GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-01-26 16:18:38 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.14.0 Running: gmer.exe; Driver: C:\Users\Dom\AppData\Local\Temp\kftdapog.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[636] kernel32.dll!CreateThread 768FCB0E 5 Bytes JMP 70A675DB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!SetWindowsHookExW 764287AD 5 Bytes JMP 70AA25AC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!CallNextHookEx 76428E3B 5 Bytes JMP 70AC7FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!UnhookWindowsHookEx 764298DB 5 Bytes JMP 70AEED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!EnableWindow 7642CD8B 5 Bytes JMP 70AA9EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!DefWindowProcA 7642DB88 7 Bytes JMP 70A69805 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!CreateWindowExA 7642DC2A 5 Bytes JMP 70A7363B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!CreateWindowExW 76431305 5 Bytes JMP 70AD03CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!DefWindowProcW 764403B4 7 Bytes JMP 70AC8042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 70A01893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxIndirectParamW 76452EF5 5 Bytes JMP 70BF8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxParamA 76468152 5 Bytes JMP 70BF8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxIndirectParamA 7646847D 5 Bytes JMP 70BF901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxIndirectA 7647D4D9 5 Bytes JMP 70BF8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxIndirectW 7647D5D3 5 Bytes JMP 70BF8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxExA 7647D639 5 Bytes JMP 70BF8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxExW 7647D65D 5 Bytes JMP 70BF8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[636] ole32.dll!OleLoadFromStream 77B31E80 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[636] ole32.dll!OleLoadFromStream 77B31E80 5 Bytes JMP 70BF9784 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1144] kernel32.dll!SetUnhandledExceptionFilter 768DA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!EnableWindow 7642CD8B 5 Bytes JMP 70AA9EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamW 764510B0 5 Bytes JMP 70A01893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamW 76452EF5 5 Bytes JMP 70BF8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamA 76468152 5 Bytes JMP 70BF8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamA 7646847D 5 Bytes JMP 70BF901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectA 7647D4D9 5 Bytes JMP 70BF8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectW 7647D5D3 5 Bytes JMP 70BF8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExA 7647D639 5 Bytes JMP 70BF8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExW 7647D65D 5 Bytes JMP 70BF8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74B37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B7B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74B375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74B673F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74B3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74BBCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74B5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[524] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAC 0x18 0x02 0x93 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x92 0x6E 0x46 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0E 0x47 0xCA 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x32 0x7A 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x68 0xFB 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0x80 0x1A 0x18 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAC 0x18 0x02 0x93 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x92 0x6E 0x46 0x96 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0E 0x47 0xCA 0x2D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x32 0x7A 0x43 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD9 0x68 0xFB 0xBE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0x80 0x1A 0x18 ... ---- Files - GMER 1.0.15 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\common 0 bytes File C:\RRbackups\common\backups.dat 8192 bytes File C:\RRbackups\common\bmgrmode.dat 29 bytes File C:\RRbackups\common\css.dat 8192 bytes File C:\RRbackups\common\hints.dat 8192 bytes File C:\RRbackups\common\mnd.dat 8192 bytes File C:\RRbackups\common\regcerts.dat 8192 bytes File C:\RRbackups\common\restore.log 110 bytes File C:\RRbackups\common\rr.log 115439 bytes File C:\RRbackups\common\rr_bcdenum.dat 4617 bytes File C:\RRbackups\common\SAM 262144 bytes File C:\RRbackups\common\seccache.dat 8192 bytes File C:\RRbackups\common\secpolicy.dat 20480 bytes File C:\RRbackups\common\settings.dat 32768 bytes File C:\RRbackups\common\system.dat 12288 bytes File C:\RRbackups\common\tvtcmn.dat 8192 bytes File C:\RRbackups\common\usersids.dat 14560 bytes File C:\RRbackups\Documents and Settings 0 bytes File C:\RRbackups\Documents and Settings\Administrator 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Dom 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\216e89749feef86aa7ed5f731c2c61ec_65768d38-f0e7-4e13-9669-db03c21bfbfc 44 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\3a679951e6f2eb81b341c95e9ffe4a25_65768d38-f0e7-4e13-9669-db03c21bfbfc 77 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\5550e7cb640347345a345c63aa7a6848_65768d38-f0e7-4e13-9669-db03c21bfbfc 59 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\62a45886e06c7d046ea8b819bec0598a_65768d38-f0e7-4e13-9669-db03c21bfbfc 45 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\6b29ae44e85efac3c72ff4d1865d73f1_65768d38-f0e7-4e13-9669-db03c21bfbfc 53 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\83aa4cc77f591dfc2374580bbd95f6ba_65768d38-f0e7-4e13-9669-db03c21bfbfc 45 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2579762865-1940111946-1283946872-1003\8f71098770f72c7a67cd8f1151619865_65768d38-f0e7-4e13-9669-db03c21bfbfc 54 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\08eb9690-92a7-4682-a1c6-f42cc6f1dcf2 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\1cde6a84-87a0-4951-a7af-4d94b38d4036 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\4d3dab6e-a2b6-4cf2-a6be-b6fa68685837 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\5207849a-92dc-4413-990b-bcb9bddaf5af 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\6d4eca08-abdd-4cb6-b3b2-74ed9c61f8dc 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\b81f9de3-8cfd-4cd8-8b7b-2246ad183103 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\bdbcbf8b-9e1b-49ab-b487-973d8028a162 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\c01e3d52-59ca-4c9b-8ba9-478e53eb664f 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\c62d0ad0-f6e7-4016-8dd9-226f43e172fb 388 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\Protect\S-1-5-21-2579762865-1940111946-1283946872-1003\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Dom\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\ProgramData 0 bytes File C:\RRbackups\ProgramData\Lenovo 0 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes File C:\RRbackups\ProgramData\Microsoft 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\404b466b6bfefd5de0c0a19f33336d46_65768d38-f0e7-4e13-9669-db03c21bfbfc 1765 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\3a679951e6f2eb81b341c95e9ffe4a25_65768d38-f0e7-4e13-9669-db03c21bfbfc 77 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\4a83060920cae32caf902bed48d1fdd9_65768d38-f0e7-4e13-9669-db03c21bfbfc 58 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\62a45886e06c7d046ea8b819bec0598a_65768d38-f0e7-4e13-9669-db03c21bfbfc 45 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_65768d38-f0e7-4e13-9669-db03c21bfbfc 47 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\83aa4cc77f591dfc2374580bbd95f6ba_65768d38-f0e7-4e13-9669-db03c21bfbfc 45 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_65768d38-f0e7-4e13-9669-db03c21bfbfc 54 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\94348ade95b67e8f2e884ed7b348b833_65768d38-f0e7-4e13-9669-db03c21bfbfc 59 bytes File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_65768d38-f0e7-4e13-9669-db03c21bfbfc 899 bytes ---- EOF - GMER 1.0.15 ----