asking me to install the update. This is ok ?

Yes.

Any current issues?

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 30 August 2011 - 10:18 PM

Was super clean. Although IE is still crashing when I come into this thread.

Now his computer is getting "Windows Genuine Advantage Notifications - Installation Wizard". This is ok ? He has had this computer for about 2 years, so weird he is getting this now if it is real.

-----------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2011 at 09:20 PM

Application Version : 5.0.1118

Core Rules Database Version : 7623
Trace Rules Database Version: 5435

Scan type : Complete Scan
Total Scan Time : 00:40:23

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 282
Memory threats detected : 0
Registry items scanned : 36223
Registry threats detected : 0
File items scanned : 84581
File threats detected : 0

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 30 August 2011 - 10:25 PM

Now his computer is getting "Windows Genuine Advantage Notifications - Installation Wizard". This is ok ?

Yes. Run it.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 30 August 2011 - 11:17 PM

Here are the first two. I cannot run the last one yet, but will post a little later.


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Antivirus
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
MVPS Hosts File
Malwarebytes' Anti-Malware
Java™ 6 Update 15
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.20)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Alwil Software Avast4 aswUpdSv.exe
``````````End of Log````````````


-----------------------------------------


MiniToolBox by Farbar
Ran by Art (administrator) on 31-08-2011 at 00:09:31
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14769 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

Error obtaining configuration for interface Local Area Connection.

Error obtaining configuration for interface Wireless Network Connection.



popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ARTHOME

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : earthlink.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-23-54-70-A3-A3



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : earthlink.net

Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-22-FA-43-D8-4C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.114

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 207.69.188.186

207.69.188.187

Lease Obtained. . . . . . . . . . : Tuesday, August 30, 2011 9:27:39 PM

Lease Expires . . . . . . . . . . : Wednesday, August 31, 2011 9:27:39 PM

Server: ns2.mindspring.com
Address: 207.69.188.186

Name: google.com
Addresses: 74.125.113.147, 74.125.113.105, 74.125.113.99, 74.125.113.103
74.125.113.104, 74.125.113.106



Pinging google.com [74.125.113.106] with 32 bytes of data:



Reply from 74.125.113.106: bytes=32 time=100ms TTL=53

Reply from 74.125.113.106: bytes=32 time=123ms TTL=53



Ping statistics for 74.125.113.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 100ms, Maximum = 123ms, Average = 111ms

Server: ns2.mindspring.com
Address: 207.69.188.186

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=100ms TTL=55

Reply from 69.147.125.65: bytes=32 time=122ms TTL=55



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 100ms, Maximum = 122ms, Average = 111ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 54 70 a3 a3 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 22 fa 43 d8 4c ...... Intel® WiFi Link 5100 AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.114 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.114 192.168.1.114 20
192.168.1.0 255.255.255.0 192.168.1.114 192.168.1.114 25
192.168.1.114 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.114 192.168.1.114 25
224.0.0.0 240.0.0.0 192.168.1.114 192.168.1.114 25
255.255.255.255 255.255.255.255 192.168.1.114 2 1
255.255.255.255 255.255.255.255 192.168.1.114 192.168.1.114 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2011 09:28:53 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.17099, faulting module mshtml.dll, version 7.0.6000.17102, fault address 0x00312241.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/30/2011 00:05:19 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.17099, faulting module mshtml.dll, version 7.0.6000.17102, fault address 0x00312241.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/30/2011 11:16:50 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application excel.exe, version 10.0.2614.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0001b1ff.

Error: (08/30/2011 11:16:18 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application excel.exe, version 10.0.2614.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0001b1ff.

Error: (08/30/2011 11:15:48 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application excel.exe, version 10.0.2614.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0001b1ff.

Error: (08/30/2011 11:15:22 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application excel.exe, version 10.0.2614.0, faulting module mso.dll, version 10.0.2625.0, fault address 0x0001b1ff.

Error: (08/29/2011 07:54:12 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2011 07:54:12 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/28/2011 03:32:09 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 0.0.0.0, faulting module chrome.dll, version 13.0.782.215, fault address 0x0001fc5f.
Processing media-specific event for [chrome.exe!ws!]

