Lots Of Trojans Keep Popping..hijack Log Shows Someting Suspect

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Lots Of Trojans Keep Popping..hijack Log Shows Someting Suspect, any1 please help!

Options

jaosh View Member Profile	Oct 3 2008, 08:04 AM Post #1
New Member Group: Members Posts: 13 Joined: 4-July 08 Member No.: 220,365	hey guys.hoping some1 can help me out here..i have avira antivirus along wit malwarebyes anti malware along with adaware(which doesnt really work for me)..ive posted a hijack log and a malware bytes long..please help me cuz i feel this is serious check out the O20 and O21 regions in the hijack log..i suspect thats the problem!..please help anyone! **hijack log* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:30:41 PM, on 10/3/2008 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ping.exe C:\Program Files\Sify Broadband\BBClient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Sify Broadband\BBImpSec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-BL8BC.exe" /REG O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CCS\Services\Tcpip\..\{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CS1\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CS3\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: HBmhly.dll,HBFY.dll,HBBO.dll O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - (no file) O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - (no file) O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - (no file) O21 - SSODL: mznuetzd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - (no file) O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7705 bytes malwarebytes anti-malware bytes log** (something got cleaned and deleted but it keeps popping up) Malwarebytes' Anti-Malware 1.21 Database version: 969 Windows 5.1.2600 Service Pack 2, v.2096 8:39:12 AM 10/3/2008 mbam-log-10-3-2008 (08-39-12).txt Scan type: Quick Scan Objects scanned: 42775 Time elapsed: 6 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 15 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzwr32 (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\XGNJAJHG\07[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\XGNJAJHG\09[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\50JEUMKU\14[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\04[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\06[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\10[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\13[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\03[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\05[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\08[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\11[2].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\12[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\15[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\16[2].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ (Dialer) -> Quarantined and deleted successfully. Hope any of you guys can help me quick..thanks

PropagandaPanda View Member Profile	Oct 3 2008, 04:01 PM Post #2
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log. I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach. You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please hold tight. With Regards, The Panda Important Note to Other Users Reading this Topic: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed. -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

