Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaning google redirector from a HDD connected by USB


  • Please log in to reply
24 replies to this topic

#1 adalgisa

adalgisa

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 02 March 2012 - 12:14 AM

A year ago you guys helped me fix a virus-ridden hard drive that was a clone of the original drive, which I want to clean now.
(The thread is at http://www.bleepingcomputer.com/forums/topic394561.html/page__pid__2227008#entry2227008)

I would just retrace the steps in that thread, if the infected drive were in a laptop; however now the problem drive is in an external enclosure (Apricorn EZ-upgrade). The infected drive has XP Professional OS; the computer I'll be using to clean it is running Win 7 Home Premium.

I haven't attached the infected drive to my computer via USB yet; how do I proceed?
(These drives belong to a business that would like to recover the original drive rather than reformatting and reinstalling, if possible)

Thank you for your help -!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 04 March 2012 - 01:31 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 04 March 2012 - 03:18 PM

First, thank you for coming to help me!

Just to clarify: the infected drive will be attached via USB. Should the scans be performed on the affected drive or on the C: drive?

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 04 March 2012 - 06:08 PM

they should be performed on all drives.

#5 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 04 March 2012 - 07:21 PM

I am running Win7 Home Premium 64 bit, what should I do about running GMER? (I've run the other scans)

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 04 March 2012 - 07:24 PM

Run it anyways.

#7 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 04 March 2012 - 08:27 PM

OK, here we go-

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Java™ 6 Update 27
Java version out of date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
adalgisa :: COSMO [administrator]

3/4/2012 12:24:56 PM
mbam-log-2012-03-04 (12-24-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 552948
Time elapsed: 1 hour(s), 32 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2012 at 03:53 PM

Application Version : 5.0.1144

Core Rules Database Version : 8302
Trace Rules Database Version: 6114

Scan type : Complete Scan
Total Scan Time : 01:25:26

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 460
Memory threats detected : 0
Registry items scanned : 65249
Registry threats detected : 0
File items scanned : 250766
File threats detected : 17

Adware.Tracking Cookie
C:\USERS\ADALGISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ANW5KS9M.txt [ Cookie:adalgisa@www.google.com/accounts ]
C:\USERS\ADALGISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\V43YMDI6.txt [ Cookie:adalgisa@accounts.google.com/ ]
ia.media-imdb.com [ E:\DOCUMENTS AND SETTINGS\HOLLY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EKG88RTZ ]
.accounts.google.com [ C:\USERS\ADALGISA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ADALGISA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\ADALGISA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\ADALGISA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\ADALGISA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.nbcwashington.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XDTB2JV5 ]
.getclicky.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ADALGISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4R4S5R0B.DEFAULT\COOKIES.SQLITE ]




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-04 17:20:58
Windows 6.1.7601 Service Pack 1
Running: 4uverjfp.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721ffa38
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721ffa38@f0b479bc9298 0x36 0x90 0x6B 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721ffa38 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721ffa38@f0b479bc9298 0x36 0x90 0x6B 0xD5 ...

---- EOF - GMER 1.0.15 ----

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 04 March 2012 - 08:32 PM

What makes you think the external drive is infected?

#9 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 04 March 2012 - 08:45 PM

Maybe I should put it into the laptop, and see what the results are when it's running as the c: drive -?

I haven't tried putting it back into the laptop, since I haven't had access to it.

Since it was a year ago, I can't remember particulars; only that it started with searches being redirected, and then being unable to get online - seemed as if every time the computer was booted something else was affected, so I just took it out and replaced it with a clone I'd made some time before. (Then the user got the cloned drive infected, probably by going to the same site, and that's what you guys helped with before.)

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 04 March 2012 - 09:10 PM

Put it back into the lap top and see what happens.

#11 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 05 March 2012 - 09:12 PM