Error: (08/28/2011 03:30:50 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 0.0.0.0, faulting module chrome.dll, version 13.0.782.215, fault address 0x0001fc5f.
Processing media-specific event for [chrome.exe!ws!]


System errors:
=============
Error: (06/10/2011 09:16:53 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (06/10/2011 09:16:53 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
%%1053

Error: (06/10/2011 09:16:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.

Error: (06/09/2011 11:26:40 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (06/09/2011 11:26:40 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/09/2011 11:25:38 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (06/09/2011 11:25:38 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/09/2011 11:24:32 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0022FA43D84C. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (06/09/2011 11:20:53 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0022FA43D84C. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (06/09/2011 11:19:08 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (08/30/2011 09:28:53 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.17099mshtml.dll7.0.6000.1710200312241

Error: (08/30/2011 00:05:19 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.17099mshtml.dll7.0.6000.1710200312241

Error: (08/30/2011 11:16:50 AM) (Source: Microsoft Office 10)(User: )
Description: excel.exe10.0.2614.0mso.dll10.0.2625.00001b1ff

Error: (08/30/2011 11:16:18 AM) (Source: Microsoft Office 10)(User: )
Description: excel.exe10.0.2614.0mso.dll10.0.2625.00001b1ff

Error: (08/30/2011 11:15:48 AM) (Source: Microsoft Office 10)(User: )
Description: excel.exe10.0.2614.0mso.dll10.0.2625.00001b1ff

Error: (08/30/2011 11:15:22 AM) (Source: Microsoft Office 10)(User: )
Description: excel.exe10.0.2614.0mso.dll10.0.2625.00001b1ff

Error: (08/29/2011 07:54:12 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2011 07:54:12 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/28/2011 03:32:09 PM) (Source: Application Error)(User: )
Description: chrome.exe0.0.0.0chrome.dll13.0.782.2150001fc5f

Error: (08/28/2011 03:30:50 PM) (Source: Application Error)(User: )
Description: chrome.exe0.0.0.0chrome.dll13.0.782.2150001fc5f


=========================== Installed Programs ============================

(Version: 1.0.4.0)
3D Home Architect Deluxe
Access Help (Version: 2.11)
Ad-Aware (Version: 9.5.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Reader 8.1.2 (Version: 8.1.2)
AIM 7
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
avast! Antivirus (Version: 4.8)
Bonjour (Version: 2.0.5.0)
Client Security - Password Manager (Version: 8.20.0023.00)
Conexant HD Audio (Version: 3.54.0.0)
DirectXInstallService (Version: 9.0.2)
Download Updater (AOL LLC)
Drag-to-Disc (Version: 9.05)
Google Chrome (Version: 13.0.782.218)
Google Update Helper (Version: 1.3.21.65)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.50)
Help Center (Version: 2.00h)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 12.01.1000)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1243)
iTunes (Version: 10.2.2.14)
J2SE Runtime Environment 5.0 Update 16 (Version: 1.5.0.160)
Java™ 6 Update 15 (Version: 6.0.150)
Lenovo Care (Version: 3.00b)
Lenovo Care Supplement (Version: 3.00b)
Lenovo Registration
Lenovo_ATK_Package (Version: 0.00.04.0)
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English (Version: 9.8.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Message Center (Version: 2.01d)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft WinUsb 1.0
Mobile Broadband Connect (Version: 3.3.0053)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox (3.6.20) (Version: 3.6.20 (en-US))
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
On Screen Display (Version: 5.13.01)
PC-Doctor 5 for Windows (Version: 5.1.4957.02)
Presentation Director (Version: 4.00a)
QuickTime (Version: 7.70.80.34)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.13.0000)
Rescue and Recovery (Version: 4.21.0016.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (Version: 3.55.01)
Roxio Activation Module (Version: 1.0)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Creator Small Business Edition (Version: 10.1)
Roxio Creator Small Business Edition (Version: 10.1.177)
Roxio Express Labeler 3 (Version: 3.2.1)
Safari (Version: 5.33.21.1)
Secunia PSI
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sonic Icons for Lenovo (Version: 2.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
SUPERAntiSpyware (Version: 5.0.1118)
System Update (Version: 3.14.0010)
ThinkPad EasyEject Utility (Version: 2.36)
ThinkPad FullScreen Magnifier (Version: 2.03)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver for SL Series (Version: 1.44)
ThinkPad Power Manager (Version: 1.48)
ThinkPad UltraNav Driver (Version: 7.5.19.5)
ThinkPad UltraNav Utility (Version: 2.04)
ThinkVantage Access Connections (Version: 5.12)
ThinkVantage Active Protection System (Version: 1.61)
ThinkVantage Technologies Welcome Message (Version: 2.00)
Veetle TV 0.9.18 (Version: 0.9.18)
Verizon Wireless BroadbandAccess Self Activation (Version: 1.3.2)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
vShare Plugin
Wallpapers
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Live Toolbar (Version: 03.01.0130)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
XP Themes (Version: 1.00.0000)
Zune (Version: 04.02.0202.00)
Zune Language Pack (DE) (Version: 04.02.0202.00)