jaosh View Member Profile	Oct 4 2008, 12:25 AM Post #3
New Member Group: Members Posts: 13 Joined: 4-July 08 Member No.: 220,365	Hey Propaganda Panda.. Just thought ill add my Avira Full System Scan Log from last night.. Avira AntiVir Personal Report file date: Friday, October 03, 2008 21:41 Scanning for 1657543 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2, v.2096) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: MR Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 05:27:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 04:26:42 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 09:14:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 04:28:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 07:03:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 10:24:16 ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 9/26/2008 05:04:12 ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 10/2/2008 04:57:32 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 06:28:22 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 10/1/2008 05:06:46 AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 09:14:50 AERDL.DLL : 8.1.1.2 438644 Bytes 10/1/2008 05:06:32 AEPACK.DLL : 8.1.2.3 364918 Bytes 10/1/2008 05:05:52 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 10/1/2008 05:05:30 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/1/2008 05:05:18 AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 09:14:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 10/1/2008 05:04:38 AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 05:03:22 AECORE.DLL : 8.1.1.11 172406 Bytes 10/1/2008 05:04:26 AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 09:14:50 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 05:10:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 05:58:02 AVREP.DLL : 8.0.0.2 98344 Bytes 10/1/2008 05:04:20 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 07:56:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 04:59:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 08:57:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 13:58:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 09:19:42 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 08:35:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 10:18:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 10:04:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: delete Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Friday, October 03, 2008 21:41 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'BBImpSec.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'BBClient.exe' - '1' Module(s) have been scanned Scan process 'ping.exe' - '1' Module(s) have been scanned Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'VSNP325.EXE' - '1' Module(s) have been scanned Scan process 'TSNP325.EXE' - '1' Module(s) have been scanned Scan process 'FixCamera.exe' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '58' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C1QFSHI7\gbu[1].gif [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temp\14.cab [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temp\09.cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KBKXUF8X\05[2].cab [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KBKXUF8X\06[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KBKXUF8X\10[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\abc[1].gif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\04[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\07[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\08[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\12[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\14[1].cab [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\C41ABL9E\eee[1].gif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\C41ABL9E\ad[1].css [DETECTION] Is the TR/Crypt.XDR.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\C41ABL9E\09[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\gbu[1].gif [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\01[2].cab --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/Qhost.kmd Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\02[2].cab [DETECTION] Is the TR/Drop.Small.bsy Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\03[1].cab [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\11[1].cab [0] Archive type: OVL --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\13[1].cab [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0217950.sys [DETECTION] Is the TR/Thief.MultiFirst.D Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218267.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0219267.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220267.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220268.sys [DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220269.dll [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220270.dll [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220271.dll [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220272.dll [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220273.exe [DETECTION] Is the TR/Spy.Agent.nxa Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220402.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220410.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220418.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220426.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220554.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! Begin scan in 'D:\' D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210870.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210872.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210874.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210875.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210876.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210877.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210878.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210881.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210883.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210884.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210885.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210886.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210887.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210888.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210891.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210892.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210893.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210894.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210895.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210896.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210897.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210898.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210899.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210900.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210901.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210902.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210903.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210904.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210909.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210910.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210911.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210912.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210913.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210914.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210915.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210916.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210917.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210918.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210919.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210920.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210921.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210922.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210923.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210924.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210925.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210926.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210927.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210928.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210929.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210930.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210934.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210936.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210951.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP279\A0211067.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP279\A0211069.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP279\A0211084.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211350.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211351.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211352.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211353.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211354.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211355.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211356.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211357.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211358.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211359.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211360.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211365.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211366.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211367.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211388.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211390.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211391.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211392.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211393.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211394.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211395.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211396.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211397.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211399.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211403.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211404.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211405.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211406.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211407.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211408.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211409.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211410.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211411.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211412.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211413.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211414.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211415.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211416.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211417.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211418.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211505.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211506.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211507.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211508.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211509.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211510.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211511.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211512.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211513.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211514.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211515.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211999.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212000.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212001.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212002.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212003.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212004.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212005.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212006.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212007.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212008.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212009.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212096.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212097.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212098.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212099.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212100.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212101.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212102.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212103.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212104.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212105.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212106.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212107.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212108.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212109.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212110.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212111.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212115.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212117.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212118.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212119.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212120.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212121.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212122.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212123.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212124.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212126.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212786.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212788.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212790.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212791.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212793.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212794.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212795.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212797.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212799.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212800.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212801.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212802.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212803.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212804.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212807.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212808.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212809.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212810.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212811.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212812.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212813.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212814.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212815.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212816.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212817.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212818.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212819.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212820.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212825.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212826.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212827.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212828.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212829.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212830.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212831.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212832.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212833.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212834.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212835.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212836.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212837.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212838.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212839.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212840.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212841.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212842.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212843.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212844.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212845.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212846.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212850.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212852.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212867.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213335.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213336.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213337.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213338.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213339.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213340.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213341.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213342.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213343.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213344.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213345.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213432.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213433.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213434.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213451.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213453.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213454.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213455.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213456.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213457.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213458.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213459.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213460.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213462.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213464.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213465.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213466.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213467.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213468.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213469.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213472.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213473.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213474.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213475.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213476.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213477.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213478.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213479.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213480.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213481.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213482.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213483.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213484.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213485.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213490.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213491.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213492.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213493.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213494.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213495.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213496.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213497.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213498.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213499.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213500.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213501.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213502.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213503.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213504.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213505.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213506.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213507.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213508.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213509.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213510.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213511.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213515.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213517.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213532.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214133.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214134.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214135.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214136.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214137.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214138.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214139.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214140.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214141.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214142.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214143.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214226.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214227.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214228.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214229.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214230.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214231.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214232.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214233.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214234.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214235.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214236.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214237.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214238.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214239.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214240.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214241.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214245.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214247.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214248.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214249.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214250.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214251.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214252.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214253.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214254.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214256.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214258.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214259.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214260.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214261.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214262.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214263.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214266.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214267.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214268.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214269.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214270.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214271.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214272.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214273.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214274.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214275.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214276.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214277.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214278.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214279.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214283.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214284.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214285.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214286.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214287.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214288.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214289.EXE [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214290.EXE [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214291.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214292.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214293.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214294.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214295.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214296.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214297.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214298.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214299.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214300.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214301.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214302.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214303.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214304.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214308.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214310.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214321.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214595.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214596.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214597.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214598.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214599.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214600.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214601.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214602.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214603.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214604.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214605.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214685.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214686.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214687.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214688.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214689.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214690.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214691.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214692.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214693.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214694.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214695.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214696.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214697.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214698.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214699.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214700.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214703.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214706.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214707.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214710.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214711.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214712.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214713.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214714.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214715.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214716.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214717.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214718.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214719.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214720.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214721.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214722.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214723.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214726.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214727.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214728.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214729.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214730.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214731.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214732.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214733.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214734.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214735.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214736.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214737.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214738.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214739.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214740.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214741.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214742.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214743.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214744.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214745.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214746.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214747.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217265.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217266.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217267.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217268.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217269.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217270.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217271.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217272.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217273.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217274.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217275.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217355.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217356.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217357.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217358.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217359.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217360.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217361.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217362.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217363.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217364.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217365.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217366.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217367.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217368.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217369.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217370.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217372.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217374.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217375.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217376.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217377.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217378.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217379.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217380.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217381.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217383.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217385.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217386.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217387.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217388.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217389.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217390.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217393.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217394.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217395.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217396.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217397.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217398.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217399.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217400.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217401.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217402.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217403.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217404.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217405.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217406.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217409.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217410.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217411.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217412.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217413.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217414.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217415.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217416.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217417.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217418.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217419.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217420.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217421.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217422.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217423.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217424.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217425.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217426.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217427.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217428.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217429.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217430.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217434.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217436.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217447.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217673.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217674.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217675.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217676.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217677.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217678.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217679.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217680.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217681.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217682.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217683.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217763.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217764.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217765.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217766.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217767.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217768.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217769.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217770.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217771.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217772.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217773.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217774.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217775.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217776.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217777.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217778.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217780.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217782.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217783.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217784.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217785.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217786.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217787.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217788.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217789.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217791.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217793.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217794.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217795.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217796.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217797.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217798.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217801.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217802.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217803.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217804.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217805.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217806.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217807.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217808.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217809.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217810.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217811.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217812.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217813.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217814.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217817.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217818.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217819.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217820.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217821.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217822.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217823.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217824.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217825.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217826.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217827.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217828.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217829.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217830.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217831.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217832.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217833.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217834.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217835.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217836.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217837.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217838.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217842.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217844.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217855.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218067.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218068.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218069.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218070.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218071.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218072.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218073.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218074.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218154.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218155.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218156.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218157.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218158.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218159.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218160.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218161.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218162.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218163.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218164.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218165.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218166.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218167.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218168.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218169.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218416.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218417.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218418.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218419.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218420.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218421.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218422.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218423.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218424.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218425.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218426.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218506.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218507.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218508.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218509.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218510.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218511.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218512.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218513.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218514.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218515.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218516.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218517.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218518.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218519.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218520.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218521.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218523.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218525.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218526.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218527.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218528.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218529.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218530.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218531.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218532.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218534.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218536.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218537.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218538.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218539.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218540.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218541.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218544.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218545.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218546.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218547.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218548.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218549.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218550.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218551.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218552.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218553.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218554.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218555.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218556.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218557.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218560.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218561.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218562.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218563.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218564.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218565.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218566.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218567.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218568.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218569.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218570.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218571.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218572.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218573.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218574.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218575.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218576.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218577.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218578.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218579.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218580.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218581.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218585.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218587.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218598.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220715.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220716.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220717.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220718.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220719.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220720.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220721.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220722.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220723.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220724.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220725.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220805.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220806.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220807.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220808.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220809.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220810.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220811.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220812.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220813.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220814.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220815.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220816.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220817.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220818.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220819.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220820.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220822.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220824.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220825.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220826.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220827.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220828.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220829.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220830.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220831.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220833.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220835.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220836.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220837.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220838.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220839.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220840.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220843.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220844.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220845.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220846.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220847.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220848.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220849.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220850.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220851.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220852.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220853.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220854.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220855.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220856.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220859.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220860.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220861.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220862.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220863.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220864.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220865.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220866.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220867.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220868.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220869.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220870.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220871.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220872.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220873.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220874.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220875.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220876.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220877.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220878.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220879.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220880.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220884.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220886.exe [WARNING] The file could not be opened! D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220897.exe [WARNING] The file could not be opened! D:\WarRock\WRLauncher.VIR [DETECTION] Contains recognition pattern of the W32/Almanahe.B Windows virus [NOTE] The file was deleted! D:\WarRock\dxsetup.VIR [DETECTION] Contains recognition pattern of the W32/Almanahe.B Windows virus [NOTE] The file was deleted! D:\WarRock\WRUpdater.VIR [DETECTION] Contains recognition pattern of the W32/Almanahe.B Windows virus [NOTE] The file was deleted! D:\RANDOM\DSF 1-16(S.E sem2)\A1_GLL.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\DIJKST~1.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\ALLM_L~1.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\THREADED.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\DFBFS.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\DFS_GRAP.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\KRUS.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\PRIMS.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\NEWTEX~3.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\PRIM.EXE [WARNING] The file could not be opened! D:\RANDOM\DSF 1-16(S.E sem2)\2WR-R~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\3MIRRO~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\1GLL.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\8BSTAD~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\13QUIC~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\14MERG~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\16HUFF~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\9HAS~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\9HASHW~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\NONAME00.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\7KRUSP~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\11DAF~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\12INDE~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\5DFSBF~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\4THREA~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\10INDE~1.EXE [WARNING] The file could not be opened! D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\2EXPTREE.EXE [WARNING] The file could not be opened! D:\TC\BIN\MAKE.EXE [WARNING] The file could not be opened! D:\TC\BIN\TLIB.EXE [WARNING] The file could not be opened! D:\TC\BIN\TLINK.EXE [WARNING] The file could not be opened! D:\TC\BIN\GREP2MSG.EXE [WARNING] The file could not be opened! D:\TC\BIN\PRJ2MAK.EXE [WARNING] The file could not be opened! D:\TC\BIN\PRJCNVT.EXE [WARNING] The file could not be opened! D:\TC\BIN\TASM2MSG.EXE [WARNING] The file could not be opened! D:\TC\BIN\TEMC.EXE [WARNING] The file could not be opened! D:\TC\BIN\TRIGRAPH.EXE [WARNING] The file could not be opened! D:\TC\BIN\UNZIP.EXE [WARNING] The file could not be opened! D:\TC\BIN\ALLM_L~1.EXE [WARNING] The file could not be opened! D:\TC\BIN\PAGE.EXE [WARNING] The file could not be opened! D:\TC\BIN\NONAME00.EXE [WARNING] The file could not be opened! D:\TC\BIN\QUICK.EXE [WARNING] The file could not be opened! D:\TC\BIN\HEAP.EXE [WARNING] The file could not be opened! D:\TC\BIN\NONAME01.EXE [WARNING] The file could not be opened! D:\usb\POLY_FIL.EXE [WARNING] The file could not be opened! D:\usb\BBAC.EXE [WARNING] The file could not be opened! D:\usb\CAR.EXE [WARNING] The file could not be opened! D:\usb\primayur\SJFP.EXE [WARNING] The file could not be opened! D:\usb\scheduling\SCHEDULI.EXE [WARNING] The file could not be opened! D:\usb\scheduling\NONAME00.EXE [WARNING] The file could not be opened! D:\usb\suhas\prasafd\Final T.E I.T\OS\READ-WRI.EXE [WARNING] The file could not be opened! D:\usb\suhas\prasafd\Final T.E I.T\OS\BANKERS.EXE [WARNING] The file could not be opened! D:\usb\suhas\prasafd\complete T.E I.T\os1\BANKERS.EXE [WARNING] The file could not be opened! D:\usb\1st\BBALI.EXE [WARNING] The file could not be opened! D:\usb\1st\BBAPP.EXE [WARNING] The file could not be opened! D:\usb\1st\DDAPAP.EXE [WARNING] The file could not be opened! D:\usb\6thline clip\LINECLIP.EXE [WARNING] The file could not be opened! D:\usb\jaosh1\P-CLIP.EXE [WARNING] The file could not be opened! D:\usb\Media\BAN.EXE [WARNING] The file could not be opened! D:\usb\mk\MRK_CAR.EXE [WARNING] The file could not be opened! D:\usb\mk\MRK_DDA.EXE [WARNING] The file could not be opened! D:\usb\os\READWRIT.EXE [WARNING] The file could not be opened! D:\usb\os\os\PAGE.EXE [WARNING] The file could not be opened! D:\usb\os\os\PGFLT2.EXE [WARNING] The file could not be opened! D:\usb\os\oswithoutput\Banker's algo\BANKERS.EXE [WARNING] The file could not be opened! D:\usb\demand paging\PAGING.EXE [WARNING] The file could not be opened! D:\usb\usb1\PAGE.EXE [WARNING] The file could not be opened! D:\usb\usb1\os\CPUSCHE.EXE [WARNING] The file could not be opened! D:\usb\usb1\os\os\PRC_SHD.EXE [WARNING] The file could not be opened! D:\usb\usb1\demand paging\PAGING.EXE [WARNING] The file could not be opened! D:\ms folder\ssprogs\MYLEX1.EXE [WARNING] The file could not be opened! D:\ms folder\ssprogs\PAR.EXE [WARNING] The file could not be opened! D:\ms folder\ssprogs\MYLINE.EXE [WARNING] The file could not be opened! D:\ms folder\ssprogs\RG.EXE [WARNING] The file could not be opened! D:\ms folder\ssprogs\DFA.EXE [WARNING] The file could not be opened! D:\ms folder\ssf\RETODFA.EXE [WARNING] The file could not be opened! D:\ms folder\ssf\GRA2DFA.EXE [WARNING] The file could not be opened! D:\ms folder\ssf\SLL.EXE [WARNING] The file could not be opened! D:\ms folder\ssf\MACRO\MACRO1.EXE [WARNING] The file could not be opened! D:\ms folder\ssf\ASSEMBLER\ASS2.EXE [WARNING] The file could not be opened! D:\New Folder\Projects_c++\ajay_project.vcdm\UNINSTAL.EXE [WARNING] The file could not be opened! D:\New Folder\Projects_c++\Projects\SWATGAME\SWATGAME.EXE [WARNING] The file could not be opened! D:\New Folder1\mk\ALLOCAT3.EXE [WARNING] The file could not be opened! Begin scan in 'E:\' E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210728.exe [WARNING] The file could not be opened! E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210729.exe [WARNING] The file could not be opened! E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210730.exe [WARNING] The file could not be opened! E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211972.exe [WARNING] The file could not be opened! E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211973.exe [WARNING] The file could not be opened! E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211974.exe [WARNING] The file could not be opened! Begin scan in 'F:\' F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0213985.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214035.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214037.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214042.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214057.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214062.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214063.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214064.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214065.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214066.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214067.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214068.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214069.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214070.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214071.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214072.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214073.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214080.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214525.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214526.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214528.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214529.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214531.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214532.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214533.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214534.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214535.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214539.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214540.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0214984.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215034.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215041.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215043.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215044.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215046.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215047.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215056.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215058.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215059.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215060.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215061.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215062.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215063.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215064.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215065.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215066.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215067.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215079.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0216986.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217036.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217043.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217058.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217060.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217061.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217062.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217063.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217064.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217065.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217066.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217067.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217068.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217069.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217070.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217071.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217072.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217073.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217074.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217081.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217530.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217580.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217582.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217583.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217586.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217587.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217589.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217590.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217592.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217593.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217594.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217595.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217596.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217600.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217601.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217602.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217604.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217605.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217606.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217607.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217608.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217609.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217610.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217611.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217612.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217613.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217614.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217615.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217616.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217617.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217618.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217625.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218272.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218322.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218324.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218325.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218328.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218329.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218331.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218332.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218334.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218335.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218336.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218337.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218338.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218342.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218343.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218344.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218346.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218347.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218348.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218349.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218350.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218351.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218352.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218353.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218354.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218355.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218356.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218357.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218358.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218359.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218360.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218367.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0219271.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220277.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220327.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220329.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220330.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220333.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220334.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220336.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220337.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220339.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220340.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220341.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220342.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220343.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220347.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220348.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220349.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220351.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220352.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220353.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220354.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220355.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220356.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220357.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220358.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220359.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220360.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220361.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220362.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220363.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220364.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220365.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220372.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220430.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220480.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220482.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220483.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220486.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220487.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220489.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220490.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220492.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220493.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220494.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220495.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220496.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220500.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220501.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220502.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220504.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220505.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220506.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220507.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220508.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220509.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220510.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220511.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220512.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220513.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220514.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220515.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220516.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220517.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220518.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220525.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220559.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220609.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220616.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220631.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220633.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220634.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220636.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220654.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210535.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210596.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210598.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210599.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210602.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210603.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210605.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210606.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210608.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210609.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210610.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210611.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210612.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210616.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210617.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210618.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210620.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210621.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210622.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210623.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210624.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210625.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210626.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210627.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210628.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210629.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210630.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210631.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210632.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210633.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210634.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210643.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211630.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211639.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211640.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211641.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211642.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211643.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211644.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211645.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211646.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211647.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211648.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211649.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211650.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211651.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211652.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211653.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211655.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211656.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211657.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211661.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211662.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211663.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211664.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211665.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211667.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211668.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211670.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211671.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211674.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211675.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211677.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211738.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211764.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211832.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211834.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211838.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211839.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211841.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211842.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211844.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211845.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211846.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211854.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211856.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211857.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211858.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211859.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211882.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212317.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212380.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212387.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212389.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212402.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212404.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212405.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212406.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212407.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212408.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212409.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212410.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212411.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212412.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212413.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212414.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212415.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212416.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212417.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212418.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212430.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213163.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213224.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213226.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213227.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213230.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213231.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213233.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213234.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213236.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213237.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213238.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213239.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213240.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213244.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213245.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213246.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213248.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213249.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213250.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213251.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213252.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213253.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213254.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213255.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213256.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213257.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213258.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213259.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213260.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213261.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213262.exe [WARNING] The file could not be opened! F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213271.exe [WARNING] The file could not be opened! F:\GAMES\Small Games\DAVE.EXE [WARNING] The file could not be opened! F:\INSTALL\TC\TURBOC.EXE [WARNING] The file could not be opened! F:\INSTALL\TC\TLIB.EXE [WARNING] The file could not be opened! F:\INSTALL\TC\UNZIP.EXE [WARNING] The file could not be opened! F:\INSTALL\TC\CH24_2.EXE [WARNING] The file could not be opened! F:\INSTALL\TC\CH24_25.EXE [WARNING] The file could not be opened! F:\INSTALL\TALLY5.4\TALLY54.EXE [WARNING] The file could not be opened! End of the scan: Friday, October 03, 2008 22:38 Used time: 56:40 Minute(s) The scan has been done completely. 16253 Scanning directories 703213 Files were scanned 48 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 39 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1201 Files cannot be scanned 701964 Files not concerned 5350 Archives were scanned 1201 Warnings 39 Notes