Here are the results from the laptop:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Anti-Virus 2011
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java Media Framework 2.1.1e
Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (4.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Microsoft Security Client Antimalware MpCmdRun.exe
Dr. O'Toole Desktop MALWARE SecurityCheck.exe
``````````End of Log````````````


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.05.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Dr. O'Toole :: PEGGY [administrator]

3/5/2012 1:04:25 PM
mbam-log-2012-03-05 (13-04-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341222
Time elapsed: 57 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/05/2012 at 02:53 PM

Application Version : 5.0.1144

Core Rules Database Version : 8305
Trace Rules Database Version: 6117

Scan type : Complete Scan
Total Scan Time : 00:39:13

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 670
Memory threats detected : 0
Registry items scanned : 38133
Registry threats detected : 0
File items scanned : 93878
File threats detected : 58

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@content.yieldmanager[1].txt [ Cookie:holly@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@adserver.adtechus[1].txt [ Cookie:holly@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@smartadserver[1].txt [ Cookie:holly@smartadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@yieldmanager[1].txt [ Cookie:holly@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@xiti[1].txt [ Cookie:holly@xiti.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@mediabrandsww[1].txt [ Cookie:holly@mediabrandsww.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@advertising[2].txt [ Cookie:holly@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@www.burstnet[2].txt [ Cookie:holly@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@collective-media[2].txt [ Cookie:holly@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@media6degrees[2].txt [ Cookie:holly@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@invitemedia[1].txt [ Cookie:holly@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@ad.yieldmanager[1].txt [ Cookie:holly@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@at.atwola[2].txt [ Cookie:holly@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@revsci[1].txt [ Cookie:holly@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@interclick[2].txt [ Cookie:holly@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@tacoda.at.atwola[2].txt [ Cookie:holly@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@doubleclick[1].txt [ Cookie:holly@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@imrworldwide[2].txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\HOLLY\Cookies\holly@r1-ads.ace.advertising[1].txt [ Cookie:holly@r1-ads.ace.advertising.com/ ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EKG88RTZ ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\HOLLY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-05 17:07:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.DC2Z
Running: usjtz9l9.exe; Driver: C:\DOCUME~1\DRCB0B~1.O'T\LOCALS~1\Temp\fgtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA0D4D558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xA0D4DE5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xA0D4EC90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xA0D4F1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xA0D4E138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xA0D4C3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xA0D4F0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xA0D4D146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xA0D4EF94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xA0D4D2EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xA0D4F2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xA0D4DAE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xA0D4F02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xA0D509E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xA0D4C9D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xA0D4CD86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xA0D4E5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xA0D51BEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA0D4CED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA0D4CF6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xA0D4E3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xA0D50AD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xA0D4C3A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xA0D4C3B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xA0D5123C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xA0D4D096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xA0D4F270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xA0D4DEDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xA0D4C588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xA0D4F150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xA0D4D794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xA0D50FD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xA0D4F390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xA0D4D686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xA0D4D002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xA0D4CC3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xA0D51576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xA0D4C864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xA0D50E68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xA0D4CAF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xA0D4BDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xA0D4F6F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xA0D4F5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xA0D5077C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xA0D4C156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xA0D51A90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xA0D4BD76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xA0D4E9D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xA0D4DD00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xA0D5001C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xA0D50C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xA0D516C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xA0D4C6DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xA0D517B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xA0D518F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xA0D50906]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9FA1A640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xA0D4D890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xA0D5141A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xA0D4DA1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A0D3FFE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A0D403C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [D4, 0A, D5, A0, A4, C3, D4, ...] {AAM ; AAD 0xa0; MOVSB ; RET ; AAM 0xa0; MOV DH, 0xc3; AAM 0xa0}
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [F4, CA, D4, A0, DE, BD, D4, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F2C 805047C8 4 Bytes JMP E158E8A1