Zune Language Pack (ES) (Version: 04.02.0202.00)
Zune Language Pack (FR) (Version: 04.02.0202.00)
Zune Language Pack (IT) (Version: 04.02.0202.00)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3037.23 MB
Available physical RAM: 1594.93 MB
Total Pagefile: 4922.36 MB
Available Pagefile: 3584.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1989.55 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:143.04 GB) (Free:88.1 GB) NTFS

========================= Users: ========================================

User accounts for \\ARTHOME

Administrator Art ASPNET
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


-----------------------------------------

#10 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 31 August 2011 - 09:58 AM

The GMER log is too long ... section 1 of 3 ...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-31 10:20:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.FB2Z
Running: urjy210y.exe; Driver: C:\DOCUME~1\Art\LOCALS~1\Temp\fxldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9B9F36B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9B9F3574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9B9F3A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9B9F314C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9B9F364E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9B9F308C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9B9F30F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9B9F376E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9B9F372E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9B9F38AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9C90E640]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [005DD6B4] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [005DD646] C:\Program Files\AIM\aim.exe (AOL Instant Messenger/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[372] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\services.exe[1056] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1056] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9A24DD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs

Edited by Angela12345, 31 August 2011 - 10:02 AM.


#11 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 31 August 2011 - 10:00 AM

section 2 ...


DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data116 50003968 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 50003968 bytes
File C:\RRbackups\C\0\Data115 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data117 50003968 bytes
File C:\RRbackups\C\0\Data118 50003968 bytes
File C:\RRbackups\C\0\Data119 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data120 50003968 bytes
File C:\RRbackups\C\0\Data121 50003968 bytes
File C:\RRbackups\C\0\Data122 50003968 bytes
File C:\RRbackups\C\0\Data123 50003968 bytes
File C:\RRbackups\C\0\Data124 50003968 bytes
File C:\RRbackups\C\0\Data125 50003968 bytes
File C:\RRbackups\C\0\Data126 50003968 bytes
File C:\RRbackups\C\0\Data127 5663355 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 384930 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 39134550 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data100 50003968 bytes
File C:\RRbackups\C\1\Data101 50003968 bytes
File C:\RRbackups\C\1\Data102 50003968 bytes
File C:\RRbackups\C\1\Data103 50003968 bytes
File C:\RRbackups\C\1\Data104 50003968 bytes
File C:\RRbackups\C\1\Data105 50003968 bytes
File C:\RRbackups\C\1\Data106 50003968 bytes
File C:\RRbackups\C\1\Data107 50003968 bytes
File C:\RRbackups\C\1\Data108 50003968 bytes
File C:\RRbackups\C\1\Data109 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data110 50003968 bytes
File C:\RRbackups\C\1\Data111 50003968 bytes
File C:\RRbackups\C\1\Data112 50003968 bytes
File C:\RRbackups\C\1\Data113 50003968 bytes
File C:\RRbackups\C\1\Data114 50003968 bytes
File C:\RRbackups\C\1\Data115 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 50003968 bytes
File C:\RRbackups\C\1\Data42 50003968 bytes
File C:\RRbackups\C\1\Data43 50003968 bytes
File C:\RRbackups\C\1\Data44 50003968 bytes
File C:\RRbackups\C\1\Data45 50003968 bytes
File C:\RRbackups\C\1\Data47 50003968 bytes
File C:\RRbackups\C\1\Data48 50003968 bytes
File C:\RRbackups\C\1\Data49 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data50 50003968 bytes
File C:\RRbackups\C\1\Data51 50003968 bytes
File C:\RRbackups\C\1\Data52 50003968 bytes
File C:\RRbackups\C\1\Data53 50003968 bytes
File C:\RRbackups\C\1\Data54 50003968 bytes
File C:\RRbackups\C\1\Data55 50003968 bytes
File C:\RRbackups\C\1\Data56 50003968 bytes
File C:\RRbackups\C\1\Data57 50003968 bytes
File C:\RRbackups\C\1\Data58 50003968 bytes
File C:\RRbackups\C\1\Data59 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data60 50003968 bytes
File C:\RRbackups\C\1\Data61 50003968 bytes
File C:\RRbackups\C\1\Data62 50003968 bytes
File C:\RRbackups\C\1\Data63 50003968 bytes
File C:\RRbackups\C\1\Data64 50003968 bytes
File C:\RRbackups\C\1\Data66 50003968 bytes
File C:\RRbackups\C\1\Data67 50003968 bytes
File C:\RRbackups\C\1\Data68 50003968 bytes
File C:\RRbackups\C\1\Data69 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data70 50003968 bytes
File C:\RRbackups\C\1\Data71 50003968 bytes
File C:\RRbackups\C\1\Data72 50003968 bytes
File C:\RRbackups\C\1\Data73 50003968 bytes
File C:\RRbackups\C\1\Data74 50003968 bytes
File C:\RRbackups\C\1\Data75 50003968 bytes
File C:\RRbackups\C\1\Data76 50003968 bytes
File C:\RRbackups\C\1\Data77 50003968 bytes
File C:\RRbackups\C\1\Data78 50003968 bytes