PropagandaPanda View Member Profile	Oct 4 2008, 01:12 PM Post #4
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello jaosh. You've got one tough infection there. Let' s get to work . If you don't mind me asking, do you live in India? I ask because you IP traces back to there. Install ERUNT This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished. Please download erunt-setup.exe to your desktop. Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use. Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK. You can find a complete guide to using the program here: http://www.larshederer.homepage.t-online.de/erunt/erunt.txt When we are finished, you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled. How to Restore from the ERUNT Backup Only restore from the backups if instructed to, or you need to do so. You need it if you computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all. To restore when booted, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options. To restore from the Recovery Console using the Windows CD: Turn on your machine with the disk in the drive. Type in the number of the Windows installation you want to repair (usually 1), then press Enter. Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter. Type without quotes "cd erdnt" followed by Enter. Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first. Type without quotes "cd name of the folder" Type without quotes "batch erdnt.con" Type without quotes "exit" Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try an earlier restore date. Install Recovery Console and Run ComboFix Download Combofix from any of the links below, and save it to your desktop. Link 1, Link 2, Link 3 Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how. Download the file and save it as it's originally named onto your desktop. Drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. At the next prompt, click NO to skip the scan for now. Close everything and save all work. Click on your Start Menu, then Run.., then type: CODE "%userprofile%\desktop\combofix.exe" /killall When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt). Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so. Download and Run OTViewIt Please download OTViewIt by OldTimer to your desktop. Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator. Check both the Scan All Users and Use Whitelist checkboxes. Set the File Age to 30 days. Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open. OTViewIt.txt <-- Will be opened Extra.txt <-- Will be minimized. A new Extra.txt will not be created if one exists already. Copy and Paste the logs into your next reply. Post back with: -the ComboFix log -the OTViewIt logs With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

PropagandaPanda View Member Profile	Oct 5 2008, 12:02 PM Post #6
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Jaosh. Run ComboFix with CFScript We will run ComboFix again. This time, the instructions are slightly different. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it: CODE KILLALL:: File:: C:\WINDOWS\system32\4EFDDEBE.cfg C:\WINDOWS\system32\AF05A291.cfg C:\WINDOWS\255528WL.DLL C:\WINDOWS\system32\D23B0004.cfg C:\WINDOWS\system32\4F34C688.cfg C:\WINDOWS\system32\mznuetzd.nls Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}] Driver:: 8882fa1 nvmini BDFSDRV BDRSDRV Rootkit:: C:\WINDOWS\system32\8882fa1.sys C:\WINDOWS\system32\drivers\HBKernel32.sys C:\WINDOWS\system32\DRIVERS\nvmini.sys Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log. Do not mouseclick ComboFix's window while it's running. That may cause it to stall Download and Run Scan with GMER We will use GMER to scan for rootkits. Download gmer.zip and save to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here. Close all other running programs. There is a small chance this application may crash your computer so save any work you have open. Double-click on Gmer.exe to start the program. Allow the gmer.sys driver to load if asked. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Click the >>>. Click on Settings, then check the first five settings: System Protection and Tracing Processes Save created processes to the log Drivers Save loaded drivers to the log Click OK. You will be prompted to restart your computer. Please do so. After the reboot, run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All. Click on the Scan and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan. When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in Safe Mode Important!:Please do not select the Show all checkbox during the scan.. Post back with: -the ComboFix log -the GMER log -a new OTViewIt log (only one will appear this time) Could you please tell me if you live in India? With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