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B8, 17, D5, A0, F2, 18, D5, ...] {MOV EAX, 0xf2a0d517; SBB CH, DL; MOV AL, [0xa0d50906]}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B9796DA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B9796DA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C33880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C33930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C33A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C339D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wnet_x86]/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Apricorn Snapshot API/Apricorn)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Apricorn Snapshot API/Apricorn)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 99EC3D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0CF45E-C7B3-EF75-7E30-CCF0AAF0A720}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0CF45E-C7B3-EF75-7E30-CCF0AAF0A720}@pabhmjleofneccncaicffhcbhmmohand 0x6B 0x61 0x69 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0CF45E-C7B3-EF75-7E30-CCF0AAF0A720}@oahffepiloniinngpjhbnodfjklfpn 0x6B 0x61 0x69 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD7DB893-12A8-15C9-CE97-B4ABC7ABD2B1}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD7DB893-12A8-15C9-CE97-B4ABC7ABD2B1}@iablgdjfoaffdbghbl 0x63 0x61 0x6E 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD7DB893-12A8-15C9-CE97-B4ABC7ABD2B1}@hakkdcnmebjjfmfg 0x66 0x61 0x63 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD7DB893-12A8-15C9-CE97-B4ABC7ABD2B1}@hamkjdggjbkjofka 0x6F 0x61 0x62 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD7DB893-12A8-15C9-CE97-B4ABC7ABD2B1}@gamkjdggcadlja 0x6E 0x62 0x6E 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD7DB893-12A8-15C9-CE97-B4ABC7ABD2B1}@kadkocpmfopeealhiaionl 0x66 0x61 0x63 0x62 ...

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\css.dat 12288 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 161366 bytes
File C:\RRbackups\common\SAM 32768 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 65536 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 20800 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution(2) 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution(2)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution(2)\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution(2)\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution(2)\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11f350ba5e44e74146990ec7cf704ed0_5d4485a4-a16f-46c3-afda-1282449dc34a 2073 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80cee169cd324bb6c2bc53b541fab103_5d4485a4-a16f-46c3-afda-1282449dc34a 1305 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5bac492b8a12a9b6bf4a5681cc06a21_5d4485a4-a16f-46c3-afda-1282449dc34a 888 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\01c183163adea65e2018c124c6673f57_5d4485a4-a16f-46c3-afda-1282449dc34a 2521 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_5d4485a4-a16f-46c3-afda-1282449dc34a 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_5d4485a4-a16f-46c3-afda-1282449dc34a 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\9921d43dc7a746715c0c2d40741ccd3c_5d4485a4-a16f-46c3-afda-1282449dc34a 1273 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_5d4485a4-a16f-46c3-afda-1282449dc34a 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_5d4485a4-a16f-46c3-afda-1282449dc34a 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\MachineKeys(2) 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\MachineKeys(2)\a5bac492b8a12a9b6bf4a5681cc06a21_5d4485a4-a16f-46c3-afda-1282449dc34a 888 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2) 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\42e7e898003fbdeb9585806ee1664b51_5d4485a4-a16f-46c3-afda-1282449dc34a 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\6d14e4b1d8ca773bab785d1be032546e_5d4485a4-a16f-46c3-afda-1282449dc34a 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\b973ec0ff915c48a18fe09064ce3a22d_5d4485a4-a16f-46c3-afda-1282449dc34a 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-18(2)\d42cc0c3858a58db2db37658219e6400_5d4485a4-a16f-46c3-afda-1282449dc34a 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Lenovo\Client Security Solution(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Lenovo\Client Security Solution(2)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\01c183163adea65e2018c124c6673f57_5d4485a4-a16f-46c3-afda-1282449dc34a 2521 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\49ac679ee18e81d03acf1abfb4d33112_5d4485a4-a16f-46c3-afda-1282449dc34a 1280 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\6b29ae44e85efac3c72ff4d1865d73f1_5d4485a4-a16f-46c3-afda-1282449dc34a 53 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\7753899e52106588367e4f97574a0b12_5d4485a4-a16f-46c3-afda-1282449dc34a 59 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\83aa4cc77f591dfc2374580bbd95f6ba_5d4485a4-a16f-46c3-afda-1282449dc34a 45 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\932a2db58c237abd381d22df4c63a04a_5d4485a4-a16f-46c3-afda-1282449dc34a 87 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1008\cfcd3282100a5c74f6fb046fab0c5a24_5d4485a4-a16f-46c3-afda-1282449dc34a 66 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1008(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\49ac679ee18e81d03acf1abfb4d33112_5d4485a4-a16f-46c3-afda-1282449dc34a 1280 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\6b29ae44e85efac3c72ff4d1865d73f1_5d4485a4-a16f-46c3-afda-1282449dc34a 53 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\83aa4cc77f591dfc2374580bbd95f6ba_5d4485a4-a16f-46c3-afda-1282449dc34a 45 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\034991d8-8606-4121-b57e-3a3ae23615eb 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\20a89faf-8e43-48e8-a9ad-6af8762443aa 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\3fd048f9-bab0-4d1b-9a50-19c83873fcfa 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\72a7614e-eb7c-472c-a197-c4a50f837e26 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\85d21231-7762-4fbb-8a6d-125c31a22b94 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\a029a690-f941-4aa3-aec4-c1b4f2cb0d27 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\b68407c9-0dfe-45ab-a130-f8e2d1889dfb 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\badf8c80-39be-45f3-8414-92457a38ab8e 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\be6042e4-cc0e-4e73-9d4c-9d3bb8b1429a 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2) 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\034991d8-8606-4121-b57e-3a3ae23615eb 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\72a7614e-eb7c-472c-a197-c4a50f837e26 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\85d21231-7762-4fbb-8a6d-125c31a22b94 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\a029a690-f941-4aa3-aec4-c1b4f2cb0d27 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\b68407c9-0dfe-45ab-a130-f8e2d1889dfb 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\be6042e4-cc0e-4e73-9d4c-9d3bb8b1429a 388 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1008(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Dr. O'Toole\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\eho 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\config.ini 85 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\eho.pwm 1190 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\eho.pwm 1190 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\encobject.dat 14472 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\pwmaction.dat 60 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Lenovo\Client Security Solution(2)\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1009 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1009\49ac1cf87687c5a4c794042acbff288e_5d4485a4-a16f-46c3-afda-1282449dc34a 2075 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1009\53003b4f94492a35d8d60f0e1fd58a78_5d4485a4-a16f-46c3-afda-1282449dc34a 44 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1009\533145ef011ddf5ca3983e2545a902b4_5d4485a4-a16f-46c3-afda-1282449dc34a 2075 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1009\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1009(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\49ac1cf87687c5a4c794042acbff288e_5d4485a4-a16f-46c3-afda-1282449dc34a 