File C:\RRbackups\C\1\Data79 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data80 50003968 bytes
File C:\RRbackups\C\1\Data81 50003968 bytes
File C:\RRbackups\C\1\Data82 50003968 bytes
File C:\RRbackups\C\1\Data83 50003968 bytes
File C:\RRbackups\C\1\Data117 50003968 bytes
File C:\RRbackups\C\1\Data118 50003968 bytes
File C:\RRbackups\C\1\Data119 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data120 50003968 bytes
File C:\RRbackups\C\1\Data121 50003968 bytes
File C:\RRbackups\C\1\Data122 50003968 bytes
File C:\RRbackups\C\1\Data123 50003968 bytes
File C:\RRbackups\C\1\Data124 50003968 bytes
File C:\RRbackups\C\1\Data125 50003968 bytes
File C:\RRbackups\C\1\Data126 50003968 bytes
File C:\RRbackups\C\1\Data127 50003968 bytes
File C:\RRbackups\C\1\Data128 50003968 bytes
File C:\RRbackups\C\1\Data129 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data130 50003968 bytes
File C:\RRbackups\C\1\Data131 50003968 bytes
File C:\RRbackups\C\1\Data132 50003968 bytes
File C:\RRbackups\C\1\Data133 50003968 bytes
File C:\RRbackups\C\1\Data134 50003968 bytes
File C:\RRbackups\C\1\Data136 50003968 bytes
File C:\RRbackups\C\1\Data137 50003968 bytes
File C:\RRbackups\C\1\Data138 50003968 bytes
File C:\RRbackups\C\1\Data139 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data140 50003968 bytes
File C:\RRbackups\C\1\Data141 50003968 bytes
File C:\RRbackups\C\1\Data142 50003968 bytes
File C:\RRbackups\C\1\Data143 50003968 bytes
File C:\RRbackups\C\1\Data144 50003968 bytes
File C:\RRbackups\C\1\Data145 50003968 bytes
File C:\RRbackups\C\1\Data146 50003968 bytes
File C:\RRbackups\C\1\Data147 50003968 bytes
File C:\RRbackups\C\1\Data148 50003968 bytes
File C:\RRbackups\C\1\Data149 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data150 50003968 bytes
File C:\RRbackups\C\1\Data151 50003968 bytes
File C:\RRbackups\C\1\Data152 50003968 bytes
File C:\RRbackups\C\1\Data153 50003968 bytes
File C:\RRbackups\C\1\Data155 50003968 bytes
File C:\RRbackups\C\1\Data156 50003968 bytes
File C:\RRbackups\C\1\Data157 50003968 bytes
File C:\RRbackups\C\1\Data158 50003968 bytes
File C:\RRbackups\C\1\Data159 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data160 50003968 bytes
File C:\RRbackups\C\1\Data161 50003968 bytes
File C:\RRbackups\C\1\Data162 50003968 bytes
File C:\RRbackups\C\1\Data163 50003968 bytes
File C:\RRbackups\C\1\Data164 50003968 bytes
File C:\RRbackups\C\1\Data165 50003968 bytes
File C:\RRbackups\C\1\Data166 50003968 bytes
File C:\RRbackups\C\1\Data167 50003968 bytes
File C:\RRbackups\C\1\Data168 50003968 bytes
File C:\RRbackups\C\1\Data169 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data170 50003968 bytes
File C:\RRbackups\C\1\Data171 50003968 bytes
File C:\RRbackups\C\1\Data172 50003968 bytes
File C:\RRbackups\C\1\Data116 50003968 bytes
File C:\RRbackups\C\1\Data135 50003968 bytes
File C:\RRbackups\C\1\Data154 50003968 bytes
File C:\RRbackups\C\1\Data173 50003968 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data46 50003968 bytes
File C:\RRbackups\C\1\Data65 50003968 bytes
File C:\RRbackups\C\1\Data84 50003968 bytes
File C:\RRbackups\C\1\Data174 50003968 bytes
File C:\RRbackups\C\1\Data175 50003968 bytes
File C:\RRbackups\C\1\Data176 50003968 bytes
File C:\RRbackups\C\1\Data177 50003968 bytes
File C:\RRbackups\C\1\Data178 50003968 bytes
File C:\RRbackups\C\1\Data179 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data180 50003968 bytes
File C:\RRbackups\C\1\Data181 50003968 bytes
File C:\RRbackups\C\1\Data182 50003968 bytes
File C:\RRbackups\C\1\Data183 50003968 bytes
File C:\RRbackups\C\1\Data184 50003968 bytes
File C:\RRbackups\C\1\Data185 50003968 bytes
File C:\RRbackups\C\1\Data186 34424825 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data85 50003968 bytes
File C:\RRbackups\C\1\Data86 50003968 bytes
File C:\RRbackups\C\1\Data87 50003968 bytes
File C:\RRbackups\C\1\Data88 50003968 bytes
File C:\RRbackups\C\1\Data89 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\Data90 50003968 bytes
File C:\RRbackups\C\1\Data91 50003968 bytes
File C:\RRbackups\C\1\Data92 50003968 bytes
File C:\RRbackups\C\1\Data93 50003968 bytes
File C:\RRbackups\C\1\Data94 50003968 bytes
File C:\RRbackups\C\1\Data95 50003968 bytes
File C:\RRbackups\C\1\Data96 50003968 bytes
File C:\RRbackups\C\1\Data97 50003968 bytes
File C:\RRbackups\C\1\Data98 50003968 bytes
File C:\RRbackups\C\1\Data99 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 565272 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 57469320 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data100 50003968 bytes
File C:\RRbackups\C\2\Data101 50003968 bytes
File C:\RRbackups\C\2\Data102 50003968 bytes
File C:\RRbackups\C\2\Data103 50003968 bytes
File C:\RRbackups\C\2\Data104 50003968 bytes
File C:\RRbackups\C\2\Data105 50003968 bytes
File C:\RRbackups\C\2\Data106 50003968 bytes
File C:\RRbackups\C\2\Data107 50003968 bytes
File C:\RRbackups\C\2\Data108 50003968 bytes
File C:\RRbackups\C\2\Data109 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data110 50003968 bytes
File C:\RRbackups\C\2\Data111 50003968 bytes
File C:\RRbackups\C\2\Data112 50003968 bytes
File C:\RRbackups\C\2\Data113 50003968 bytes
File C:\RRbackups\C\2\Data114 50003968 bytes
File C:\RRbackups\C\2\Data115 50003968 bytes
File C:\RRbackups\C\2\Data28 50003968 bytes
File C:\RRbackups\C\2\Data29 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data30 50003968 bytes
File C:\RRbackups\C\2\Data31 50003968 bytes
File C:\RRbackups\C\2\Data32 50003968 bytes
File C:\RRbackups\C\2\Data33 50003968 bytes
File C:\RRbackups\C\2\Data34 50003968 bytes
File C:\RRbackups\C\2\Data35 50003968 bytes
File C:\RRbackups\C\2\Data36 50003968 bytes
File C:\RRbackups\C\2\Data37 50003968 bytes
File C:\RRbackups\C\2\Data38 50003968 bytes
File C:\RRbackups\C\2\Data39 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data40 50003968 bytes
File C:\RRbackups\C\2\Data41 50003968 bytes
File C:\RRbackups\C\2\Data42 50003968 bytes
File C:\RRbackups\C\2\Data43 50003968 bytes
File C:\RRbackups\C\2\Data44 50003968 bytes
File C:\RRbackups\C\2\Data45 50003968 bytes
File C:\RRbackups\C\2\Data47 50003968 bytes
File C:\RRbackups\C\2\Data48 50003968 bytes
File C:\RRbackups\C\2\Data49 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data50 50003968 bytes
File C:\RRbackups\C\2\Data51 50003968 bytes
File C:\RRbackups\C\2\Data52 50003968 bytes
File C:\RRbackups\C\2\Data53 50003968 bytes
File C:\RRbackups\C\2\Data54 50003968 bytes
File C:\RRbackups\C\2\Data55 50003968 bytes
File C:\RRbackups\C\2\Data56 50003968 bytes
File C:\RRbackups\C\2\Data57 50003968 bytes
File C:\RRbackups\C\2\Data58 50003968 bytes
File C:\RRbackups\C\2\Data59 50003968 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data60 50003968 bytes
File C:\RRbackups\C\2\Data61 50003968 bytes
File C:\RRbackups\C\2\Data62 50003968 bytes
File C:\RRbackups\C\2\Data63 50003968 bytes
File C:\RRbackups\C\2\Data64 50003968 bytes
File C:\RRbackups\C\2\Data66 50003968 bytes
File C:\RRbackups\C\2\Data67 50003968 bytes
File C:\RRbackups\C\2\Data68 50003968 bytes
File C:\RRbackups\C\2\Data69 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data70 50003968 bytes
File C:\RRbackups\C\2\Data71 50003968 bytes
File C:\RRbackups\C\2\Data72 50003968 bytes
File C:\RRbackups\C\2\Data73 50003968 bytes
File C:\RRbackups\C\2\Data74 50003968 bytes
File C:\RRbackups\C\2\Data75 50003968 bytes
File C:\RRbackups\C\2\Data76 50003968 bytes
File C:\RRbackups\C\2\Data77 50003968 bytes
File C:\RRbackups\C\2\Data78 50003968 bytes
File C:\RRbackups\C\2\Data79 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data80 50003968 bytes
File C:\RRbackups\C\2\Data81 50003968 bytes
File C:\RRbackups\C\2\Data82 50003968 bytes
File C:\RRbackups\C\2\Data83 50003968 bytes
File C:\RRbackups\C\2\Data117 50003968 bytes
File C:\RRbackups\C\2\Data118 50003968 bytes
File C:\RRbackups\C\2\Data119 50003968 bytes
File C:\RRbackups\C\2\Data12 50003968 bytes
File C:\RRbackups\C\2\Data120 50003968 bytes
File C:\RRbackups\C\2\Data121 50003968 bytes
File C:\RRbackups\C\2\Data122 50003968 bytes
File C:\RRbackups\C\2\Data123 50003968 bytes
File C:\RRbackups\C\2\Data124 50003968 bytes
File C:\RRbackups\C\2\Data125 50003968 bytes
File C:\RRbackups\C\2\Data126 50003968 bytes
File C:\RRbackups\C\2\Data127 50003968 bytes
File C:\RRbackups\C\2\Data128 50003968 bytes
File C:\RRbackups\C\2\Data129 50003968 bytes
File C:\RRbackups\C\2\Data13 50003968 bytes
File C:\RRbackups\C\2\Data130 50003968 bytes
File C:\RRbackups\C\2\Data131 50003968 bytes
File C:\RRbackups\C\2\Data132 50003968 bytes
File C:\RRbackups\C\2\Data133 50003968 bytes
File C:\RRbackups\C\2\Data134 50003968 bytes
File C:\RRbackups\C\2\Data136 50003968 bytes
File C:\RRbackups\C\2\Data137 50003968 bytes
File C:\RRbackups\C\2\Data138 50003968 bytes
File C:\RRbackups\C\2\Data139 50003968 bytes
File C:\RRbackups\C\2\Data14 50003968 bytes
File C:\RRbackups\C\2\Data140 50003968 bytes
File C:\RRbackups\C\2\Data141 50003968 bytes
File C:\RRbackups\C\2\Data142 50003968 bytes
File C:\RRbackups\C\2\Data143 50003968 bytes
File C:\RRbackups\C\2\Data144 50003968 bytes
File C:\RRbackups\C\2\Data145 50003968 bytes
File C:\RRbackups\C\2\Data146 50003968 bytes
File C:\RRbackups\C\2\Data147 50003968 bytes
File C:\RRbackups\C\2\Data148 50003968 bytes
File C:\RRbackups\C\2\Data149 50003968 bytes
File C:\RRbackups\C\2\Data15 50003968 bytes
File C:\RRbackups\C\2\Data150 50003968 bytes
File C:\RRbackups\C\2\Data151 50003968 bytes
File C:\RRbackups\C\2\Data152 50003968 bytes
File C:\RRbackups\C\2\Data153 50003968 bytes
File C:\RRbackups\C\2\Data155 50003968 bytes
File C:\RRbackups\C\2\Data156 50003968 bytes
File C:\RRbackups\C\2\Data157 50003968 bytes
File C:\RRbackups\C\2\Data158 50003968 bytes
File C:\RRbackups\C\2\Data159 50003968 bytes
File C:\RRbackups\C\2\Data16 50003968 bytes
File C:\RRbackups\C\2\Data160 50003968 bytes
File C:\RRbackups\C\2\Data161 50003968 bytes
File C:\RRbackups\C\2\Data162 50003968 bytes
File C:\RRbackups\C\2\Data163 50003968 bytes
File C:\RRbackups\C\2\Data164 50003968 bytes
File C:\RRbackups\C\2\Data165 50003968 bytes
File C:\RRbackups\C\2\Data166 50003968 bytes
File C:\RRbackups\C\2\Data167 50003968 bytes
File C:\RRbackups\C\2\Data168 50003968 bytes
File C:\RRbackups\C\2\Data169 50003968 bytes
File C:\RRbackups\C\2\Data17 50003968 bytes
File C:\RRbackups\C\2\Data170 50003968 bytes
File C:\RRbackups\C\2\Data171 50003968 bytes
File C:\RRbackups\C\2\Data172 50003968 bytes
File C:\RRbackups\C\2\Data116 50003968 bytes
File C:\RRbackups\C\2\Data135 50003968 bytes
File C:\RRbackups\C\2\Data154 50003968 bytes
File C:\RRbackups\C\2\Data173 50003968 bytes
File C:\RRbackups\C\2\Data27 50003968 bytes
File C:\RRbackups\C\2\Data46 50003968 bytes
File C:\RRbackups\C\2\Data65 50003968 bytes
File C:\RRbackups\C\2\Data84 50003968 bytes
File C:\RRbackups\C\2\Data174 50003968 bytes
File C:\RRbackups\C\2\Data175 50003968 bytes
File C:\RRbackups\C\2\Data176 50003968 bytes
File C:\RRbackups\C\2\Data177 50003968 bytes
File C:\RRbackups\C\2\Data178 50003968 bytes
File C:\RRbackups\C\2\Data179 50003968 bytes
File C:\RRbackups\C\2\Data18 50003968 bytes
File C:\RRbackups\C\2\Data180 50003968 bytes
File C:\RRbackups\C\2\Data181 50003968 bytes
File C:\RRbackups\C\2\Data182 50003968 bytes
File C:\RRbackups\C\2\Data183 50003968 bytes
File C:\RRbackups\C\2\Data184 50003968 bytes
File C:\RRbackups\C\2\Data185 50003968 bytes
File C:\RRbackups\C\2\Data186 50003968 bytes
File C:\RRbackups\C\2\Data187 34428481 bytes
File C:\RRbackups\C\2\Data19 50003968 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data20 50003968 bytes
File C:\RRbackups\C\2\Data21 50003968 bytes
File C:\RRbackups\C\2\Data22 50003968 bytes
File C:\RRbackups\C\2\Data23 50003968 bytes
File C:\RRbackups\C\2\Data24 50003968 bytes
File C:\RRbackups\C\2\Data25 50003968 bytes
File C:\RRbackups\C\2\Data26 50003968 bytes
File C:\RRbackups\C\2\Data85 50003968 bytes
File C:\RRbackups\C\2\Data86 50003968 bytes
File C:\RRbackups\C\2\Data87 50003968 bytes
File C:\RRbackups\C\2\Data88 50003968 bytes
File C:\RRbackups\C\2\Data89 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\Data90 50003968 bytes
File C:\RRbackups\C\2\Data91 50003968 bytes
File C:\RRbackups\C\2\Data92 50003968 bytes
File C:\RRbackups\C\2\Data93 50003968 bytes
File C:\RRbackups\C\2\Data94 50003968 bytes
File C:\RRbackups\C\2\Data95 50003968 bytes
File C:\RRbackups\C\2\Data96 50003968 bytes
File C:\RRbackups\C\2\Data97 50003968 bytes
File C:\RRbackups\C\2\Data98 50003968 bytes
File C:\RRbackups\C\2\Data99 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 639954 bytes
File C:\RRbackups\C\2\Info 756 bytes
File C:\RRbackups\C\2\TOCFile 65061990 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\C\3\Data0 50003968 bytes
File C:\RRbackups\C\3\Data1 50003968 bytes
File C:\RRbackups\C\3\Data10 50003968 bytes
File C:\RRbackups\C\3\Data11 50003968 bytes
File C:\RRbackups\C\3\Data12 50003968 bytes
File C:\RRbackups\C\3\Data13 50003968 bytes
File C:\RRbackups\C\3\Data14 50003968 bytes
File C:\RRbackups\C\3\Data15 50003968 bytes
File C:\RRbackups\C\3\Data16 50003968 bytes
File C:\RRbackups\C\3\Data17 50003968 bytes
File C:\RRbackups\C\3\Data18 50003968 bytes
File C:\RRbackups\C\3\Data19 50003968 bytes
File C:\RRbackups\C\3\Data2 50003968 bytes
File C:\RRbackups\C\3\Data20 50003968 bytes
File C:\RRbackups\C\3\Data21 50003968 bytes
File C:\RRbackups\C\3\Data22 50003968 bytes
File C:\RRbackups\C\3\Data23 50003968 bytes
File C:\RRbackups\C\3\Data24 50003968 bytes
File C:\RRbackups\C\3\Data25 50003968 bytes
File C:\RRbackups\C\3\Data26 50003968 bytes
File C:\RRbackups\C\3\Data27 50003968 bytes
File C:\RRbackups\C\3\Data28 50003968 bytes
File C:\RRbackups\C\3\Data29 50003968 bytes
File C:\RRbackups\C\3\Data3 50003968 bytes
File C:\RRbackups\C\3\Data30 50003968 bytes
File C:\RRbackups\C\3\Data31 50003968 bytes
File C:\RRbackups\C\3\Data32 50003968 bytes
File C:\RRbackups\C\3\Data33 50003968 bytes
File C:\RRbackups\C\3\Data34 50003968 bytes
File C:\RRbackups\C\3\Data35 39080058 bytes
File C:\RRbackups\C\3\Data4 50003968 bytes
File C:\RRbackups\C\3\Data5 50003968 bytes
File C:\RRbackups\C\3\Data6 50003968 bytes
File C:\RRbackups\C\3\Data7 50003968 bytes
File C:\RRbackups\C\3\Data8 50003968 bytes
File C:\RRbackups\C\3\Data9 50003968 bytes
File C:\RRbackups\C\3\dats 0 bytes
File C:\RRbackups\C\3\EFSFile 0 bytes
File C:\RRbackups\C\3\HashFile 658584 bytes
File C:\RRbackups\C\3\Info 756 bytes
File C:\RRbackups\C\3\TOCFile 66956040 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\bt2.dat 32256 bytes
File C:\RRbackups\common\bt3.dat 32256 bytes
File C:\RRbackups\common\css.dat 12288 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 418 bytes
File C:\RRbackups\common\rr.log 118469 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat

section 3 ...



16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500\87ca9316-d3fd-4a9b-994f-bb024bce3795 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500\38cfdef0-081d-4470-8419-25aca2de30be 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 893 bytes
File C:\RRbackups\Documents and Settings\Art 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\Art.pwm 12352 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\Art.pwm.bak 11074 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\enroll.ini 35 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\pwmaction.dat 540 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA\S-1-5-21-421417644-672489333-1106248786-1005 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA\S-1-5-21-421417644-672489333-1106248786-1005\533145ef011ddf5ca3983e2545a902b4_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 2075 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA\S-1-5-21-421417644-672489333-1106248786-1005\6b29ae44e85efac3c72ff4d1865d73f1_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 53 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA\S-1-5-21-421417644-672489333-1106248786-1005\706a5df9e8b690b036ed79da63d4a012_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 44 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA\S-1-5-21-421417644-672489333-1106248786-1005\83aa4cc77f591dfc2374580bbd95f6ba_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 45 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Crypto\RSA\S-1-5-21-421417644-672489333-1106248786-1005\8f71098770f72c7a67cd8f1151619865_e903ddf6-3bf8-4bd4-ab1e-c6e7f66a8e87 54 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500\87ca9316-d3fd-4a9b-994f-bb024bce3795 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500\38cfdef0-081d-4470-8419-25aca2de30be 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\1f09d42d-1a98-4970-8c79-c588814aea51 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\25e16e38-f473-4869-bcd3-8c44da8d5e51 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\3747deb2-ff00-4679-8cb4-07a3c752ecbe 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\533b1d32-2526-487a-a368-d85dd539ea8b 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\568ec3af-8ac9-4508-8f1e-8b3b6a070468 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\86b74521-75ba-4826-a518-a3ca62e6ba81 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\8fbb1abb-7a82-4178-a93e-d0f18e943f3e 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\f3d4e941-ca85-41c3-a1b4-adac2412f38f 388 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\Protect\S-1-5-21-421417644-672489333-1106248786-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Art\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500\87ca9316-d3fd-4a9b-994f-bb024bce3795 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-170253370-2400311689-871855509-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500\38cfdef0-081d-4470-8419-25aca2de30be 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1801828314-2998861964-4171606242-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 17464 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1310720 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\WINDOWS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 124928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 4980736 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 41943040 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 7602176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 149504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 456320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 357888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\syntp.sys 177632 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 144128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 978944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 718336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2148864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1288192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 163328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1858944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 832512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes
File C:\RRbackups\SIS\C\0\Data0 159092 bytes
File C:\RRbackups\SIS\C\0\Data1 576227 bytes
File C:\RRbackups\SIS\C\0\HashFile 12 bytes
File C:\RRbackups\SIS\C\0\TOCFile 1220 bytes

---- EOF - GMER 1.0.15 ----

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 31 August 2011 - 09:45 PM

Looks good :)

Last scans...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 15 April 2012 - 10:20 PM

Hi Broni, Somehow I never realized that you had posted your last reply on Aug 31. So sorry !! Your help has been very appreciated, and I don't want you to think I just bailed on you. My husband reported that his computer was running right and I didn't realize you had ever sent another response because of problems with my work email account.

However, it looks like my husband's computer did not get fully cleaned as he is having problems again. Some of them similar to what he was running into in the fall. Maybe some kind of HDD virus or maybe Google redirect ? I caught a lot of these things in screenshots so I was able to record exactly what the popups say.


Here are the symptoms .....

-- Same empty start menu, windows explorer, no desktop icons, etc as before. Everything is hidden. When I have Windows Explorer open I can choose Tools > Folder Options > View > Show hidden files and folders (under Advanced settings). However, it soon hides everything again.

-- Firefox will not open. Instead, he gets Mozilla Crash Reporter "We're Sorry. Firefox had a problem and crashed. We'll try to restore your tabs and windows when it restarts. etc etc" Options are Restart Firefox or Quit Firefox. Nothing will get it to open. Currently, able to use Opera or Internet Explorer, although both seem to be running terribly slow at times.

-- When using the computer, IE will open by itself to random spam web pages, even when we do not have IE open and are not using IE for anything else. One of the pages is a Twitter login screen (I dont think either of us have Twitter).

-- When clicking on a link from a Google search, it opens a series of random spam websites instead of the link we are trying to open.

-- Not sure if this is the real Ad-Aware, or if it is part of the faking stuff the virus does. AdAware messages will pop up by themselves in the lower right corner of the screen saying things such as ....
"Ad-Aware Live ! detected that a malicious process is running and started a scan in background mode. You will be able to clean any infections safely after the scan is finished." .... "Objects detected during scan. Double click here to open Ad-Aware" .... "Ad-Watch Live! Alert. Process blocked. Ad-Watch Live! has blocked the process dplaysvr.exe(3876) from starting on your system. The process has been identified as Rootkit.Win32.Cleaman"
When I open Ad-Aware the way we normally do, it shows up as if a scan has already been run & lists the following families found - - Trojan.Win32.Generic!BT (c:\windows\sy\..\wwebagent.dll also c:\windows\sy\..\2\smcb000.dll), Win32.Trojan.Agent, Cookies. - - The next time it scanned by itself it found Trojan.Win32.Generic!BT (c:\windows\sy\..\2\smcb000.dll), Win32.Trojan.Agent, Rootkit.Win32.Cleaman (c:\documents\..\ta\dplayx.dll), Cookies.

-- DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. ... etc

-- Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. ... etc.

-- A series of popup error messages appear over and over (and over and over) ...
- System Error. Hard disk failure detected. It's highly recommended to run complete HDD scan to prevent loss of personal files. Options are to 'Scan and repair' or 'Cancel and restart'.
- Somewhere between 20-22 popups all at one time that all say ... System message - Write Fault Error. A Write command during the test has failed to complete. This may be due to a media or read/write error. The system generat reference to an invalid system memory address. ... I can close them down but after a few minutes (maybe 10 mins?) the same 20-22 msgs popup again.
-- These popup in the lower right corner then fade away with different msgs every time ...
- Data Error Reading Drive C:\
- This device cannot find enough free resources that it can use
- Critical Error. Drive sector not found error
- Critical Error. Hard drive controller failure
- Seek Error - Sector not found
- Device initialization failed
- Serious Disk Error Writing Drive C:\

-- A shortcut appeared on the desktop that I do not remember putting on there and am not sure what it is. The shortcut is called 'System Check' and the target listed in the properties is "C:\Documents and Settings\All Users\Application Data\BAYl5zbBO13Gu3.exe". Although, that target path is not valid, so maybe one of the scans I did fixed it ?

-- Another shortcut appeared on the desktop that I am positive we did not put on there called 'SMART_HDD'. The target path for that one is "C:\Documents and Settings\All Users\Application Data\3e96YZGbU90p9i.exe" and it also shows as a not valid path.

-- Laptop freezing/locking up

-- I think that is all of the symptoms. That's enough, isn't it ?!?!



Also, it appears that his anti-virus is out of date. Do you have any recommendations for a free antivirus ? I was reading the reviews for AVG, Avast, and Avera (Avira?), but wasn't sure which to choose or if there is another better one.

What I have done so far ... went into Safe Mode ran SUPERAntiSpyware complete scan, rebooted into Safe Mode, and ran Malwarebytes complete scan. Both detected multiple threats. Upon reboot, still having at least some of the problems listed above (am posting before I have given it a chance to see if they are all still happening). Scan logs below.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2012 at 07:21 PM

Application Version : 5.0.1146

Core Rules Database Version : 8452
Trace Rules Database Version: 6264

Scan type : Complete Scan
Total Scan Time : 01:19:18

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 36090
Registry threats detected : 1
File items scanned : 112142
File threats detected : 5

Trojan.Agent/Gen-FakeAntiSpy
[QkqnRvQCEE.exe] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\QKQNRVQCEE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\QKQNRVQCEE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\3E96YZGBU90P9I.EXE
C:\WINDOWS\Prefetch\3E96YZGBU90P9I.EXE-2EF28DD4.pf
C:\WINDOWS\Prefetch\QKQNRVQCEE.EXE-3887B113.pf

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Local Settings\Temporary Internet Files\Content.IE5\OB5FL4VE\858c383bfe780_2174480[1].flv [ cache:wista ]



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Art :: ARTHOME [administrator]

4/15/2012 9:10:52 PM
mbam-log-2012-04-15 (21-10-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343764
Time elapsed: 56 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.Gen) -> Data: C:\Documents and Settings\Art\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.Gen) -> Data: C:\Documents and Settings\Art\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\WINDOWS\system32\SMCB000.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Art\Application Data\dplayx.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP45\A0021175.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP45\A0021205.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP45\A0021269.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP45\A0025397.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP45\A0025398.exe (Trojan.Agent.WQ) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qconsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Art\Application Data\dplaysvr.exe (Trojan.QHost.Gen) -> Quarantined and deleted successfully.

(end)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:25 AM

Posted 15 April 2012 - 11:09 PM

It looks like you're infected with ZeroAccess rootkit.
That will require more advanced tools.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 Angela12345

Angela12345
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:25 AM

Posted 15 April 2012 - 11:35 PM

DARN !! I was just reading some articles about ZeroAccess after I posted to this thread an hour ago and was thinking "I REALLY hope none of our computers ever get this infection". It sounds particularly nasty. Wonder if I have some latent psychic abilities ? Sure wish I had not foreshadowed this one !! :o

Looks like I have some work ahead of me. Might be a late night tonight ......
Will update here when I have started the new topic in the other forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users