jaosh View Member Profile	Oct 6 2008, 01:55 AM Post #7
New Member Group: Members Posts: 13 Joined: 4-July 08 Member No.: 220,365	Hey Propaganda Panda, Yes i do live in India..i thought i said that in my earlier post too. Anyways here are my log files from all the programs *COMBOFIX LOG* ComboFix 08-10-04.07 - Jaosh 2008-10-06 12:02:16.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.190 [GMT 5.5:30] Running from: C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jaosh\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\255528WL.DLL C:\WINDOWS\system32\4EFDDEBE.cfg C:\WINDOWS\system32\4F34C688.cfg C:\WINDOWS\system32\AF05A291.cfg C:\WINDOWS\system32\D23B0004.cfg C:\WINDOWS\system32\mznuetzd.nls . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\4EFDDEBE.cfg C:\WINDOWS\system32\4F34C688.cfg C:\WINDOWS\system32\AF05A291.cfg C:\WINDOWS\system32\D23B0004.cfg C:\WINDOWS\system32\mznuetzd.nls . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_8882FA1 -------\Legacy_BDFSDRV -------\Legacy_BDRSDRV -------\Legacy_NVMINI -------\Service_8882fa1 -------\Service_BDFSDRV -------\Service_BDRSDRV ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . 2008-10-05 09:48 . 2008-10-06 12:03 5,504 --a------ C:\WINDOWS\system32\8882fa1.sys 2008-10-05 09:11 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\ERUNT 2008-10-03 16:14 . 2008-10-03 16:14 <DIR> d--hs---- C:\FOUND.018 2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-02 09:43 . 2008-10-02 09:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Free Download Manager 2008-10-01 16:21 . 2008-10-01 16:21 <DIR> d-------- C:\Program Files\Google 2008-10-01 15:57 . 2008-10-01 15:57 <DIR> d-------- C:\Program Files\Spinach AntiSpyware 2008-10-01 15:28 . 2008-10-01 15:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Program Files\Avira 2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-28 12:34 . 2008-10-06 12:03 17,152 --a------ C:\WINDOWS\system32\drivers\nvmini.sys 2008-09-28 12:33 . 2008-09-28 12:33 46,592 --a------ C:\WINDOWS\linkinfo.dll 2008-09-24 00:39 . 2008-09-24 00:39 <DIR> d--hs---- C:\FOUND.017 2008-09-16 11:18 . 2008-09-16 11:18 22 --a------ C:\WINDOWS\RsConfig.ini 2008-09-06 18:49 . 2008-09-06 18:49 <DIR> dr------- C:\RavBin 2008-09-06 18:47 . 2008-09-06 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rising 2008-09-06 18:46 . 2008-09-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 17:09 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-28 17:09 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-09 18:34 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 18:33 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\snp325 2008-08-12 14:16 --------- d-----w C:\Program Files\Flix 2008-08-12 13:19 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\ArcSoft 2008-08-12 13:15 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\Nikon 2008-08-12 13:13 --------- d-----w C:\Program Files\Common Files\Nikon 2008-08-11 12:52 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\EurekaLog 2008-08-11 12:14 --------- d-----w C:\Program Files\MySQL-Front 2008-08-11 12:14 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\MySQL-Front 2008-03-24 05:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((( snapshot@2008-10-05_ 9.56.35.40 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\ERDNT.EXE + 2008-10-06 04:10:06 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000001\NTUSER.DAT + 2008-10-06 04:10:06 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000002\UsrClass.dat + 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\ERDNT.EXE + 2008-10-05 04:25:04 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000001\NTUSER.DAT + 2008-10-05 04:25:04 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000002\UsrClass.dat + 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll + 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\linkinfo.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184] "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-09-28 20480] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 20480] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 270336] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 835584] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-03-12 C:\WINDOWS\system32\bthprops.cpl] C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-03-30 2746104] ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ZDSV"= scrvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer] --------- 2005-09-28 10:54 20480 C:\WINDOWS\CameraFixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211] --------- 2006-08-19 11:37 49152 C:\WINDOWS\ZSSnp211.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OracleTNSListener80"=2 (0x2) "OracleStartORCL"=2 (0x2) "OracleServiceORCL"=2 (0x2) "OracleClientCache80"=3 (0x3) "AresChatServer"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\System32\\dpvsetup.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\WINDOWS\\System32\\javaw.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"= "D:\\jdk 1.5\\bin\\java.exe"= "D:\\jdk 1.5\\jre\\bin\\JAVA.EXE"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\instant_rails\\Apache\\Apache.exe"= "C:\\instant_rails\\RUBY\\BIN\\ruby.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-11-17 9006] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624] S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys [2008-10-06 17152] S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ] S4 OracleClientCache80;OracleClientCache80;C:\ORANT\BIN\ONRSD80.EXE [1997-06-14 141312] S4 OracleServiceORCL;OracleServiceORCL;c:\orant\bin\oracle80.exe ORCL [ ] S4 OracleStartORCL;OracleStartORCL;c:\orant\bin\strtdb80.exe [1997-06-05 5632] S4 OracleTNSListener80;OracleTNSListener80;C:\ORANT\BIN\TNSLSNR80.EXE [1997-06-17 124928] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91633337-5614-11db-acdc-806d6172696f}] \Shell\AutoRun\command - G:\EISetup.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 12:05:23 Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\ComboFix\pv.cfexe . ********************************************************************** . Completion time: 2008-10-06 12:07:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-06 06:37:20 ComboFix2.txt 2008-10-05 04:27:04 Pre-Run: 7,755,366,400 bytes free Post-Run: 7,686,914,048 bytes free 180 GMER LOG GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-06 12:17:23 Windows 5.1.2600 Service Pack 2, v.2096 ---- System - GMER 1.0.14 ---- SSDT F7B6D374 ZwCreateThread SSDT F7B6D360 ZwOpenProcess SSDT F7B6D365 ZwOpenThread SSDT F7B6D36F ZwTerminateProcess SSDT F7B6D36A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!_allmul + 10A 804E50EC 4 Bytes [ 74, D3, B6, F7 ] .text ntoskrnl.exe!_allmul + 21E 804E5200 4 Bytes [ 60, D3, B6, F7 ] .text ntoskrnl.exe!_allmul + 236 804E5218 4 Bytes [ 65, D3, B6, F7 ] .text ntoskrnl.exe!_allmul + 43A 804E541C 4 Bytes [ 6F, D3, B6, F7 ] .text ntoskrnl.exe!_allmul + 48A 804E546C 4 Bytes [ 6A, D3, B6, F7 ] ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001583b3cffa Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3cffa Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b3cffa Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x75 0x8D 0xB6 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Model 134 Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Therad 31 Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\5\7\9\0@NodeSlot 264 ---- EOF - GMER 1.0.14 ---- * OTViewIt LOG*** OTViewIt logfile created on: 10/6/2008 12:19:51 PM - Run 2 OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0 Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2096) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 446.48 Mb Total Physical Memory \| 78.65 Mb Available Physical Memory \| 17.62% Memory free 1.03 Gb Paging File \| 0.70 Gb Available in Paging File \| 67.60% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 19.03 Gb Total Space \| 7.19 Gb Free Space \| 37.75% Space Free \| Partition Type: FAT32 Drive D: \| 18.48 Gb Total Space \| 4.76 Gb Free Space \| 25.75% Space Free \| Partition Type: FAT32 Drive E: \| 18.48 Gb Total Space \| 11.69 Gb Free Space \| 63.25% Space Free \| Partition Type: FAT32 Drive F: \| 18.49 Gb Total Space \| 0.48 Gb Free Space \| 2.60% Space Free \| Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MR Current User Name: Jaosh Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2005/08/31 11:06:10 \| 00,376,832 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe [2008/06/12 14:46:26 \| 00,068,865 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008/08/07 09:17:02 \| 00,149,761 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2005/08/31 11:06:10 \| 00,376,832 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe [2003/06/19 23:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2007/12/20 20:45:32 \| 00,066,872 \| ---- \| M] () -- C:\WINDOWS\system32\PnkBstrA.exe [2004/08/11 01:45:04 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2004/10/08 11:52:32 \| 00,221,184 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE [2004/03/12 00:19:08 \| 00,033,280 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2007/07/11 16:09:48 \| 00,020,480 \| ---- \| M] () -- C:\WINDOWS\FixCamera.exe [2007/05/10 13:18:10 \| 00,835,584 \| ---- \| M] () -- C:\WINDOWS\vsnp325.exe [2008/06/12 14:28:46 \| 00,266,497 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2006/11/14 19:25:44 \| 02,746,104 \| ---- \| M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006/04/22 09:37:00 \| 00,577,536 \| ---- \| M] (Sify Ltd) -- C:\Program Files\Sify Broadband\BBClient.exe [2006/04/21 20:04:00 \| 00,127,085 \| ---- \| M] () -- C:\Program Files\Sify Broadband\BBImpSec.exe [2004/03/12 05:49:10 \| 00,111,616 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2008/09/28 22:24:26 \| 00,307,712 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2008/10/05 10:01:14 \| 00,419,328 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jaosh\Desktop\web 2.0\OTViewIt.exe ========== (O23) Win32 Services ========== [2008/10/02 09:45:14 \| 00,611,664 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand \| Stopped]) [2008/06/12 14:46:26 \| 00,068,865 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto \| Running]) [2008/08/07 09:17:02 \| 00,149,761 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto \| Running]) [2005/09/23 07:28:32 \| 00,029,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) [2005/08/31 11:06:10 \| 00,376,832 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto \| Running]) [2005/08/30 21:05:00 \| 00,516,096 \| ---- \| M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto \| Stopped]) [2004/03/12 00:18:56 \| 00,005,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand \| Stopped]) [2005/09/23 07:28:56 \| 00,066,240 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) [2003/06/19 23:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) [1997/06/14 23:42:14 \| 00,141,312 \| ---- \| M] () -- C:\ORANT\BIN\ONRSD80.EXE -- (OracleClientCache80 [Disabled \| Stopped]) [1997/06/20 18:44:18 \| 08,371,200 \| ---- \| M] (Oracle Corporation) -- c:\orant\bin\oracle80.exe -- (OracleServiceORCL [Disabled \| Stopped]) [1997/06/05 14:29:36 \| 00,005,632 \| ---- \| M] () -- c:\orant\bin\strtdb80.exe -- (OracleStartORCL [Disabled \| Stopped]) [1997/06/17 10:16:18 \| 00,124,928 \| ---- \| M] () -- C:\ORANT\BIN\TNSLSNR80.EXE -- (OracleTNSListener80 [Disabled \| Stopped]) [2003/07/28 12:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) [2007/12/20 20:45:32 \| 00,066,872 \| ---- \| M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto \| Running]) [2004/03/12 00:19:10 \| 00,073,216 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled \| Stopped]) [2004/08/11 01:45:04 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto \| Running]) [2007/01/19 12:54:14 \| 00,097,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand \| Stopped]) ========== Driver Services ========== [2004/07/20 00:41:48 \| 00,016,512 \| ---- \| M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System \| Running]) [2005/08/31 11:12:36 \| 01,333,760 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand \| Running]) [2007/02/27 15:25:02 \| 00,011,840 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System \| Running]) [2008/05/20 16:29:42 \| 00,052,032 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand \| Running]) [2008/06/27 15:03:56 \| 00,075,072 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System \| Running]) [2004/03/12 00:55:20 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand \| Stopped]) [2004/03/12 00:45:06 \| 00,101,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand \| Stopped]) [2004/03/12 00:55:18 \| 00,273,536 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand \| Stopped]) [2004/03/12 00:55:16 \| 00,018,944 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand \| Stopped]) File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand \| Stopped]) [2004/03/12 00:55:08 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand \| Stopped]) [2006/12/27 13:20:32 \| 00,046,080 \| R--- \| M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand \| Running]) File not found -- C:\Program Files\Softwin\BitDefender9\filespy.sys -- (FILESpy [On_Demand \| Stopped]) [2008/10/06 12:09:52 \| 00,085,969 \| ---- \| M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System \| Running]) [2005/01/07 17:07:18 \| 00,138,752 \| ---- \| M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand \| Running]) [2005/10/19 02:45:42 \| 04,034,048 \| R--- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand \| Running]) [2005/01/31 15:42:46 \| 00,022,016 \| R--- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand \| Running]) [2004/03/12 00:44:38 \| 00,005,504 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand \| Stopped]) [2004/03/12 00:55:12 \| 00,085,376 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand \| Stopped]) [2004/03/12 00:55:06 \| 00,010,752 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand \| Stopped]) [2004/03/11 22:48:04 \| 00,040,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand \| Stopped]) [2001/08/17 13:51:52 \| 00,003,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot \| Running]) [2005/01/31 15:50:04 \| 00,211,712 \| R--- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand \| Stopped]) [2004/03/12 00:28:58 \| 00,033,152 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System \| Running]) File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand \| Stopped]) [2001/08/23 12:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand \| Running]) File not found -- C:\Program Files\Softwin\BitDefender9\regspy.sys -- (REGSpy [On_Demand \| Stopped]) [2004/03/12 00:55:20 \| 00,059,776 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand \| Stopped]) [2001/08/17 12:12:40 \| 00,019,017 \| ---- \| M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand \| Stopped]) [2004/03/11 23:43:50 \| 00,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand \| Stopped]) [2006/11/17 19:45:32 \| 00,009,006 \| ---- \| M] (ZD Soft) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys -- (scrcap [On_Demand \| Running]) [2004/02/23 08:00:56 \| 00,027,440 \| ---- \| M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand \| Stopped]) [2004/03/12 00:55:08 \| 00,011,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand \| Stopped]) [2007/07/24 10:21:44 \| 10,394,624 \| ---- \| M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\DRIVERS\snp325.sys -- (SNP325 [On_Demand \| Running]) [2007/03/01 10:34:22 \| 00,028,352 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System \| Running]) [2004/03/12 00:55:06 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand \| Stopped]) File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand \| Stopped]) [2004/03/12 00:53:14 \| 00,059,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand \| Stopped]) [2004/03/11 22:53:54 \| 00,026,624 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand \| Running]) [2004/03/11 22:53:52 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand \| Running]) [2004/03/12 00:55:10 \| 00,019,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand \| Stopped]) [2006/08/24 05:59:58 \| 00,391,836 \| R--- \| M] (ZSMC Corporation) -- C:\WINDOWS\System32\Drivers\ZS211.sys -- (ZSMC211 [On_Demand \| Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=about:blank [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=about:blank [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll () ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx () [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH) "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation) "CameraFixer"=C:\WINDOWS\CameraFixer.exe () "FixCamera"=C:\WINDOWS\FixCamera.exe () "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) "snp325"=C:\WINDOWS\vsnp325.exe () "tsnp325"=C:\WINDOWS\tsnp325.exe () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe () [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe () ========== (O4) Startup Folders ========== [2006/11/14 19:25:44 \| 02,746,104 \| ---- \| M] (Stardock) -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2005/10/20 12:04:08 \| 00,038,912 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=227 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableRegistryTools"=0 "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "HideStartupScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "HideStartupScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] Download all with Free Download Manager: File not found Download selected with Free Download Manager: File not found Download video with Free Download Manager: File not found Download with Free Download Manager: File not found E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 \| 10,073,144 \| ---- \| M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\] Download all with Free Download Manager: File not found Download selected with Free Download Manager: File not found Download video with Free Download Manager: File not found Download with Free Download Manager: File not found E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 \| 10,073,144 \| ---- \| M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [2006/11/09 15:21:54 \| 00,075,528 \| ---- \| M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}: Button: Upload -- %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [2007/06/21 19:19:42 \| 00,077,824 \| ---- \| M] () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 \| 00,843,024 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 \| 00,077,824 \| ---- \| M] () [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 \| 00,843,024 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 \| 00,843,024 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 \| 00,843,024 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 \| 00,077,824 \| ---- \| M] () ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/01/30 13:56:24 \| 00,225,280 \| ---- \| M] (InterTrust Technologies Corporation, Inc.) ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10 {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}: https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab -- AxSubmitControl Class {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object ========== (O17) DNS Name Servers ========== {0100860D-83F1-4850-8026-8646EF807C26} (Servers: 202.144.115.4,202.144.10.50 \| Description: Realtek RTL8029(AS) PCI Ethernet Adapter) {02178E7B-AD83-4AC2-B295-73437C555883} (Servers: \| Description: ) {2A297385-B3F8-4EA2-92DB-9081E8F1285E} (Servers: \| Description: ) {479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2} (Servers: 202.144.115.4,202.144.10.50 \| Description: D-Link DFE-520TX PCI Fast Ethernet Adapter) {48203F0D-2BB8-4DD5-A657-4A69598639B4} (Servers: \| Description: ) {5CDAD276-F417-4C57-B127-D95950E6474A} (Servers: \| Description: Realtek RTL8139 Family PCI Fast Ethernet NIC) {A368F954-D19D-40B3-AB38-86C8FE6A747E} (Servers: \| Description: ) {E631B284-CF07-455B-97C5-3B47425D9926} (Servers: \| Description: ) ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ========== (O21) SSODL Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found. ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/10/07 15:19:40 \| 00,000,000 \| ---- \| M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ] auto [] [2007/10/23 21:21:36 \| 00,000,000 \| ---D \| M] -- E:\auto -- [ FAT32 ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun] ""=Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun\command] ""=G:\EISetup.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\.tmp files] [2008/10/06 12:09:51 \| 00,000,345 \| ---- \| C] () -- C:\WINDOWS\gmer.ini [2008/10/06 12:09:50 \| 00,884,736 \| ---- \| C] () -- C:\WINDOWS\gmer.dll [2008/10/06 12:09:50 \| 00,811,008 \| ---- \| C] () -- C:\WINDOWS\gmer.exe [2008/10/06 12:09:50 \| 00,085,969 \| ---- \| C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/10/06 12:09:50 \| 00,000,080 \| ---- \| C] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/10/06 12:09:36 \| 00,811,008 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\gmer.exe [2008/10/06 12:07:29 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2008/10/05 09:50:27 \| 00,028,672 \| ---- \| C] (NirSoft) -- C:\WINDOWS\Nircmd.exe [2008/10/05 09:48:42 \| 00,005,504 \| ---- \| C] () -- C:\WINDOWS\System32\8882fa1.sys [2008/10/05 09:45:46 \| 00,000,203 \| ---- \| C] () -- C:\Boot.bak [2008/10/05 09:45:44 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2008/10/05 09:45:43 \| 00,000,000 \| ---D \| C] -- C:\cmdcons [2008/10/05 09:44:28 \| 00,000,000 \| ---D \| C] -- C:\QooBox [2008/10/05 09:44:07 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe [2008/10/05 09:44:07 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/10/05 09:44:07 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/10/05 09:44:07 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2008/10/05 09:44:07 \| 00,089,504 \| ---- \| C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/10/05 09:44:07 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2008/10/05 09:44:07 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2008/10/05 09:44:07 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\VFind.exe [2008/10/05 09:24:36 \| 00,210,936 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht [2008/10/05 09:18:00 \| 04,608,744 \| ---- \| C] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [2008/10/05 09:12:49 \| 02,938,977 \| R--- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe [2008/10/05 09:12:39 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2008/10/05 09:11:47 \| 00,000,671 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2008/10/05 09:11:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2008/10/03 16:14:50 \| 00,000,000 \| -HSD \| C] -- C:\FOUND.018 [2008/10/02 09:44:12 \| 00,000,697 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk [2008/10/02 09:44:12 \| 00,000,697 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2008/10/02 09:44:09 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Lavasoft [2008/10/02 09:44:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008/10/02 09:43:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Wise Installation Wizard [2008/10/02 09:19:26 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jaosh\Desktop\backups [2008/10/02 09:18:15 \| 00,401,720 \| ---- \| C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe [2008/10/01 19:11:54 \| 00,106,172 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg [2008/10/01 15:57:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spinach AntiSpyware [2008/10/01 15:52:53 \| 00,119,186 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg [2008/10/01 15:28:10 \| 00,002,560 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2008/10/01 10:26:35 \| 00,001,755 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [2008/10/01 10:26:26 \| 00,045,376 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2008/10/01 10:26:26 \| 00,022,336 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2008/10/01 10:26:25 \| 00,028,352 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2008/10/01 10:26:23 \| 00,075,072 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2008/10/01 10:26:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Avira [2008/10/01 10:26:22 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Avira [2008/09/30 14:37:07 \| 00,000,165 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf [2008/09/30 12:17:58 \| 00,318,068 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg [2008/09/28 22:24:46 \| 00,774,144 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\War Rock.exe [2008/09/28 16:16:15 \| 00,024,576 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc [2008/09/28 16:01:40 \| 00,034,304 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc [2008/09/24 00:39:22 \| 00,000,000 \| -HSD \| C] -- C:\FOUND.017 [2008/09/20 18:41:18 \| 00,020,992 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc [2008/09/16 12:32:15 \| 01,435,648 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt [2008/09/16 11:18:57 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\RsConfig.ini [2008/09/06 18:49:34 \| 00,000,000 \| R--D \| C] -- C:\RavBin [2008/09/06 18:47:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Rising [2008/09/06 18:46:00 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Avg8 ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\.tmp files] [2008/10/06 12:13:48 \| 00,000,345 \| ---- \| M] () -- C:\WINDOWS\gmer.ini [2008/10/06 12:12:08 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2008/10/06 12:12:06 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2008/10/06 12:12:04 \| 46,824,2432 \| -HS- \| M] () -- C:\hiberfil.sys [2008/10/06 12:11:20 \| 00,000,012 \| ---- \| M] () -- C:\WINDOWS\bthservsdp.dat [2008/10/06 12:11:14 \| 06,390,206 \| -H-- \| M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\IconCache.db [2008/10/06 12:09:52 \| 00,884,736 \| ---- \| M] () -- C:\WINDOWS\gmer.dll [2008/10/06 12:09:52 \| 00,085,969 \| ---- \| M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/10/06 12:09:52 \| 00,000,080 \| ---- \| M] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/10/06 12:05:22 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2008/10/05 09:45:48 \| 00,000,273 \| RHS- \| M] () -- C:\boot.ini [2008/10/05 09:33:26 \| 04,608,744 \| ---- \| M] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [2008/10/05 09:24:38 \| 00,210,936 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht [2008/10/05 09:23:54 \| 02,938,977 \| R--- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe [2008/10/05 09:11:48 \| 00,000,671 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2008/10/02 09:44:14 \| 00,000,697 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk [2008/10/02 09:44:14 \| 00,000,697 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2008/10/01 19:12:08 \| 00,106,172 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg [2008/10/01 15:52:58 \| 00,119,186 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg [2008/10/01 15:28:12 \| 00,002,560 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2008/10/01 10:26:36 \| 00,001,755 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [2008/09/30 14:37:08 \| 00,000,165 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf [2008/09/30 12:18:08 \| 00,318,068 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg [2008/09/30 12:14:10 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2008/09/28 22:39:22 \| 00,159,992 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/09/28 22:39:08 \| 00,182,928 \| ---- \| M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008/09/28 16:16:16 \| 00,024,576 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc [2008/09/28 16:01:42 \| 00,034,304 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc [2008/09/27 01:27:14 \| 00,059,985 \| ---- \| M] () -- C:\deb.sbl [2008/09/24 16:48:48 \| 00,149,504 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/20 18:50:10 \| 00,020,992 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc [2008/09/17 20:53:48 \| 00,044,544 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_CV.doc [2008/09/16 12:32:16 \| 01,435,648 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt [2008/09/16 11:18:58 \| 00,000,022 \| ---- \| M] () -- C:\WINDOWS\RsConfig.ini [2008/09/10 00:04:02 \| 00,038,528 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/09/10 00:03:56 \| 00,017,200 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/09/08 12:51:58 \| 00,023,179 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\image001.jpg < End of report > NOTE: My Antivir antivirus still seems to detect some trojans and viruses. Also i have noticed that there is a phony iexplorer.exe which loads up whenever my antivir detects such a trojan. Thanks for helping. Regards, Jaosh