2075 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\53003b4f94492a35d8d60f0e1fd58a78_5d4485a4-a16f-46c3-afda-1282449dc34a 44 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\533145ef011ddf5ca3983e2545a902b4_5d4485a4-a16f-46c3-afda-1282449dc34a 2075 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\CREDHIST 296 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1009 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1009\ac2c1567-0c8e-4477-a777-aa843269c79e 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1009\e2682173-3f1a-41b8-880b-ecff165cc61c 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1009\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\CREDHIST 296 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1009(2) 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\ac2c1567-0c8e-4477-a777-aa843269c79e 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\e2682173-3f1a-41b8-880b-ecff165cc61c 388 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1009(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\eho\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Holly 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010\6b29ae44e85efac3c72ff4d1865d73f1_5d4485a4-a16f-46c3-afda-1282449dc34a 53 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010\7753899e52106588367e4f97574a0b12_5d4485a4-a16f-46c3-afda-1282449dc34a 59 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010\932a2db58c237abd381d22df4c63a04a_5d4485a4-a16f-46c3-afda-1282449dc34a 87 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010\cfcd3282100a5c74f6fb046fab0c5a24_5d4485a4-a16f-46c3-afda-1282449dc34a 66 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA\S-1-5-21-97781160-452634223-3494295029-1010\f7495999cae2dfb5d20bc550e4e1dbc7_5d4485a4-a16f-46c3-afda-1282449dc34a 46 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1010(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Crypto\RSA(2)\S-1-5-21-97781160-452634223-3494295029-1010(2)\8f71098770f72c7a67cd8f1151619865_5d4485a4-a16f-46c3-afda-1282449dc34a 54 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\CREDHIST 296 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-2571743122-2494512322-848152961-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-3104627009-1059272885-2089410752-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-3660438196-3809667678-1483583091-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1010 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1010\32ccd9c5-03c3-4bae-b29d-e7e60832527c 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1010\d9a57db2-2d29-440e-8847-98a197431234 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1010\db199e95-b276-42e5-a3c9-58761cc5ab8e 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect\S-1-5-21-97781160-452634223-3494295029-1010\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\CREDHIST 296 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\2bce9c96-430b-4f9d-a0ad-ecd04a11b75c 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-2571743122-2494512322-848152961-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\28de7324-301a-417f-bd08-817b32f88bd0 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-3104627009-1059272885-2089410752-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\d434bb50-b83b-4936-ab42-0c9d4909af16 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-3660438196-3809667678-1483583091-500(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1010(2) 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1010(2)\db199e95-b276-42e5-a3c9-58761cc5ab8e 388 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\Protect(2)\S-1-5-21-97781160-452634223-3494295029-1010(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Holly\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Crypto\RSA\S-1-5-19 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\0f35d90a-2f1f-4cc2-b039-ca87cb78eee9 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\0ffda8d6-8d3b-4aef-ae5e-fae5bf975907 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\167a1d7d-fac5-4dd6-b5c8-6c8107c8090e 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\22733a3c-5978-48f5-a617-e9c5113be134 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\241c0c92-0c18-45d4-8bbc-bb88f16f4fe7 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\24b268fe-fd9d-4847-8f5d-f693bd412a50 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\25ed3717-445e-4870-be9f-f064e5588efa 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\28b7137f-6b39-4930-838e-a756ca5d0571 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\29bf6a29-c50b-4c68-94c5-a7496b2c5533 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\2d597582-e8cb-47d3-aac5-fbce458a19eb 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\2d9da207-a780-43e7-b6a0-05cfe6f05851 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\343ab156-49b6-45aa-9368-8a8664c68247 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\42fbb640-df99-4926-9a8e-e4416923db2d 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\4386e0a8-8516-44b4-b54e-4939b24d743b 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\48eeb221-6de9-4258-ac2e-b5b945465c7c 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\4a22f085-ba08-44c6-bc41-6c6d4d3670ba 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\4c5fedee-0499-4579-9876-829e303d99fa 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\4da97535-81b6-41e8-ac4b-b3251c88f489 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\5570a5b0-871b-485d-a2aa-743ae86eb920 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\562f77ca-1af5-4e41-8fa1-5fa64463b460 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\578258e8-0d61-4dee-abef-7bd7e26cab09 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\603c44fb-8a88-486c-a5df-a2ede17a37a2 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\64a3de42-58cb-4e2c-81f7-bf5b25ed0920 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\6869c330-212f-4758-b5f1-1803e9b185f8 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\6ee7398b-f71d-4a1c-a0df-6fb628f16713 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\71449596-242f-4374-a313-4237a8066b4d 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\797a8962-9246-4a3f-9a21-e3cf8a8a0499 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\91ea2f6c-3c15-46fb-9050-f1b5994df4cc 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\a78f008e-42d4-40cb-b776-3810f016b281 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\a8adfb00-14f0-4c90-92ae-b417c3ec205d 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\a9fb5981-1fc4-4463-bbf5-fe45867327d6 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\adc674ce-b7c8-4083-80a6-cd4ca4b4d710 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\b0040ea7-cdcd-4c51-b28c-937a1ea246d8 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\b1e76ebf-8e39-437c-9f7a-5ade4a10a8c7 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\b3d3fc9f-980b-4567-b22b-f64daa89d880 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\27ac15e5-48f9-4548-bf1c-002eddcee221 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\445a30fc-74c9-4555-b48f-295cbb7cd1c9 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\59a1a0e0-3933-403e-84cb-ad4fe4bebafc 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\9bf783b7-daf2-4a6a-9d24-09cdef9bb2a8 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\b3dec820-de01-46c6-8f36-46c78acd711b 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\cfbc8e26-6371-4323-b611-38fa6d31fbc2 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\b7867f9f-d0ac-43b1-a523-41a9db807df1 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\becbf081-fe0c-4e45-85c3-d3a6c1d18eb2 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\c0a4ad06-a69c-4e37-b7ed-8439b67330e1 