PropagandaPanda View Member Profile	Oct 6 2008, 10:41 AM Post #8
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Jaosh. This infection is known to constantly download new ones. Please install SpyBot to prevent this from happening. Link: Spybot - Search & Destroy - Tutorial After installing, update the software and database, but do not run a scan yet. At this point, disconnect your computer from the Internet. Save the CFScript before hand, and the rest of the instructions onto a Word document. Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode. On the left hand side, Click on Tools. Click on the Resident icon in the list. Uncheck Resident TeaTimer and OK any prompts. Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use. Restart your computer for the changes to take affect. Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: ) right click it-> untick the option AntiVir Guard enable. You should now see a closed, white umbrella on a red background (looks to this: ) You succesfully disabled the AntiVir Guard. Run ComboFix with CFScript We will run ComboFix again. This time, the instructions are slightly different. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it: CODE Rootkit:: C:\WINDOWS\system32\8882fa1.sys C:\WINDOWS\system32\drivers\nvmini.sys C:\WINDOWS\linkinfo.dll Driver:: nvmini Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log. Do not mouseclick ComboFix's window while it's running. That may cause it to stall At this time, re-enable TeaTimer by reversing the steps we took to disable it and reconnect to the Internet. Post back with: -the ComboFix log -a new GMER log -a new HijackThis log With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

jaosh View Member Profile	Oct 6 2008, 01:19 PM Post #9
New Member Group: Members Posts: 13 Joined: 4-July 08 Member No.: 220,365	Hey Panda..thanks a lot for your help. Here are all my logs *COMBOFIX LOG* ComboFix 08-10-04.07 - Jaosh 2008-10-06 22:30:42.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.143 [GMT 5.5:30] Running from: C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jaosh\Desktop\CFScript.txt.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jaosh\Desktop\jaosh\auto\Desktop_.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_nvmini ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . 2008-10-06 22:16 . 2008-10-06 22:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-06 22:16 . 2008-10-06 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-06 12:09 . 2008-10-06 12:13 345 --a------ C:\WINDOWS\gmer.ini 2008-10-05 09:11 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\ERUNT 2008-10-03 16:14 . 2008-10-03 16:14 <DIR> d--hs---- C:\FOUND.018 2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Free Download Manager 2008-10-01 16:21 . 2008-10-01 16:21 <DIR> d-------- C:\Program Files\Google 2008-10-01 15:57 . 2008-10-01 15:57 <DIR> d-------- C:\Program Files\Spinach AntiSpyware 2008-10-01 15:28 . 2008-10-01 15:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Program Files\Avira 2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-24 00:39 . 2008-09-24 00:39 <DIR> d--hs---- C:\FOUND.017 2008-09-16 11:18 . 2008-09-16 11:18 22 --a------ C:\WINDOWS\RsConfig.ini 2008-09-06 18:49 . 2008-09-06 18:49 <DIR> dr------- C:\RavBin 2008-09-06 18:47 . 2008-09-06 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rising 2008-09-06 18:46 . 2008-09-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 17:09 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-28 17:09 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-09 18:34 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 18:33 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\snp325 2008-08-12 14:16 --------- d-----w C:\Program Files\Flix 2008-08-12 13:19 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\ArcSoft 2008-08-12 13:15 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\Nikon 2008-08-12 13:13 --------- d-----w C:\Program Files\Common Files\Nikon 2008-08-11 12:52 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\EurekaLog 2008-08-11 12:14 --------- d-----w C:\Program Files\MySQL-Front 2008-08-11 12:14 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\MySQL-Front 2008-03-24 05:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((( snapshot@2008-10-05_ 9.56.35.40 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\ERDNT.EXE + 2008-10-06 04:10:06 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000001\NTUSER.DAT + 2008-10-06 04:10:06 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000002\UsrClass.dat + 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\ERDNT.EXE + 2008-10-05 04:25:04 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000001\NTUSER.DAT + 2008-10-05 04:25:04 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000002\UsrClass.dat + 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-06\ERDNT.EXE + 2008-10-06 06:36:32 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-06\Users\00000001\NTUSER.DAT + 2008-10-06 06:36:32 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-06\Users\00000002\UsrClass.dat + 2008-10-06 06:39:52 884,736 ----a-w C:\WINDOWS\gmer.dll + 2008-04-17 15:43:02 811,008 ----a-w C:\WINDOWS\gmer.exe + 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll + 2008-10-06 06:39:52 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys + 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\linkinfo.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184] "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-09-28 20480] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 20480] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 270336] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 835584] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-03-12 C:\WINDOWS\system32\bthprops.cpl] C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-03-30 2746104] ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ZDSV"= scrvid.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer] --------- 2005-09-28 10:54 20480 C:\WINDOWS\CameraFixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211] --------- 2006-08-19 11:37 49152 C:\WINDOWS\ZSSnp211.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OracleTNSListener80"=2 (0x2) "OracleStartORCL"=2 (0x2) "OracleServiceORCL"=2 (0x2) "OracleClientCache80"=3 (0x3) "AresChatServer"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\System32\\dpvsetup.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\WINDOWS\\System32\\javaw.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"= "D:\\jdk 1.5\\bin\\java.exe"= "D:\\jdk 1.5\\jre\\bin\\JAVA.EXE"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\instant_rails\\Apache\\Apache.exe"= "C:\\instant_rails\\RUBY\\BIN\\ruby.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-11-17 9006] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624] S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ] S4 OracleClientCache80;OracleClientCache80;C:\ORANT\BIN\ONRSD80.EXE [1997-06-14 141312] S4 OracleServiceORCL;OracleServiceORCL;c:\orant\bin\oracle80.exe ORCL [ ] S4 OracleStartORCL;OracleStartORCL;c:\orant\bin\strtdb80.exe [1997-06-05 5632] S4 OracleTNSListener80;OracleTNSListener80;C:\ORANT\BIN\TNSLSNR80.EXE [1997-06-17 124928] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91633337-5614-11db-acdc-806d6172696f}] \Shell\AutoRun\command - G:\EISetup.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 22:33:35 Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\ComboFix\pv.cfexe . ********************************************************************** . Completion time: 2008-10-06 22:35:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-06 17:05:34 ComboFix3.txt 2008-10-05 04:27:04 ComboFix2.txt 2008-10-06 06:37:26 Pre-Run: 7,458,799,616 bytes free Post-Run: 7,440,072,704 bytes free 172 GMER LOG GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-06 22:42:58 Windows 5.1.2600 Service Pack 2, v.2096 ---- System - GMER 1.0.14 ---- SSDT F7B64A54 ZwCreateThread SSDT F7B64A40 ZwOpenProcess SSDT F7B64A45 ZwOpenThread SSDT F7B64A4F ZwTerminateProcess SSDT F7B64A4A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!_allmul + 10A 804E50EC 4 Bytes [ 54, 4A, B6, F7 ] .text ntoskrnl.exe!_allmul + 21E 804E5200 4 Bytes [ 40, 4A, B6, F7 ] .text ntoskrnl.exe!_allmul + 236 804E5218 4 Bytes [ 45, 4A, B6, F7 ] .text ntoskrnl.exe!_allmul + 43A 804E541C 4 Bytes [ 4F, 4A, B6, F7 ] .text ntoskrnl.exe!_allmul + 48A 804E546C 4 Bytes [ 4A, 4A, B6, F7 ] ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001583b3cffa Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3cffa Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b3cffa Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x75 0x8D 0xB6 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Model 134 Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Therad 31 Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@MData 0x2B 0x8F 0x78 0x29 ... Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\5\7\9\0@NodeSlot 264 ---- EOF - GMER 1.0.14 ---- HIJACKTHIS LOG** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:43:56 PM, on 10/6/2008 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Sify Broadband\BBClient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Sify Broadband\BBImpSec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CCS\Services\Tcpip\..\{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CS1\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O17 - HKLM\System\CS3\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7499 bytes Thanks again Regards, Jaosh

PropagandaPanda View Member Profile	Oct 7 2008, 07:10 AM Post #10
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Jaosh. Looking much better. Update Java to Version 6 Update 7 Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling. Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine. Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use. Install Firewall Please now install a third-party firewall from the following selection of excellent programs Comodo Firewall Sygate Free ZoneAlarm Free The main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop programs (possibly ones that could intrude your privacy) from sending outgoing signals to the Internet or to other networks. You can read this article for more. After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled. Download and Run ATFCleaner Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help. This program is for XP and Windows 2000 only. Double-click ATF-Cleaner.exe to run the program. Under Main Select Files to Delete choose: Select All. Click the Empty Selected button. If you use Firefox browser also... Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser also... Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. This scan is for Internet Explorer Only. If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan. Open the Kaspersky Scanner page. Click on Accept and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. You can refer to this animation by sundavis. If you get warning from your security programs while running this scan, allow anything asked, otherwise ignore them. This scanner will only scan. It does not remove any malware it finds. Please post back with: -the Kaspersky log -a new OTViewIt log (link if you lost it) Please tell me how your computer is running now. Does your antivirus detect anything other than cookies? With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

PropagandaPanda View Member Profile	Oct 9 2008, 06:57 AM Post #11
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Jaosh. Do you will need help? With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

jaosh View Member Profile	Oct 9 2008, 01:58 PM Post #12
New Member Group: Members Posts: 13 Joined: 4-July 08 Member No.: 220,365	Hey Panda I'm sorry i cudn't get back to you earlier..there is just to much work. Anyways regarding the kasperky online scanner, it just takes to much time to download and get results as my net at home keeps coming down. I would appreciate if there was any way i could download something and run it. I did create an OTView Log along with a log of my last Antivir scan last night. Thanks again for helping me out. Just tell me if there is any way i can remove these sort of trojans in my antivir scan forever.Thanks again **OTVIEW LOG** OTViewIt logfile created on: 10/10/2008 12:20:48 AM - Run 3 OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0 Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2096) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 446.48 Mb Total Physical Memory \| 67.50 Mb Available Physical Memory \| 15.12% Memory free 1.03 Gb Paging File \| 0.40 Gb Available in Paging File \| 38.90% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 19.03 Gb Total Space \| 5.98 Gb Free Space \| 31.43% Space Free \| Partition Type: FAT32 Drive D: \| 18.48 Gb Total Space \| 11.02 Gb Free Space \| 59.61% Space Free \| Partition Type: FAT32 Drive E: \| 18.48 Gb Total Space \| 11.76 Gb Free Space \| 63.61% Space Free \| Partition Type: FAT32 Drive F: \| 18.49 Gb Total Space \| 7.01 Gb Free Space \| 37.93% Space Free \| Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MR Current User Name: Jaosh Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2005/08/31 11:06:10 \| 00,376,832 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe [2008/06/12 14:46:26 \| 00,068,865 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2005/08/31 11:06:10 \| 00,376,832 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe [2008/08/07 09:17:02 \| 00,149,761 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008/10/08 19:57:26 \| 00,519,936 \| ---- \| M] () -- D:\comodo firewall\Comodo\Firewall\cmdagent.exe [2003/06/19 23:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2007/12/20 20:45:32 \| 00,066,872 \| ---- \| M] () -- C:\WINDOWS\system32\PnkBstrA.exe [2004/08/11 01:45:04 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2004/10/08 11:52:32 \| 00,221,184 \| ---- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE [2004/03/12 00:19:08 \| 00,033,280 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2007/07/11 16:09:48 \| 00,020,480 \| ---- \| M] () -- C:\WINDOWS\FixCamera.exe [2007/04/21 09:30:54 \| 00,270,336 \| ---- \| M] () -- C:\WINDOWS\tsnp325.exe [2007/05/10 13:18:10 \| 00,835,584 \| ---- \| M] () -- C:\WINDOWS\vsnp325.exe [2008/06/12 14:28:46 \| 00,266,497 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008/06/10 04:27:04 \| 00,144,784 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008/10/08 19:57:26 \| 01,655,552 \| ---- \| M] () -- D:\comodo firewall\Comodo\Firewall\cfp.exe [2008/09/16 12:16:08 \| 01,833,296 \| RHS- \| M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2006/11/14 19:25:44 \| 02,746,104 \| ---- \| M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2004/03/12 00:19:06 \| 00,017,920 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe [2004/03/12 05:49:10 \| 00,111,616 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2007/01/19 12:54:56 \| 05,674,352 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe [2008/09/28 22:24:26 \| 00,307,712 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2006/04/22 09:37:00 \| 00,577,536 \| ---- \| M] (Sify Ltd) -- C:\Program Files\Sify Broadband\BBClient.exe [2006/04/21 20:04:00 \| 00,127,085 \| ---- \| M] () -- C:\Program Files\Sify Broadband\BBImpSec.exe [2008/10/05 10:01:14 \| 00,419,328 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Jaosh\Desktop\web 2.0\OTViewIt.exe ========== (O23) Win32 Services ========== [2008/06/12 14:46:26 \| 00,068,865 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto \| Running]) [2008/08/07 09:17:02 \| 00,149,761 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto \| Running]) [2005/09/23 07:28:32 \| 00,029,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) [2005/08/31 11:06:10 \| 00,376,832 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto \| Running]) [2005/08/30 21:05:00 \| 00,516,096 \| ---- \| M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto \| Stopped]) [2004/03/12 00:18:56 \| 00,005,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand \| Stopped]) [2005/09/23 07:28:56 \| 00,066,240 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) [2008/10/08 19:57:26 \| 00,519,936 \| ---- \| M] () -- D:\comodo firewall\Comodo\Firewall\cmdagent.exe -- (cmdAgent [Auto \| Running]) [2003/06/19 23:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) [1997/06/14 23:42:14 \| 00,141,312 \| ---- \| M] () -- C:\ORANT\BIN\ONRSD80.EXE -- (OracleClientCache80 [Disabled \| Stopped]) [1997/06/20 18:44:18 \| 08,371,200 \| ---- \| M] (Oracle Corporation) -- c:\orant\bin\oracle80.exe -- (OracleServiceORCL [Disabled \| Stopped]) [1997/06/05 14:29:36 \| 00,005,632 \| ---- \| M] () -- c:\orant\bin\strtdb80.exe -- (OracleStartORCL [Disabled \| Stopped]) [1997/06/17 10:16:18 \| 00,124,928 \| ---- \| M] () -- C:\ORANT\BIN\TNSLSNR80.EXE -- (OracleTNSListener80 [Disabled \| Stopped]) [2003/07/28 12:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) [2007/12/20 20:45:32 \| 00,066,872 \| ---- \| M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto \| Running]) [2004/03/12 00:19:10 \| 00,073,216 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled \| Stopped]) [2004/08/11 01:45:04 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto \| Running]) [2007/01/19 12:54:14 \| 00,097,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand \| Stopped]) ========== Driver Services ========== [2004/07/20 00:41:48 \| 00,016,512 \| ---- \| M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System \| Running]) [2005/08/31 11:12:36 \| 01,333,760 \| ---- \| M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand \| Running]) [2007/02/27 15:25:02 \| 00,011,840 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System \| Running]) [2008/05/20 16:29:42 \| 00,052,032 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand \| Running]) [2008/06/27 15:03:56 \| 00,075,072 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System \| Running]) [2004/03/12 00:55:20 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand \| Stopped]) [2004/03/12 00:45:06 \| 00,101,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand \| Stopped]) [2004/03/12 00:55:18 \| 00,273,536 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand \| Stopped]) [2004/03/12 00:55:16 \| 00,018,944 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand \| Stopped]) File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand \| Stopped]) [2004/03/12 00:55:08 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand \| Stopped]) [2008/10/08 19:57:28 \| 00,087,056 \| ---- \| M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System \| Stopped]) [2008/10/08 19:57:28 \| 00,024,208 \| ---- \| M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System \| Running]) [2006/12/27 13:20:32 \| 00,046,080 \| R--- \| M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand \| Running]) File not found -- C:\Program Files\Softwin\BitDefender9\filespy.sys -- (FILESpy [On_Demand \| Stopped]) [2008/10/06 12:09:52 \| 00,085,969 \| ---- \| M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System \| Running]) [2005/01/07 17:07:18 \| 00,138,752 \| ---- \| M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand \| Running]) [2008/10/08 19:57:28 \| 00,079,760 \| ---- \| M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot \| Running]) [2005/10/19 02:45:42 \| 04,034,048 \| R--- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand \| Running]) [2005/01/31 15:42:46 \| 00,022,016 \| R--- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand \| Running]) [2004/03/12 00:44:38 \| 00,005,504 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand \| Stopped]) [2004/03/12 00:55:12 \| 00,085,376 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand \| Stopped]) [2004/03/12 00:55:06 \| 00,010,752 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand \| Stopped]) [2004/03/11 22:48:04 \| 00,040,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand \| Stopped]) [2001/08/17 13:51:52 \| 00,003,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot \| Running]) [2005/01/31 15:50:04 \| 00,211,712 \| R--- \| M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand \| Stopped]) [2004/03/12 00:28:58 \| 00,033,152 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System \| Running]) File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand \| Stopped]) [2001/08/23 12:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand \| Running]) File not found -- C:\Program Files\Softwin\BitDefender9\regspy.sys -- (REGSpy [On_Demand \| Stopped]) [2004/03/12 00:55:20 \| 00,059,776 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand \| Stopped]) [2001/08/17 12:12:40 \| 00,019,017 \| ---- \| M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand \| Stopped]) [2004/03/11 23:43:50 \| 00,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand \| Stopped]) [2006/11/17 19:45:32 \| 00,009,006 \| ---- \| M] (ZD Soft) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys -- (scrcap [On_Demand \| Running]) [2004/02/23 08:00:56 \| 00,027,440 \| ---- \| M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand \| Stopped]) [2004/03/12 00:55:08 \| 00,011,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand \| Stopped]) [2007/07/24 10:21:44 \| 10,394,624 \| ---- \| M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\DRIVERS\snp325.sys -- (SNP325 [On_Demand \| Running]) [2007/03/01 10:34:22 \| 00,028,352 \| ---- \| M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System \| Running]) [2004/03/12 00:55:06 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand \| Stopped]) File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand \| Stopped]) [2004/03/12 00:53:14 \| 00,059,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand \| Stopped]) [2004/03/11 22:53:54 \| 00,026,624 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand \| Running]) [2004/03/11 22:53:52 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand \| Running]) [2004/03/12 00:55:10 \| 00,019,328 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand \| Stopped]) [2006/08/24 05:59:58 \| 00,391,836 \| R--- \| M] (ZSMC Corporation) -- C:\WINDOWS\System32\Drivers\ZS211.sys -- (ZSMC211 [On_Demand \| Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=about:blank [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll () ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx () [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH) "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation) "CameraFixer"=C:\WINDOWS\CameraFixer.exe () "COMODO Firewall Pro"="D:\comodo firewall\Comodo\Firewall\cfp.exe" -h () "FixCamera"=C:\WINDOWS\FixCamera.exe () "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) "snp325"=C:\WINDOWS\vsnp325.exe () "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) "tsnp325"=C:\WINDOWS\tsnp325.exe () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe () "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) ========== (O4) Startup Folders ========== [2006/11/14 19:25:44 \| 02,746,104 \| ---- \| M] (Stardock) -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2005/10/20 12:04:08 \| 00,038,912 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=227 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableRegistryTools"=0 "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "HideStartupScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] Download all with Free Download Manager: File not found Download selected with Free Download Manager: File not found Download video with Free Download Manager: File not found Download with Free Download Manager: File not found E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 \| 10,073,144 \| ---- \| M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 \| 00,132,496 \| ---- \| M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [2008/09/15 14:25:44 \| 01,562,960 \| RHS- \| M] (Safer Networking Limited) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}: Button: Upload -- %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [2007/06/21 19:19:42 \| 00,077,824 \| ---- \| M] () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 \| 00,843,024 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 \| 00,040,512 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 \| 01,562,960 \| RHS- \| M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 \| 04,670,968 \| ---- \| M] (Yahoo! Inc.) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 \| 01,679,360 \| ---- \| M] (Microsoft Corporation) CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 \| 00,077,824 \| ---- \| M] () ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/01/30 13:56:24 \| 00,225,280 \| ---- \| M] (InterTrust Technologies Corporation, Inc.) ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}: https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab -- AxSubmitControl Class {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object ========== (O17) DNS Name Servers ========== {0100860D-83F1-4850-8026-8646EF807C26} (Servers: 202.144.115.4,202.144.10.50 \| Description: Realtek RTL8029(AS) PCI Ethernet Adapter) {02178E7B-AD83-4AC2-B295-73437C555883} (Servers: \| Description: ) {2A297385-B3F8-4EA2-92DB-9081E8F1285E} (Servers: \| Description: ) {479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2} (Servers: 202.144.115.4,202.144.10.50 \| Description: D-Link DFE-520TX PCI Fast Ethernet Adapter) {48203F0D-2BB8-4DD5-A657-4A69598639B4} (Servers: \| Description: ) {5CDAD276-F417-4C57-B127-D95950E6474A} (Servers: \| Description: Realtek RTL8139 Family PCI Fast Ethernet NIC) {A368F954-D19D-40B3-AB38-86C8FE6A747E} (Servers: \| Description: ) {E631B284-CF07-455B-97C5-3B47425D9926} (Servers: \| Description: ) ========== (O20) AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=C:\WINDOWS\system32\guard32.dll >[2008/10/08 19:57:28 \| 00,143,104 \| ---- \| M] () -- C:\WINDOWS\system32\guard32.dll ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) ========== (O21) SSODL Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found. ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/10/07 15:19:40 \| 00,000,000 \| ---- \| M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ] auto [] [2007/10/23 21:21:36 \| 00,000,000 \| ---D \| M] -- E:\auto -- [ FAT32 ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun] ""=Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun\command] ""=G:\EISetup.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\.tmp files] [1 C:\Documents and Settings\Jaosh\Application Data\.tmp files] [2008/10/09 22:17:33 \| 00,719,872 \| ---- \| C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll [2008/10/09 22:17:33 \| 00,318,976 \| ---- \| C] (The Public) -- C:\WINDOWS\System32\avisynth.dll [2008/10/09 22:17:32 \| 00,502,784 \| ---- \| C] () -- C:\WINDOWS\x2.64.exe [2008/10/09 22:17:32 \| 00,240,128 \| ---- \| C] () -- C:\WINDOWS\System32\x.264.exe [2008/10/09 22:17:32 \| 00,217,073 \| ---- \| C] () -- C:\WINDOWS\meta4.exe [2008/10/09 22:17:32 \| 00,070,656 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2008/10/09 22:17:32 \| 00,070,656 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll [2008/10/09 22:17:32 \| 00,066,560 \| ---- \| C] () -- C:\WINDOWS\MOTA113.exe [2008/10/09 22:17:32 \| 00,027,648 \| ---- \| C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008/10/09 22:17:30 \| 00,000,000 \| ---D \| C] -- C:\Program Files\AviSynth 2.5 [2008/10/09 22:17:17 \| 00,186,880 \| RHS- \| C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax [2008/10/09 22:17:17 \| 00,092,672 \| RHS- \| C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax [2008/10/09 22:17:17 \| 00,067,584 \| RHS- \| C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax [2008/10/09 22:17:17 \| 00,054,784 \| RHS- \| C] (RadLight) -- C:\WINDOWS\System32\RLAPEDec.ax [2008/10/09 22:17:17 \| 00,051,712 \| RHS- \| C] () -- C:\WINDOWS\System32\RLSpeexDec.ax [2008/10/09 22:17:17 \| 00,037,888 \| RHS- \| C] (RadLight) -- C:\WINDOWS\System32\RLMPCDec.ax [2008/10/09 22:17:16 \| 00,227,328 \| RHS- \| C] () -- C:\WINDOWS\System32\ac3DX.ax [2008/10/09 22:17:16 \| 00,216,064 \| RHS- \| C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll [2008/10/09 22:17:16 \| 00,179,200 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax [2008/10/09 22:17:16 \| 00,175,104 \| RHS- \| C] () -- C:\WINDOWS\System32\CoreAAC.ax [2008/10/09 22:17:16 \| 00,169,472 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax [2008/10/09 22:17:16 \| 00,163,328 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll [2008/10/09 22:17:16 \| 00,161,792 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax [2008/10/09 22:17:16 \| 00,123,904 \| RHS- \| C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax [2008/10/09 22:17:16 \| 00,081,920 \| RHS- \| C] () -- C:\WINDOWS\System32\aac_parser.ax [2008/10/09 22:17:16 \| 00,031,232 \| RHS- \| C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll [2008/10/09 22:17:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\eRightSoft [2008/10/09 21:55:55 \| 12,228,608 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\dd1.avi [2008/10/09 00:27:47 \| 00,049,376 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081009_002744.reg [2008/10/08 20:50:58 \| 00,000,518 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk [2008/10/08 19:57:28 \| 00,143,104 \| ---- \| C] () -- C:\WINDOWS\System32\guard32.dll [2008/10/08 19:57:28 \| 00,087,056 \| ---- \| C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2008/10/08 19:57:28 \| 00,079,760 \| ---- \| C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2008/10/08 19:57:28 \| 00,024,208 \| ---- \| C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2008/10/08 00:34:08 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jaosh\Application Data\Comodo [2008/10/08 00:34:05 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\comodo [2008/10/08 00:30:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Sun [2008/10/07 14:33:58 \| 00,171,008 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\HeartAttack1.pps [2008/10/06 23:41:16 \| 00,000,000 \| -HSD \| C] -- C:\FOUND.019 [2008/10/06 22:35:44 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2008/10/06 22:16:48 \| 00,000,837 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Spybot - Search & Destroy.lnk [2008/10/06 22:16:38 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy [2008/10/06 22:16:38 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/10/06 22:14:00 \| 00,044,032 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\At this point.doc [2008/10/06 12:09:51 \| 00,000,345 \| ---- \| C] () -- C:\WINDOWS\gmer.ini [2008/10/06 12:09:50 \| 00,884,736 \| ---- \| C] () -- C:\WINDOWS\gmer.dll [2008/10/06 12:09:50 \| 00,811,008 \| ---- \| C] () -- C:\WINDOWS\gmer.exe [2008/10/06 12:09:50 \| 00,085,969 \| ---- \| C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/10/06 12:09:50 \| 00,000,080 \| ---- \| C] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/10/06 12:09:36 \| 00,811,008 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\gmer.exe [2008/10/05 09:50:27 \| 00,028,672 \| ---- \| C] (NirSoft) -- C:\WINDOWS\Nircmd.exe [2008/10/05 09:45:46 \| 00,000,203 \| ---- \| C] () -- C:\Boot.bak [2008/10/05 09:45:44 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2008/10/05 09:45:43 \| 00,000,000 \| ---D \| C] -- C:\cmdcons [2008/10/05 09:44:28 \| 00,000,000 \| ---D \| C] -- C:\QooBox [2008/10/05 09:44:07 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe [2008/10/05 09:44:07 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/10/05 09:44:07 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/10/05 09:44:07 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2008/10/05 09:44:07 \| 00,089,504 \| ---- \| C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/10/05 09:44:07 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2008/10/05 09:44:07 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2008/10/05 09:44:07 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\VFind.exe [2008/10/05 09:24:36 \| 00,210,936 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht [2008/10/05 09:18:00 \| 04,608,744 \| ---- \| C] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [2008/10/05 09:12:49 \| 02,938,977 \| R--- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe [2008/10/05 09:12:39 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2008/10/05 09:11:47 \| 00,000,671 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2008/10/05 09:11:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2008/10/03 16:14:50 \| 00,000,000 \| -HSD \| C] -- C:\FOUND.018 [2008/10/02 09:44:09 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Lavasoft [2008/10/02 09:44:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008/10/02 09:19:26 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Jaosh\Desktop\backups [2008/10/02 09:18:15 \| 00,401,720 \| ---- \| C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe [2008/10/01 19:11:54 \| 00,106,172 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg [2008/10/01 15:57:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spinach AntiSpyware [2008/10/01 15:52:53 \| 00,119,186 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg [2008/10/01 15:28:10 \| 00,002,560 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2008/10/01 10:26:35 \| 00,001,755 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [2008/10/01 10:26:26 \| 00,045,376 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2008/10/01 10:26:26 \| 00,022,336 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2008/10/01 10:26:25 \| 00,028,352 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2008/10/01 10:26:23 \| 00,075,072 \| ---- \| C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2008/10/01 10:26:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Avira [2008/10/01 10:26:22 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Avira [2008/09/30 14:37:07 \| 00,000,165 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf [2008/09/30 12:17:58 \| 00,318,068 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg [2008/09/28 22:24:46 \| 00,774,144 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\War Rock.exe [2008/09/28 16:16:15 \| 00,024,576 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc [2008/09/28 16:01:40 \| 00,034,304 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc [2008/09/24 00:39:22 \| 00,000,000 \| -HSD \| C] -- C:\FOUND.017 [2008/09/20 18:41:18 \| 00,020,992 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc [2008/09/16 12:32:15 \| 01,435,648 \| ---- \| C] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt [2008/09/16 11:18:57 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\RsConfig.ini ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\.tmp files] [1 C:\Documents and Settings\Jaosh\Application Data\.tmp files] [2008/10/09 22:20:52 \| 00,149,504 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/09 22:07:08 \| 00,001,125 \| ---- \| M] () -- C:\WINDOWS\win.ini [2008/10/09 21:57:00 \| 12,228,608 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\dd1.avi [2008/10/09 18:20:34 \| 00,060,720 \| ---- \| M] () -- C:\deb.sbl [2008/10/09 08:16:32 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2008/10/09 08:16:30 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2008/10/09 08:16:28 \| 46,824,2432 \| -HS- \| M] () -- C:\hiberfil.sys [2008/10/09 00:38:38 \| 00,000,012 \| ---- \| M] () -- C:\WINDOWS\bthservsdp.dat [2008/10/09 00:27:54 \| 00,049,376 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081009_002744.reg [2008/10/08 20:51:00 \| 00,000,518 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk [2008/10/08 19:57:28 \| 00,143,104 \| ---- \| M] () -- C:\WINDOWS\System32\guard32.dll [2008/10/08 19:57:28 \| 00,087,056 \| ---- \| M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2008/10/08 19:57:28 \| 00,079,760 \| ---- \| M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2008/10/08 19:57:28 \| 00,024,208 \| ---- \| M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2008/10/07 14:34:12 \| 00,171,008 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\HeartAttack1.pps [2008/10/06 22:39:52 \| 00,000,345 \| ---- \| M] () -- C:\WINDOWS\gmer.ini [2008/10/06 22:33:36 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2008/10/06 22:27:24 \| 06,924,848 \| -H-- \| M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\IconCache.db [2008/10/06 22:16:50 \| 00,000,837 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Spybot - Search & Destroy.lnk [2008/10/06 22:14:02 \| 00,044,032 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\At this point.doc [2008/10/06 12:09:52 \| 00,884,736 \| ---- \| M] () -- C:\WINDOWS\gmer.dll [2008/10/06 12:09:52 \| 00,085,969 \| ---- \| M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/10/06 12:09:52 \| 00,000,080 \| ---- \| M] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/10/05 09:45:48 \| 00,000,273 \| RHS- \| M] () -- C:\boot.ini [2008/10/05 09:33:26 \| 04,608,744 \| ---- \| M] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [2008/10/05 09:24:38 \| 00,210,936 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht [2008/10/05 09:23:54 \| 02,938,977 \| R--- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe [2008/10/05 09:11:48 \| 00,000,671 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2008/10/01 19:12:08 \| 00,106,172 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg [2008/10/01 15:52:58 \| 00,119,186 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg [2008/10/01 15:28:12 \| 00,002,560 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys [2008/10/01 10:26:36 \| 00,001,755 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [2008/09/30 14:37:08 \| 00,000,165 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf [2008/09/30 12:18:08 \| 00,318,068 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg [2008/09/30 12:14:10 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2008/09/28 22:39:22 \| 00,159,992 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/09/28 22:39:08 \| 00,182,928 \| ---- \| M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008/09/28 16:16:16 \| 00,024,576 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc [2008/09/28 16:01:42 \| 00,034,304 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc [2008/09/20 18:50:10 \| 00,020,992 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc [2008/09/17 20:53:48 \| 00,044,544 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_CV.doc [2008/09/16 12:32:16 \| 01,435,648 \| ---- \| M] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt [2008/09/16 11:18:58 \| 00,000,022 \| ---- \| M] () -- C:\WINDOWS\RsConfig.ini < End of report > **ANTIVIR ANTIVIRUS LOG** Avira AntiVir Personal Report file date: Wednesday, October 08, 2008 21:43 Scanning for 1667208 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2, v.2096) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: MR Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 05:27:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 04:26:42 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 09:14:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 04:28:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 07:03:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 10:24:16 ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 9/26/2008 05:04:12 ANTIVIR3.VDF : 7.0.7.7 311296 Bytes 10/7/2008 06:09:04 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 06:28:22 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 10/1/2008 05:06:46 AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 09:14:50 AERDL.DLL : 8.1.1.2 438644 Bytes 10/1/2008 05:06:32 AEPACK.DLL : 8.1.2.3 364918 Bytes 10/1/2008 05:05:52 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 10/1/2008 05:05:30 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/1/2008 05:05:18 AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 09:14:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 10/1/2008 05:04:38 AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 05:03:22 AECORE.DLL : 8.1.1.11 172406 Bytes 10/1/2008 05:04:26 AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 09:14:50 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 05:10:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 05:58:02 AVREP.DLL : 8.0.0.2 98344 Bytes 10/1/2008 05:04:20 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 07:56:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 04:59:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 08:57:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 13:58:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 09:19:42 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 08:35:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 10:18:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 10:04:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: delete Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Wednesday, October 08, 2008 21:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned Scan process 'BBImpSec.exe' - '1' Module(s) have been scanned Scan process 'BBClient.exe' - '1' Module(s) have been scanned Scan process 'ping.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'cfp.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'VSNP325.EXE' - '1' Module(s) have been scanned Scan process 'TSNP325.EXE' - '1' Module(s) have been scanned Scan process 'FixCamera.exe' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'cmdagent.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '56' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CTYN096F\gbu[1].gif [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZCL348OB\update[1].gif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was deleted! C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KXAZ01E3\gbu[1].gif [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\QooBox\Quarantine\catchme2008-10-06_120333.65.zip [0] Archive type: ZIP --> 8882fa1.sys [DETECTION] Is the TR/Thief.OnLineGames.tmug Trojan --> nvmini.sys [DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit [NOTE] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\HBSO2.dll.vir [DETECTION] Is the TR/PSW.OnlineGames.ZXX.4 Trojan [NOTE] The file was deleted! Begin scan in 'D:\' Begin scan in 'E:\' Begin scan in 'F:\' End of the scan: Wednesday, October 08, 2008 22:31 Used time: 47:58 Minute(s) The scan has been done completely. 16565 Scanning directories 760630 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 5 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 760622 Files not concerned 4854 Archives were scanned 2 Warnings 5 Notes Regards, Jaosh