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\c1855a1a-2577-4dbc-8d04-6103cc51ac9a 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\c2316449-2447-4092-8975-7032fe1d61f4 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\c4c35251-a057-43bb-b43e-2ff8b8b554d9 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\c678338d-ca12-4b70-9f8a-72e697bdfa94 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\d1cc5dc2-806f-48ed-89ac-60639685f2cd 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\db9c984a-9ef2-4291-8a8d-005c4c5c2615 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\dfc87ce1-e818-4b03-9dad-56d064a75f40 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\e331cb54-2341-41b9-9395-04090f397890 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\e3437b23-616a-4ad1-9684-530cf539acea 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\e477f1f1-e232-4740-bc93-7de29f093a50 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\e7ea78da-0e51-4edf-a134-b5d9fa5ef63f 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\ecb7ef42-a38d-44ac-ac7a-bfc30beb8ea5 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\efcca3e9-1ecd-4834-82a0-fbce62bf683b 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\f427bbfc-31e0-40ee-b78c-26f4e05d108b 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\f8640854-e941-4b24-83b6-b457af8e962d 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\Protect\S-1-5-19\fc96c831-a17c-439c-9daf-f29436f4f833 368 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\01c183163adea65e2018c124c6673f57_5d4485a4-a16f-46c3-afda-1282449dc34a 2521 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\2f1892a5150ab1988a249883cdc88df0_5d4485a4-a16f-46c3-afda-1282449dc34a 2523 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_5d4485a4-a16f-46c3-afda-1282449dc34a 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\058c5677-2010-493e-8c15-88f5bc533505 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\0873eb66-13da-4478-b812-fd1f936e9690 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\0ca9ec5a-7379-49b1-800e-e1bee9507418 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\227263e2-16f2-4aea-bde8-1ebff79abf8d 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\94627bb7-b41a-4870-9a51-d2cab2650d04 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\a0053d22-1f4c-458d-a671-3541c367e089 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\d7887e0a-d9ad-49e2-aee8-20d9fb4e4e2e 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2) 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2) 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2)\d7887e0a-d9ad-49e2-aee8-20d9fb4e4e2e 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect(2)\S-1-5-20(2)\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes

---- EOF - GMER 1.0.15 ----

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 07 March 2012 - 03:43 PM

Without actually having the system booted up in a live setting off that hard drive it is heard to determine what the issue is that is causing the redirect.,

#13 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 March 2012 - 05:22 PM

The scans in msg#11 were from it being used as the C: drive in the laptop - is that what you mean by a live setting?


There are a bunch of shell extensions in the "registry" section of the GMER log, that look like this (@ followed by random letters):

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0CF45E-C7B3-EF75-7E30-CCF0AAF0A720}@pabhmjleofneccncaicffhcbhmmohand 0x6B 0x61 0x69 0x6A

Edited by adalgisa, 07 March 2012 - 05:33 PM.


#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:00 PM

Posted 07 March 2012 - 05:36 PM

Lets download TDSSKiller and see what it finds. If it prompts you to fix anything, please DO NOT FIX ANYTHING and post the resulting log.

#15 adalgisa

adalgisa
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 March 2012 - 05:56 PM

13:54:02.0859 2604 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
13:54:03.0656 2604 ============================================================
13:54:03.0656 2604 Current date / time: 2012/03/07 13:54:03.0656
13:54:03.0656 2604 SystemInfo:
13:54:03.0656 2604
13:54:03.0656 2604 OS Version: 5.1.2600 ServicePack: 3.0
13:54:03.0656 2604 Product type: Workstation
13:54:03.0656 2604 ComputerName: PEGGY
13:54:03.0656 2604 UserName: Dr. O'Toole
13:54:03.0656 2604 Windows directory: C:\WINDOWS
13:54:03.0656 2604 System windows directory: C:\WINDOWS
13:54:03.0656 2604 Processor architecture: Intel x86
13:54:03.0656 2604 Number of processors: 2
13:54:03.0656 2604 Page size: 0x1000
13:54:03.0656 2604 Boot type: Normal boot
13:54:03.0656 2604 ============================================================
13:54:04.0984 2604 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:54:04.0984 2604 \Device\Harddisk0\DR0:
13:54:04.0984 2604 MBR used
13:54:04.0984 2604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xACC66A1
13:54:05.0015 2604 Initialize success
13:54:05.0015 2604 ============================================================
13:54:25.0234 1860 ============================================================
13:54:25.0234 1860 Scan started
13:54:25.0234 1860 Mode: Manual;
13:54:25.0234 1860 ============================================================
13:54:25.0765 1860 Abiosdsk - ok
13:54:25.0796 1860 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:54:25.0796 1860 abp480n5 - ok
13:54:25.0812 1860 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:54:25.0828 1860 ac97intc - ok
13:54:25.0859 1860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:54:25.0875 1860 ACPI - ok
13:54:25.0875 1860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:54:25.0875 1860 ACPIEC - ok
13:54:25.0921 1860 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:54:25.0921 1860 ADIHdAudAddService - ok
13:54:25.0953 1860 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:54:25.0953 1860 adpu160m - ok
13:54:25.0968 1860 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
13:54:25.0968 1860 AEAudio - ok
13:54:25.0984 1860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:54:26.0000 1860 aec - ok
13:54:26.0031 1860 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
13:54:26.0031 1860 Afc - ok
13:54:26.0062 1860 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:54:26.0062 1860 AFD - ok
13:54:26.0093 1860 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:54:26.0093 1860 agp440 - ok
13:54:26.0171 1860 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:54:26.0171 1860 agpCPQ - ok
13:54:26.0203 1860 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:54:26.0203 1860 Aha154x - ok
13:54:26.0218 1860 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:54:26.0218 1860 aic78u2 - ok
13:54:26.0250 1860 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:54:26.0250 1860 aic78xx - ok
13:54:26.0281 1860 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:54:26.0281 1860 AliIde - ok
13:54:26.0296 1860 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:54:26.0296 1860 alim1541 - ok
13:54:26.0312 1860 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:54:26.0312 1860 amdagp - ok
13:54:26.0328 1860 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:54:26.0328 1860 amsint - ok
13:54:26.0359 1860 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
13:54:26.0421 1860 ANC - ok
13:54:26.0453 1860 AR5211 (bd4a059b937a64f403e693dcaa26fe38) C:\WINDOWS\system32\DRIVERS\ar5211.sys
13:54:26.0468 1860 AR5211 - ok
13:54:26.0546 1860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:54:26.0546 1860 Arp1394 - ok
13:54:26.0578 1860 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:54:26.0578 1860 asc - ok
13:54:26.0593 1860 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:54:26.0593 1860 asc3350p - ok
13:54:26.0625 1860 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:54:26.0625 1860 asc3550 - ok
13:54:26.0640 1860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:54:26.0640 1860 AsyncMac - ok
13:54:26.0671 1860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:54:26.0671 1860 atapi - ok
13:54:26.0687 1860 Atdisk - ok
13:54:26.0718 1860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:54:26.0718 1860 Atmarpc - ok
13:54:26.0765 1860 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
13:54:26.0765 1860 atmeltpm - ok
13:54:26.0781 1860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:54:26.0781 1860 audstub - ok
13:54:26.0812 1860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:54:26.0812 1860 Beep - ok
13:54:26.0828 1860 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:54:26.0828 1860 cbidf - ok
13:54:26.0843 1860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:54:26.0843 1860 cbidf2k - ok
13:54:26.0875 1860 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:54:26.0875 1860 CCDECODE - ok
13:54:26.0953 1860 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:54:26.0953 1860 cd20xrnt - ok
13:54:26.0968 1860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:54:26.0968 1860 Cdaudio - ok
13:54:27.0000 1860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:54:27.0000 1860 Cdfs - ok
13:54:27.0015 1860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:54:27.0015 1860 Cdrom - ok
13:54:27.0031 1860 Changer - ok
13:54:27.0062 1860 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:54:27.0062 1860 CmBatt - ok
13:54:27.0078 1860 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:54:27.0078 1860 CmdIde - ok
13:54:27.0109 1860 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:54:27.0109 1860 Compbatt - ok
13:54:27.0140 1860 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:54:27.0140 1860 Cpqarray - ok
13:54:27.0171 1860 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:54:27.0171 1860 dac2w2k - ok
13:54:27.0187 1860 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:54:27.0187 1860 dac960nt - ok
13:54:27.0203 1860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:54:27.0203 1860 Disk - ok
13:54:27.0265 1860 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:54:27.0265 1860 DLABOIOM - ok
13:54:27.0281 1860 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:54:27.0296 1860 DLACDBHM - ok
13:54:27.0312 1860 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:54:27.0328 1860 DLADResN - ok
13:54:27.0343 1860 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:54:27.0375 1860 DLAIFS_M - ok
13:54:27.0421 1860 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:54:27.0437 1860 DLAOPIOM - ok
13:54:27.0453 1860 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:54:27.0468 1860 DLAPoolM - ok
13:54:27.0484 1860 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:54:27.0500 1860 DLARTL_N - ok
13:54:27.0531 1860 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:54:27.0562 1860 DLAUDFAM - ok
13:54:27.0578 1860 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:54:27.0609 1860 DLAUDF_M - ok
13:54:27.0656 1860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:54:27.0671 1860 dmboot - ok
13:54:27.0718 1860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:54:27.0718 1860 dmload - ok
13:54:27.0750 1860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:54:27.0750 1860 DMusic - ok
13:54:27.0828 1860 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:54:27.0828 1860 dpti2o - ok
13:54:27.0906 1860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:54:27.0906 1860 drmkaud - ok
13:54:27.0921 1860 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:54:27.0937 1860 DRVMCDB - ok
13:54:27.0953 1860 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:54:28.0265 1860 DRVNDDM - ok
13:54:28.0296 1860 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:54:28.0296 1860 E100B - ok
13:54:28.0328 1860 e1express (e1e31cb759ced9bae730b86171b9c9fd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:54:28.0328 1860 e1express - ok
13:54:28.0359 1860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:54:28.0359 1860 Fastfat - ok
13:54:28.0390 1860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:54:28.0390 1860 Fdc - ok
13:54:28.0421 1860 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:54:28.0421 1860 FilterService - ok
13:54:28.0421 1860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:54:28.0437 1860 Fips - ok
13:54:28.0453 1860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:54:28.0453 1860 Flpydisk - ok
13:54:28.0468 1860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:54:28.0468 1860 FltMgr - ok
13:54:28.0484 1860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:54:28.0484 1860 Fs_Rec - ok
13:54:28.0515 1860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:54:28.0531 1860 Ftdisk - ok
13:54:28.0562 1860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:54:28.0562 1860 Gpc - ok
13:54:28.0578 1860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:54:28.0578 1860 HDAudBus - ok
13:54:28.0625 1860 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:54:28.0625 1860 HidUsb - ok
13:54:28.0718 1860 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:54:28.0718 1860 hpn - ok
13:54:28.0750 1860 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:54:28.0765 1860 HSFHWAZL - ok
13:54:28.0812 1860 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:54:28.0828 1860 HSF_DPV - ok
13:54:28.0859 1860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:54:28.0875 1860 HTTP - ok
13:54:28.0906 1860 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:54:28.0906 1860 i2omgmt - ok
13:54:28.0921 1860 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:54:28.0921 1860 i2omp - ok
13:54:28.0953 1860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:54:28.0953 1860 i8042prt - ok
13:54:29.0125 1860 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:54:29.0218 1860 ialm - ok
13:54:29.0328 1860 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:54:29.0328 1860 iaStor - ok
13:54:29.0375 1860 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
13:54:29.0375 1860 IBMPMDRV - ok
13:54:29.0406 1860 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
13:54:29.0437 1860 IBMTPCHK - ok
13:54:29.0468 1860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:54:29.0468 1860 Imapi - ok
13:54:29.0500 1860 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:54:29.0500 1860 ini910u - ok
13:54:29.0515 1860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:54:29.0515 1860 IntelIde - ok
13:54:29.0531 1860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:54:29.0531 1860 intelppm - ok
13:54:29.0562 1860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:54:29.0562 1860 Ip6Fw - ok
13:54:29.0578 1860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:54:29.0578 1860 IpFilterDriver - ok
13:54:29.0593 1860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:54:29.0593 1860 IpInIp - ok
13:54:29.0625 1860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:54:29.0625 1860 IpNat - ok
13:54:29.0656 1860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:54:29.0656 1860 IPSec - ok
13:54:29.0734 1860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:54:29.0734 1860 IRENUM - ok
13:54:29.0765 1860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:54:29.0765 1860 isapnp - ok
13:54:29.0796 1860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:54:29.0796 1860 Kbdclass - ok
13:54:29.0812 1860 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
13:54:29.0843 1860 KL1 - ok
13:54:29.0875 1860 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
13:54:29.0875 1860 kl2 - ok
13:54:29.0921 1860 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys
13:54:29.0937 1860 KLIF - ok
13:54:29.0968 1860 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
13:54:29.0968 1860 klim5 - ok
13:54:29.0984 1860 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
13:54:29.0984 1860 klmouflt - ok
13:54:30.0015 1860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:54:30.0015 1860 kmixer - ok
13:54:30.0046 1860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:54:30.0046 1860 KSecDD - ok
13:54:30.0062 1860 lbrtfdc - ok
13:54:30.0078 1860 lmimirr - ok
13:54:30.0109 1860 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:54:30.0109 1860 lvpopflt - ok
13:54:30.0156 1860 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
13:54:30.0156 1860 LVPr2Mon - ok
13:54:30.0234 1860 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:54:30.0234 1860 LVRS - ok
13:54:30.0406 1860 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:54:30.0531 1860 LVUVC - ok
13:54:30.0609 1860 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:54:30.0625 1860 mdmxsdk - ok
13:54:30.0640 1860 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\4.tmp
13:54:30.0671 1860 MEMSWEEP2 - ok
13:54:30.0703 1860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:54:30.0703 1860 mnmdd - ok
13:54:30.0734 1860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:54:30.0734 1860 Modem - ok
13:54:30.0765 1860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:54:30.0765 1860 Mouclass - ok
13:54:30.0796 1860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:54:30.0796 1860 mouhid - ok
13:54:30.0828 1860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:54:30.0843 1860 MountMgr - ok
13:54:30.0875 1860 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:54:30.0875 1860 MpFilter - ok
13:54:31.0015 1860 MpKsl02641e34 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EC9C840-F9AF-4AFE-B908-658FA0B944D1}\MpKsl02641e34.sys
13:54:31.0015 1860 MpKsl02641e34 - ok
13:54:31.0078 1860 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:54:31.0078 1860 mraid35x - ok
13:54:31.0156 1860 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:54:31.0156 1860 MREMP50 - ok
13:54:31.0171 1860 MREMP50a64 - ok
13:54:31.0171 1860 MREMPR5 - ok
13:54:31.0171 1860 MRENDIS5 - ok
13:54:31.0187 1860 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:54:31.0187 1860 MRESP50 - ok
13:54:31.0187 1860 MRESP50a64 - ok
13:54:31.0218 1860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:54:31.0218 1860 MRxDAV - ok
13:54:31.0281 1860 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:54:31.0296 1860 MRxSmb - ok
13:54:31.0328 1860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:54:31.0328 1860 Msfs - ok
13:54:31.0359 1860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:54:31.0359 1860 MSKSSRV - ok
13:54:31.0375 1860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:54:31.0390 1860 MSPCLOCK - ok
13:54:31.0406 1860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:54:31.0406 1860 MSPQM - ok
13:54:31.0421 1860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:54:31.0421 1860 mssmbios - ok
13:54:31.0468 1860 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:54:31.0484 1860 MSTEE - ok
13:54:31.0546 1860 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:54:31.0546 1860 Mup - ok
13:54:31.0578 1860 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:54:31.0578 1860 NABTSFEC - ok
13:54:31.0625 1860 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:54:31.0625 1860 NDIS - ok
13:54:31.0656 1860 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:54:31.0656 1860 NdisIP - ok
13:54:31.0687 1860 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:54:31.0687 1860 NdisTapi - ok
13:54:31.0703 1860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:54:31.0703 1860 Ndisuio - ok
13:54:31.0734 1860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:54:31.0734 1860 NdisWan - ok
13:54:31.0781 1860 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:54:31.0781 1860 NDProxy - ok
13:54:31.0812 1860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:54:31.0812 1860 NetBIOS - ok
13:54:31.0843 1860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:54:31.0843 1860 NetBT - ok
13:54:31.0875 1860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:54:31.0875 1860 NIC1394 - ok
13:54:31.0890 1860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:54:31.0890 1860 Npfs - ok
13:54:31.0921 1860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:54:31.0937 1860 Ntfs - ok
13:54:32.0031 1860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:54:32.0031 1860 Null - ok
13:54:32.0093 1860 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:54:32.0125 1860 nv - ok
13:54:32.0156 1860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:54:32.0156 1860 NwlnkFlt - ok
13:54:32.0171 1860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:54:32.0171 1860 NwlnkFwd - ok
13:54:32.0203 1860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:54:32.0218 1860 ohci1394 - ok
13:54:32.0265 1860 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
13:54:32.0265 1860 PalmUSBD - ok
13:54:32.0343 1860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:54:32.0343 1860 Parport - ok
13:54:32.0343 1860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:54:32.0359 1860 PartMgr - ok
13:54:32.0390 1860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:54:32.0390 1860 ParVdm - ok
13:54:32.0390 1860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:54:32.0406 1860 PCI - ok
13:54:32.0406 1860 PCIDump - ok
13:54:32.0421 1860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:54:32.0421 1860 PCIIde - ok
13:54:32.0437 1860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:54:32.0437 1860 Pcmcia - ok
13:54:32.0453 1860 PDCOMP - ok
13:54:32.0468 1860 PDFRAME - ok
13:54:32.0484 1860 PDRELI - ok
13:54:32.0500 1860 PDRFRAME - ok
13:54:32.0515 1860 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:54:32.0515 1860 perc2 - ok
13:54:32.0531 1860 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:54:32.0531 1860 perc2hib - ok
13:54:32.0578 1860 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
13:54:32.0578 1860 pmem - ok
13:54:32.0609 1860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:54:32.0609 1860 PptpMiniport - ok
13:54:32.0625 1860 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:54:32.0625 1860 Processor - ok
13:54:32.0640 1860 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
13:54:32.0640 1860 psadd - ok
13:54:32.0671 1860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:54:32.0671 1860 PSched - ok
13:54:32.0687 1860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:54:32.0687 1860 Ptilink - ok
13:54:32.0718 1860 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:54:32.0718 1860 PxHelp20 - ok
13:54:32.0750 1860 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:54:32.0750 1860 ql1080 - ok
13:54:32.0750 1860 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:54:32.0765 1860 Ql10wnt - ok
13:54:32.0781 1860 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:54:32.0781 1860 ql12160 - ok
13:54:32.0796 1860 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:54:32.0796 1860 ql1240 - ok
13:54:32.0875 1860 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:54:32.0875 1860 ql1280 - ok
13:54:32.0906 1860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:54:32.0906 1860 RasAcd - ok
13:54:32.0937 1860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:54:32.0937 1860 Rasl2tp - ok
13:54:32.0968 1860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:54:32.0968 1860 RasPppoe - ok
13:54:32.0984 1860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:54:32.0984 1860 Raspti - ok
13:54:33.0015 1860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:54:33.0015 1860 Rdbss - ok
13:54:33.0046 1860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:54:33.0046 1860 RDPCDD - ok
13:54:33.0078 1860 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:54:33.0078 1860 rdpdr - ok
13:54:33.0109 1860 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:54:33.0109 1860 RDPWD - ok
13:54:33.0125 1860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:54:33.0140 1860 redbook - ok
13:54:33.0171 1860 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:54:33.0171 1860 rimmptsk - ok
13:54:33.0187 1860 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:54:33.0187 1860 rimsptsk - ok
13:54:33.0250 1860 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:54:33.0250 1860 rismxdp - ok
13:54:33.0343 1860 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:54:33.0343 1860 SASDIFSV - ok
13:54:33.0359 1860 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:54:33.0359 1860 SASKUTIL - ok
13:54:33.0437 1860 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:54:33.0437 1860 sdbus - ok
13:54:33.0453 1860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:54:33.0453 1860 Secdrv - ok
13:54:33.0484 1860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:54:33.0484 1860 serenum - ok
13:54:33.0500 1860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:54:33.0515 1860 Serial - ok
13:54:33.0531 1860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:54:33.0531 1860 Sfloppy - ok
13:54:33.0578 1860 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
13:54:33.0609 1860 Shockprf - ok
13:54:33.0687 1860 Simbad - ok
13:54:33.0703 1860 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:54:33.0718 1860 sisagp - ok
13:54:33.0734 1860 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:54:33.0734 1860 SLIP - ok
13:54:33.0812 1860 smihlp (350483c5a139f8a39ed3191aff39bed0) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
13:54:33.0812 1860 smihlp - ok
13:54:33.0843 1860 snapman (692141d5ac9d48647fec63ac859ecd69) C:\WINDOWS\system32\DRIVERS\snapman.sys
13:54:33.0875 1860 snapman - ok
13:54:33.0906 1860 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:54:33.0906 1860 Sparrow - ok
13:54:33.0937 1860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:54:33.0937 1860 splitter - ok
13:54:33.0968 1860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:54:33.0968 1860 sr - ok
13:54:34.0000 1860 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
13:54:34.0015 1860 Srv - ok
13:54:34.0093 1860 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:54:34.0109 1860 streamip - ok
13:54:34.0125 1860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:54:34.0125 1860 swenum - ok
13:54:34.0140 1860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:54:34.0140 1860 swmidi - ok
13:54:34.0171 1860 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:54:34.0171 1860 symc810 - ok
13:54:34.0187 1860 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:54:34.0187 1860 symc8xx - ok
13:54:34.0203 1860 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:54:34.0218 1860 sym_hi - ok
13:54:34.0234 1860 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:54:34.0234 1860 sym_u3 - ok
13:54:34.0265 1860 SynTP (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:54:34.0265 1860 SynTP - ok
13:54:34.0296 1860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:54:34.0296 1860 sysaudio - ok
13:54:34.0343 1860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:54:34.0343 1860 Tcpip - ok
13:54:34.0437 1860 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys
13:54:34.0437 1860 TcUsb - ok
13:54:34.0468 1860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:54:34.0468 1860 TDPIPE - ok
13:54:34.0484 1860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:54:34.0484 1860 TDTCP - ok
13:54:34.0515 1860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:54:34.0515 1860 TermDD - ok
13:54:34.0562 1860 tifsfilter (1d4e8d7041ca9069f65e132249a81b6d) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:54:34.0578 1860 tifsfilter - ok
13:54:34.0593 1860 timounter (f86ff17a6f9ebd4d8c2fec4b6d0a4787) C:\WINDOWS\system32\DRIVERS\timntr.sys
13:54:34.0656 1860 timounter - ok
13:54:34.0687 1860 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:54:34.0703 1860 TosIde - ok
13:54:34.0718 1860 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
13:54:34.0734 1860 TPDIGIMN - ok
13:54:34.0781 1860 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
13:54:34.0781 1860 TPHKDRV - ok
13:54:34.0828 1860 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
13:54:34.0828 1860 TPPWRIF - ok
13:54:34.0859 1860 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
13:54:34.0890 1860 TSMAPIP - ok
13:54:34.0984 1860 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
13:54:34.0984 1860 tvtfilter - ok
13:54:35.0015 1860 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
13:54:35.0015 1860 TVTI2C - ok
13:54:35.0031 1860 TVTPktFilter - ok
13:54:35.0062 1860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:54:35.0078 1860 Udfs - ok
13:54:35.0078 1860 UIUSys - ok
13:54:35.0109 1860 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:54:35.0109 1860 ultra - ok
13:54:35.0156 1860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:54:35.0171 1860 Update - ok
13:54:35.0203 1860 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:54:35.0218 1860 usbaudio - ok
13:54:35.0234 1860 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:54:35.0234 1860 usbccgp - ok
13:54:35.0250 1860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:54:35.0250 1860 usbehci - ok
13:54:35.0281 1860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:54:35.0281 1860 usbhub - ok
13:54:35.0343 1860 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:54:35.0343 1860 usbprint - ok
13:54:35.0375 1860 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:54:35.0375 1860 usbscan - ok
13:54:35.0390 1860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:54:35.0390 1860 USBSTOR - ok
13:54:35.0421 1860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:54:35.0437 1860 usbuhci - ok
13:54:35.0453 1860 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:54:35.0453 1860 usbvideo - ok
13:54:35.0484 1860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:54:35.0484 1860 VgaSave - ok
13:54:35.0515 1860 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:54:35.0515 1860 viaagp - ok
13:54:35.0546 1860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:54:35.0546 1860 ViaIde - ok
13:54:35.0578 1860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:54:35.0578 1860 VolSnap - ok
13:54:35.0609 1860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:54:35.0609 1860 Wanarp - ok
13:54:35.0625 1860 WDICA - ok
13:54:35.0640 1860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:54:35.0640 1860 wdmaud - ok
13:54:35.0687 1860 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:54:35.0703 1860 winachsf - ok
13:54:35.0812 1860 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:54:35.0812 1860 WmiAcpi - ok
13:54:35.0875 1860 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:54:35.0875 1860 WpdUsb - ok
13:54:35.0906 1860 WSIMD (2ea107f535b0b7bfb1d8d6bd79325dbb) C:\WINDOWS\system32\DRIVERS\wsimd.sys
13:54:35.0906 1860 WSIMD - ok
13:54:35.0937 1860 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:54:35.0953 1860 WSTCODEC - ok
13:54:35.0968 1860 WudfPf (c3cdf4e72a29e5e5727accd20d68abeb) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:54:36.0031 1860 WudfPf - ok
13:54:36.0046 1860 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:54:36.0046 1860 WudfRd - ok
13:54:36.0078 1860 MBR (0x1B8) (28ec4ac999c539fbc52decde90bebf9d) \Device\Harddisk0\DR0
13:54:36.0265 1860 \Device\Harddisk0\DR0 - ok
13:54:36.0265 1860 Boot (0x1200) (4cfbd240d858643073c12025d6db4679) \Device\Harddisk0\DR0\Partition0
13:54:36.0265 1860 \Device\Harddisk0\DR0\Partition0 - ok
13:54:36.0265 1860 ============================================================
13:54:36.0265 1860 Scan finished
13:54:36.0265 1860 ============================================================
13:54:36.0281 1188 Detected object count: 0
13:54:36.0281 1188 Actual detected object count: 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users