PropagandaPanda View Member Profile	Oct 9 2008, 02:29 PM Post #13
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Jaosh. Your computer is clean of malware . QUOTE Anyways regarding the kasperky online scanner, it just takes to much time to download and get results as my net at home keeps coming down. I would appreciate if there was any way i could download something and run it. I did create an OTView Log along with a log of my last Antivir scan last night. From what I can see in the logs you gave, you are clean, so there really isn't a need to run further scans. Your Avira scan is pretty much as accurate as an online scan would be. Uninstall ComboFix Remove Combofix now that we're done with it. Click on your Start Menu, then Run.... Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/". Uninstalling ComboFix will do the following: Delete ComboFix and its components from your computer. Delete other tools commonly used during the malware removal process. Resets clock settings to standard format. Hide file extensions and hidden/system files. Clear System Restore cache and creates new restore point. Run Cleanup! with OTViewIt Let's clear out the tools we've used. Double click the OTViewIt.exe icon on your desktop to start the program. Click CleanUp!. A pop-up box will appear asking "Begin Removal Process?". Click Yes. Click Yes when asked to reboot. Remove ERUNT Backups You should remove all the backups that ERUNT has made. Those backups may contain old registry keys, possibly those created by malware. Delete everything under: C:\WINDOWS\erdnt\ ERUNT will automatically remove backups older than 30 days, so there is no need to clear that folder manually in the future. It is a good idea to have ERUNT installed, even when you are not infected. Tasks like installing programs and changing settings, which involve working with the registry, can cause problems that can be quickly undone by reverting to a backup. However, if you with to uninstall the program, do so using Add/Remove Programs. Preventing Malware Infection in the Future Please also have a look at the following links, giving some advice and suggestions for preventing future infections: So How did I get infected? Microsoft - 'Security at home' Miekies' prevention suggestions Visit the Windows Update Site regularly. Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating. Update ALL Critical updates and any other Windows updates for services/programs that you use. If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates. Note that it will download them for you, but you still have to actually click install. If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com. It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Simple and easy ways to keep your computer safe and secure on the Internet Thank you for choosing Bleeping Computer as you malware removal source. Be sure to tell your friends about us! Do you have any further questions or concerns? With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

jaosh View Member Profile	Oct 11 2008, 06:12 AM Post #14
New Member Group: Members Posts: 13 Joined: 4-July 08 Member No.: 220,365	Hey Panda Thanks for all your help buddy. Gonna give u a big 2 thumbs up for all the help Just one last annoying factor that keeps popping up with my antivir antivirus. Keep getting this alert Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'C:\WINDOWS\temp\wmsetup.dll. Action performed: Delete file is there anyway i can permanently delete this sort of problem??? Thanks again for all your help. Regards, Jaosh

PropagandaPanda View Member Profile	Oct 11 2008, 08:17 AM Post #15
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Jaosh. That doesn't look good. Can you please post a new log with OTViewIt? That file is known to install other malware. If SpyBot asks for allow any changes, deny them unless you are sure that you make them (like installing a program). With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 01:46 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides