Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots Of Trojans Keep Popping..hijack Log Shows Someting Suspect


  • This topic is locked This topic is locked
23 replies to this topic

#1 jaosh

jaosh

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 03 October 2008 - 08:04 AM

hey guys.hoping some1 can help me out here..i have avira antivirus along wit malwarebyes anti malware along with adaware(which doesnt really work for me)..ive posted a hijack log and a malware bytes long..please help me cuz i feel this is serious

check out the O20 and O21 regions in the hijack log..i suspect thats the problem!..please help anyone!


****hijack log*****

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:41 PM, on 10/3/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-BL8BC.exe" /REG
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CS3\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: HBmhly.dll,HBFY.dll,HBBO.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - (no file)
O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - (no file)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - (no file)
O21 - SSODL: mznuetzd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - (no file)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7705 bytes




****malwarebytes anti-malware bytes log**** (something got cleaned and deleted but it keeps popping up)

Malwarebytes' Anti-Malware 1.21
Database version: 969
Windows 5.1.2600 Service Pack 2, v.2096

8:39:12 AM 10/3/2008
mbam-log-10-3-2008 (08-39-12).txt

Scan type: Quick Scan
Objects scanned: 42775
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzwr32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\XGNJAJHG\07[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\XGNJAJHG\09[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\50JEUMKU\14[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\04[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\06[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\10[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\T877D6LK\13[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\03[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\05[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\08[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\11[2].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\12[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\15[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KHEFWHEV\16[2].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Dialer) -> Quarantined and deleted successfully.



Hope any of you guys can help me quick..thanks

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 03 October 2008 - 04:01 PM

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.

I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please hold tight.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 jaosh

jaosh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 04 October 2008 - 12:25 AM

Hey Propaganda Panda..

Just thought ill add my Avira Full System Scan Log from last night..



Avira AntiVir Personal
Report file date: Friday, October 03, 2008 21:41

Scanning for 1657543 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2, v.2096) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MR

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 05:27:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 04:26:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 09:14:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 04:28:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 07:03:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 10:24:16
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 9/26/2008 05:04:12
ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 10/2/2008 04:57:32
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 06:28:22
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 10/1/2008 05:06:46
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 09:14:50
AERDL.DLL : 8.1.1.2 438644 Bytes 10/1/2008 05:06:32
AEPACK.DLL : 8.1.2.3 364918 Bytes 10/1/2008 05:05:52
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 10/1/2008 05:05:30
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/1/2008 05:05:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 09:14:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/1/2008 05:04:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 05:03:22
AECORE.DLL : 8.1.1.11 172406 Bytes 10/1/2008 05:04:26
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 09:14:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 05:10:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 05:58:02
AVREP.DLL : 8.0.0.2 98344 Bytes 10/1/2008 05:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 07:56:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 04:59:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 08:57:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 13:58:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 09:19:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 08:35:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 10:18:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 10:04:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: delete
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, October 03, 2008 21:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'BBImpSec.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'BBClient.exe' - '1' Module(s) have been scanned
Scan process 'ping.exe' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'VSNP325.EXE' - '1' Module(s) have been scanned
Scan process 'TSNP325.EXE' - '1' Module(s) have been scanned
Scan process 'FixCamera.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C1QFSHI7\gbu[1].gif
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temp\14.cab
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temp\09.cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KBKXUF8X\05[2].cab
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KBKXUF8X\06[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KBKXUF8X\10[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\abc[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\04[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\07[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\08[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\12[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\Q5O7QROX\14[1].cab
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\C41ABL9E\eee[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\C41ABL9E\ad[1].css
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\C41ABL9E\09[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\gbu[1].gif
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\01[2].cab
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Qhost.kmd Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\02[2].cab
[DETECTION] Is the TR/Drop.Small.bsy Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\03[1].cab
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\11[1].cab
[0] Archive type: OVL
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\AN05IXEH\13[1].cab
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0217950.sys
[DETECTION] Is the TR/Thief.MultiFirst.D Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218267.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0219267.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220267.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220268.sys
[DETECTION] Is the TR/PSW.OnlineGames.ZWI Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220269.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220270.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220271.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220272.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220273.exe
[DETECTION] Is the TR/Spy.Agent.nxa Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220402.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220410.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220418.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220426.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220554.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
Begin scan in 'D:\'
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210870.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210872.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210874.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210875.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210876.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210877.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210878.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210881.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210883.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210884.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210885.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210886.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210887.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210888.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210891.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210892.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210893.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210894.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210895.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210896.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210897.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210898.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210899.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210900.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210901.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210902.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210903.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210904.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210909.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210910.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210911.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210912.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210913.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210914.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210915.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210916.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210917.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210918.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210919.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210920.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210921.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210922.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210923.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210924.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210925.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210926.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210927.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210928.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210929.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210930.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210934.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210936.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210951.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP279\A0211067.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP279\A0211069.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP279\A0211084.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211350.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211351.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211352.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211353.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211354.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211355.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211356.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211357.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211358.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211359.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211360.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211365.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211366.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211367.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211388.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211390.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211391.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211392.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211393.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211394.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211395.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211396.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211397.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211399.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211403.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211404.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211405.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211406.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211407.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211408.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211409.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211410.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211411.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211412.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211413.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211414.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211415.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211416.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211417.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211418.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211505.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211506.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211507.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211508.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211509.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211510.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211511.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211512.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211513.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211514.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211515.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211999.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212000.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212001.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212002.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212003.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212004.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212005.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212006.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212007.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212008.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212009.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212096.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212097.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212098.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212099.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212100.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212101.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212102.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212103.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212104.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212105.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212106.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212107.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212108.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212109.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212110.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212111.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212115.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212117.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212118.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212119.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212120.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212121.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212122.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212123.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212124.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212126.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212786.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212788.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212790.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212791.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212793.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212794.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212795.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212797.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212799.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212800.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212801.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212802.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212803.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212804.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212807.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212808.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212809.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212810.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212811.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212812.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212813.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212814.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212815.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212816.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212817.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212818.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212819.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212820.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212825.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212826.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212827.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212828.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212829.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212830.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212831.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212832.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212833.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212834.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212835.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212836.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212837.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212838.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212839.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212840.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212841.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212842.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212843.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212844.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212845.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212846.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212850.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212852.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212867.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213335.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213336.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213337.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213338.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213339.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213340.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213341.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213342.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213343.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213344.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213345.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213432.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213433.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213434.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213451.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213453.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213454.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213455.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213456.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213457.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213458.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213459.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213460.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213462.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213464.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213465.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213466.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213467.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213468.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213469.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213472.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213473.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213474.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213475.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213476.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213477.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213478.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213479.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213480.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213481.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213482.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213483.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213484.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213485.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213490.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213491.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213492.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213493.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213494.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213495.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213496.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213497.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213498.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213499.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213500.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213501.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213502.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213503.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213504.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213505.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213506.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213507.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213508.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213509.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213510.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213511.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213515.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213517.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213532.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214133.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214134.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214135.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214136.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214137.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214138.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214139.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214140.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214141.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214142.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214143.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214226.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214227.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214228.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214229.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214230.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214231.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214232.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214233.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214234.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214235.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214236.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214237.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214238.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214239.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214240.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214241.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214245.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214247.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214248.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214249.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214250.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214251.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214252.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214253.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214254.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214256.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214258.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214259.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214260.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214261.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214262.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214263.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214266.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214267.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214268.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214269.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214270.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214271.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214272.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214273.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214274.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214275.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214276.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214277.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214278.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214279.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214283.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214284.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214285.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214286.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214287.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214288.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214289.EXE
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214290.EXE
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214291.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214292.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214293.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214294.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214295.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214296.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214297.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214298.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214299.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214300.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214301.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214302.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214303.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214304.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214308.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214310.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214321.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214595.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214596.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214597.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214598.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214599.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214600.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214601.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214602.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214603.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214604.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214605.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214685.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214686.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214687.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214688.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214689.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214690.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214691.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214692.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214693.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214694.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214695.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214696.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214697.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214698.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214699.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214700.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214703.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214706.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214707.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214710.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214711.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214712.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214713.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214714.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214715.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214716.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214717.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214718.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214719.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214720.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214721.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214722.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214723.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214726.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214727.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214728.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214729.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214730.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214731.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214732.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214733.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214734.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214735.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214736.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214737.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214738.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214739.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214740.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214741.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214742.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214743.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214744.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214745.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214746.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214747.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217265.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217266.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217267.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217268.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217269.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217270.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217271.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217272.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217273.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217274.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217275.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217355.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217356.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217357.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217358.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217359.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217360.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217361.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217362.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217363.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217364.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217365.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217366.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217367.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217368.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217369.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217370.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217372.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217374.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217375.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217376.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217377.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217378.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217379.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217380.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217381.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217383.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217385.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217386.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217387.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217388.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217389.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217390.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217393.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217394.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217395.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217396.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217397.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217398.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217399.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217400.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217401.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217402.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217403.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217404.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217405.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217406.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217409.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217410.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217411.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217412.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217413.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217414.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217415.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217416.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217417.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217418.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217419.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217420.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217421.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217422.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217423.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217424.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217425.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217426.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217427.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217428.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217429.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217430.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217434.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217436.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217447.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217673.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217674.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217675.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217676.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217677.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217678.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217679.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217680.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217681.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217682.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217683.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217763.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217764.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217765.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217766.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217767.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217768.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217769.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217770.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217771.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217772.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217773.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217774.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217775.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217776.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217777.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217778.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217780.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217782.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217783.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217784.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217785.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217786.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217787.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217788.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217789.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217791.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217793.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217794.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217795.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217796.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217797.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217798.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217801.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217802.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217803.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217804.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217805.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217806.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217807.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217808.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217809.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217810.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217811.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217812.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217813.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217814.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217817.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217818.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217819.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217820.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217821.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217822.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217823.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217824.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217825.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217826.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217827.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217828.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217829.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217830.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217831.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217832.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217833.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217834.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217835.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217836.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217837.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217838.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217842.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217844.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217855.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218067.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218068.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218069.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218070.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218071.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218072.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218073.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218074.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218154.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218155.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218156.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218157.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218158.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218159.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218160.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218161.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218162.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218163.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218164.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218165.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218166.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218167.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218168.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218169.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218416.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218417.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218418.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218419.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218420.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218421.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218422.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218423.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218424.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218425.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218426.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218506.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218507.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218508.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218509.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218510.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218511.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218512.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218513.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218514.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218515.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218516.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218517.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218518.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218519.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218520.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218521.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218523.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218525.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218526.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218527.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218528.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218529.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218530.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218531.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218532.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218534.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218536.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218537.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218538.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218539.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218540.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218541.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218544.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218545.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218546.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218547.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218548.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218549.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218550.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218551.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218552.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218553.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218554.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218555.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218556.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218557.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218560.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218561.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218562.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218563.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218564.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218565.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218566.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218567.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218568.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218569.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218570.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218571.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218572.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218573.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218574.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218575.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218576.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218577.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218578.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218579.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218580.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218581.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218585.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218587.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218598.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220715.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220716.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220717.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220718.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220719.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220720.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220721.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220722.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220723.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220724.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220725.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220805.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220806.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220807.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220808.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220809.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220810.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220811.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220812.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220813.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220814.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220815.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220816.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220817.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220818.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220819.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220820.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220822.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220824.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220825.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220826.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220827.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220828.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220829.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220830.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220831.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220833.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220835.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220836.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220837.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220838.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220839.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220840.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220843.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220844.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220845.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220846.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220847.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220848.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220849.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220850.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220851.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220852.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220853.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220854.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220855.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220856.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220859.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220860.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220861.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220862.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220863.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220864.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220865.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220866.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220867.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220868.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220869.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220870.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220871.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220872.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220873.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220874.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220875.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220876.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220877.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220878.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220879.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220880.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220884.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220886.exe
[WARNING] The file could not be opened!
D:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220897.exe
[WARNING] The file could not be opened!
D:\WarRock\WRLauncher.VIR
[DETECTION] Contains recognition pattern of the W32/Almanahe.B Windows virus
[NOTE] The file was deleted!
D:\WarRock\dxsetup.VIR
[DETECTION] Contains recognition pattern of the W32/Almanahe.B Windows virus
[NOTE] The file was deleted!
D:\WarRock\WRUpdater.VIR
[DETECTION] Contains recognition pattern of the W32/Almanahe.B Windows virus
[NOTE] The file was deleted!
D:\RANDOM\DSF 1-16(S.E sem2)\A1_GLL.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\DIJKST~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\ALLM_L~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\THREADED.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\DFBFS.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\DFS_GRAP.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\KRUS.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\PRIMS.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\NEWTEX~3.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\PRIM.EXE
[WARNING] The file could not be opened!
D:\RANDOM\DSF 1-16(S.E sem2)\2WR-R~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\3MIRRO~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\1GLL.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\8BSTAD~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\13QUIC~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\14MERG~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\16HUFF~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\9HAS~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\9HASHW~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\NONAME00.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\7KRUSP~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\11DAF~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\12INDE~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\5DFSBF~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\4THREA~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\10INDE~1.EXE
[WARNING] The file could not be opened!
D:\RANDOM\New Folder (3)\DSF ALL PROGRAMS\2EXPTREE.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\MAKE.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\TLIB.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\TLINK.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\GREP2MSG.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\PRJ2MAK.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\PRJCNVT.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\TASM2MSG.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\TEMC.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\TRIGRAPH.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\UNZIP.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\ALLM_L~1.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\PAGE.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\NONAME00.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\QUICK.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\HEAP.EXE
[WARNING] The file could not be opened!
D:\TC\BIN\NONAME01.EXE
[WARNING] The file could not be opened!
D:\usb\POLY_FIL.EXE
[WARNING] The file could not be opened!
D:\usb\BBAC.EXE
[WARNING] The file could not be opened!
D:\usb\CAR.EXE
[WARNING] The file could not be opened!
D:\usb\primayur\SJFP.EXE
[WARNING] The file could not be opened!
D:\usb\scheduling\SCHEDULI.EXE
[WARNING] The file could not be opened!
D:\usb\scheduling\NONAME00.EXE
[WARNING] The file could not be opened!
D:\usb\suhas\prasafd\Final T.E I.T\OS\READ-WRI.EXE
[WARNING] The file could not be opened!
D:\usb\suhas\prasafd\Final T.E I.T\OS\BANKERS.EXE
[WARNING] The file could not be opened!
D:\usb\suhas\prasafd\complete T.E I.T\os1\BANKERS.EXE
[WARNING] The file could not be opened!
D:\usb\1st\BBALI.EXE
[WARNING] The file could not be opened!
D:\usb\1st\BBAPP.EXE
[WARNING] The file could not be opened!
D:\usb\1st\DDAPAP.EXE
[WARNING] The file could not be opened!
D:\usb\6thline clip\LINECLIP.EXE
[WARNING] The file could not be opened!
D:\usb\jaosh1\P-CLIP.EXE
[WARNING] The file could not be opened!
D:\usb\Media\BAN.EXE
[WARNING] The file could not be opened!
D:\usb\mk\MRK_CAR.EXE
[WARNING] The file could not be opened!
D:\usb\mk\MRK_DDA.EXE
[WARNING] The file could not be opened!
D:\usb\os\READWRIT.EXE
[WARNING] The file could not be opened!
D:\usb\os\os\PAGE.EXE
[WARNING] The file could not be opened!
D:\usb\os\os\PGFLT2.EXE
[WARNING] The file could not be opened!
D:\usb\os\oswithoutput\Banker's algo\BANKERS.EXE
[WARNING] The file could not be opened!
D:\usb\demand paging\PAGING.EXE
[WARNING] The file could not be opened!
D:\usb\usb1\PAGE.EXE
[WARNING] The file could not be opened!
D:\usb\usb1\os\CPUSCHE.EXE
[WARNING] The file could not be opened!
D:\usb\usb1\os\os\PRC_SHD.EXE
[WARNING] The file could not be opened!
D:\usb\usb1\demand paging\PAGING.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssprogs\MYLEX1.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssprogs\PAR.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssprogs\MYLINE.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssprogs\RG.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssprogs\DFA.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssf\RETODFA.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssf\GRA2DFA.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssf\SLL.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssf\MACRO\MACRO1.EXE
[WARNING] The file could not be opened!
D:\ms folder\ssf\ASSEMBLER\ASS2.EXE
[WARNING] The file could not be opened!
D:\New Folder\Projects_c++\ajay_project.vcdm\UNINSTAL.EXE
[WARNING] The file could not be opened!
D:\New Folder\Projects_c++\Projects\SWATGAME\SWATGAME.EXE
[WARNING] The file could not be opened!
D:\New Folder1\mk\ALLOCAT3.EXE
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210728.exe
[WARNING] The file could not be opened!
E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210729.exe
[WARNING] The file could not be opened!
E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210730.exe
[WARNING] The file could not be opened!
E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211972.exe
[WARNING] The file could not be opened!
E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211973.exe
[WARNING] The file could not be opened!
E:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211974.exe
[WARNING] The file could not be opened!
Begin scan in 'F:\'
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0213985.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214035.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214037.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214042.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214057.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214062.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214063.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214064.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214065.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214066.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214067.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214068.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214069.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214070.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214071.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214072.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214073.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP281\A0214080.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214525.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214526.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214528.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214529.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214531.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214532.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214533.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214534.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214535.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214539.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP282\A0214540.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0214984.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215034.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215041.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215043.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215044.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215046.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215047.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215056.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215058.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215059.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215060.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215061.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215062.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215063.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215064.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215065.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215066.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215067.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0215079.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0216986.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217036.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217043.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217058.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217060.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217061.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217062.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217063.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217064.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217065.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217066.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217067.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217068.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217069.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217070.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217071.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217072.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217073.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217074.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217081.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217530.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217580.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217582.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217583.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217586.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217587.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217589.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217590.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217592.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217593.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217594.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217595.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217596.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217600.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217601.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217602.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217604.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217605.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217606.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217607.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217608.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217609.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217610.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217611.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217612.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217613.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217614.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217615.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217616.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217617.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217618.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP284\A0217625.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218272.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218322.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218324.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218325.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218328.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218329.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218331.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218332.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218334.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218335.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218336.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218337.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218338.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218342.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218343.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218344.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218346.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218347.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218348.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218349.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218350.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218351.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218352.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218353.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218354.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218355.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218356.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218357.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218358.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218359.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218360.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0218367.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0219271.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220277.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220327.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220329.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220330.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220333.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220334.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220336.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220337.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220339.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220340.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220341.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220342.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220343.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220347.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220348.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220349.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220351.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220352.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220353.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220354.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220355.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220356.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220357.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220358.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220359.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220360.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220361.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220362.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220363.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220364.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220365.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220372.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220430.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220480.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220482.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220483.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220486.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220487.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220489.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220490.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220492.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220493.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220494.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220495.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220496.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220500.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220501.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220502.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220504.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220505.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220506.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220507.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220508.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220509.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220510.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220511.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220512.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220513.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220514.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220515.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220516.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220517.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220518.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220525.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220559.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220609.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220616.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220631.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220633.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220634.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220636.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP285\A0220654.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210535.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210596.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210598.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210599.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210602.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210603.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210605.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210606.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210608.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210609.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210610.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210611.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210612.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210616.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210617.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210618.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210620.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210621.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210622.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210623.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210624.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210625.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210626.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210627.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210628.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210629.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210630.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210631.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210632.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210633.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210634.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP278\A0210643.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211630.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211639.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211640.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211641.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211642.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211643.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211644.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211645.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211646.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211647.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211648.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211649.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211650.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211651.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211652.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211653.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211655.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211656.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211657.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211661.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211662.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211663.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211664.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211665.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211667.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211668.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211670.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211671.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211674.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211675.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211677.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211738.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211764.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211832.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211834.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211838.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211839.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211841.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211842.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211844.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211845.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211846.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211854.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211856.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211857.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211858.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211859.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0211882.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212317.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212380.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212387.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212389.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212402.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212404.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212405.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212406.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212407.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212408.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212409.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212410.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212411.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212412.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212413.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212414.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212415.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212416.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212417.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212418.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0212430.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213163.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213224.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213226.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213227.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213230.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213231.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213233.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213234.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213236.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213237.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213238.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213239.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213240.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213244.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213245.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213246.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213248.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213249.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213250.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213251.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213252.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213253.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213254.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213255.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213256.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213257.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213258.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213259.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213260.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213261.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213262.exe
[WARNING] The file could not be opened!
F:\System Volume Information\_restore{39A282F7-72CA-4B8A-A642-11C496BD52F3}\RP280\A0213271.exe
[WARNING] The file could not be opened!
F:\GAMES\Small Games\DAVE.EXE
[WARNING] The file could not be opened!
F:\INSTALL\TC\TURBOC.EXE
[WARNING] The file could not be opened!
F:\INSTALL\TC\TLIB.EXE
[WARNING] The file could not be opened!
F:\INSTALL\TC\UNZIP.EXE
[WARNING] The file could not be opened!
F:\INSTALL\TC\CH24_2.EXE
[WARNING] The file could not be opened!
F:\INSTALL\TC\CH24_25.EXE
[WARNING] The file could not be opened!
F:\INSTALL\TALLY5.4\TALLY54.EXE
[WARNING] The file could not be opened!


End of the scan: Friday, October 03, 2008 22:38
Used time: 56:40 Minute(s)

The scan has been done completely.

16253 Scanning directories
703213 Files were scanned
48 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
39 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1201 Files cannot be scanned
701964 Files not concerned
5350 Archives were scanned
1201 Warnings
39 Notes

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 04 October 2008 - 01:12 PM

Hello jaosh.

You've got one tough infection there. Let' s get to work :thumbsup: .

If you don't mind me asking, do you live in India? I ask because you IP traces back to there.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if you computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**"
  • Type without quotes "batch erdnt.con"
  • Type without quotes "exit"
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try an earlier restore date.
Install Recovery Console and Run ComboFix
Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Drag the setup package onto ComboFix.exe and drop it.


    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click NO to skip the scan for now.
Posted Image
  • Close everything and save all work.
  • Click on your Start Menu, then Run.., then type:
    "%userprofile%\desktop\combofix.exe" /killall
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check both the Scan All Users and Use Whitelist checkboxes. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized. A new Extra.txt will not be created if one exists already.
Copy and Paste the logs into your next reply.


Post back with:
-the ComboFix log
-the OTViewIt logs

With Regards,
The Panda

#5 jaosh

jaosh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 04 October 2008 - 11:38 PM

Hey Panda..yes i am from India.. :-)..thank you for helping me :-)

***ComboFix Log***


ComboFix 08-10-04.07 - Jaosh 2008-10-05 9:50:37.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.194 [GMT 5.5:30]
Running from: C:\Documents and Settings\Jaosh\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jaosh\Desktop\boolean\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\ADBMS\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\ADBMS\dsf_san\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Adbms1\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\be\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\be\Trig\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\be\Trig\trig\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\hh\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\hh\trig\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Hospital management\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Hospital management\dsf\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Humaid\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Nessus\Nessus_files\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\payrollNew\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Supermarket\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Supermarket\Super\Desktop_.ini
C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.sdb
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\sysocmgr.dll
C:\WINDOWS\system32\369774CA.cfg
C:\WINDOWS\system32\369774CA.dll
C:\WINDOWS\system32\4BF9CBA3.cfg
C:\WINDOWS\system32\4BF9CBA3.dll
C:\WINDOWS\system32\4EFDDEBE.dll
C:\WINDOWS\system32\4F34C688.dll
C:\WINDOWS\system32\7ADC2AB1.cfg
C:\WINDOWS\system32\8566F82E.cfg
C:\WINDOWS\system32\AF05A291.dll
C:\WINDOWS\system32\D23B0004.dll
C:\WINDOWS\system32\d4f876.sys
C:\WINDOWS\system32\D91BC61E.cfg
C:\WINDOWS\system32\D91BC61E.dll
C:\WINDOWS\system32\EBE50EA1.cfg
C:\WINDOWS\system32\EBE50EA1.dll
C:\WINDOWS\system32\HBBO.dll
C:\WINDOWS\system32\HBCHIBI.dll
C:\WINDOWS\system32\HBKDXY.dll
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\HBQQFFO.dll
C:\WINDOWS\system32\HBQQSG.dll
C:\WINDOWS\system32\HBSO2.dll
C:\WINDOWS\system32\HBZG.dll
C:\WINDOWS\system32\HBZHUXIAN.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mshta.dll
C:\WINDOWS\system32\srecorder.dll
C:\windows\system32\system.exe
C:\WINDOWS\system32\tscfgwmijxsj.nls
C:\WINDOWS\system32\Update.dat
C:\WINDOWS\temp\wmsetup.dll
C:\WINDOWS\Update.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_C56BCC1
-------\Legacy_D4F876
-------\Legacy_HBKERNEL32
-------\Legacy_MCHINJDRV
-------\Legacy_NPF
-------\Service_c56bcc1
-------\Service_d4f876
-------\Service_HBKernel32


((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-05 09:49 . 2008-10-05 09:49 212 --ahs---- C:\WINDOWS\system32\4EFDDEBE.cfg
2008-10-05 09:49 . 2008-10-05 09:49 200 --ahs---- C:\WINDOWS\system32\AF05A291.cfg
2008-10-05 09:48 . 2008-10-05 09:48 5,504 --a------ C:\WINDOWS\system32\8882fa1.sys
2008-10-05 09:47 . 2008-10-05 09:47 47,409 --a------ C:\WINDOWS\255528WL.DLL
2008-10-05 09:11 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\ERUNT
2008-10-03 16:14 . 2008-10-03 16:14 <DIR> d--hs---- C:\FOUND.018
2008-10-03 10:33 . 2008-10-05 09:50 15,248 --a------ C:\WINDOWS\system32\drivers\HBKernel32.sys
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-02 09:43 . 2008-10-02 09:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Free Download Manager
2008-10-01 16:21 . 2008-10-01 16:21 <DIR> d-------- C:\Program Files\Google
2008-10-01 15:57 . 2008-10-01 15:57 <DIR> d-------- C:\Program Files\Spinach AntiSpyware
2008-10-01 15:28 . 2008-10-01 15:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Program Files\Avira
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 21:01 . 2008-09-30 21:01 240 --ahs---- C:\WINDOWS\system32\D23B0004.cfg
2008-09-30 21:00 . 2008-09-30 21:00 196 --ahs---- C:\WINDOWS\system32\4F34C688.cfg
2008-09-24 12:26 . 2008-09-24 12:26 148 --a------ C:\WINDOWS\system32\mznuetzd.nls
2008-09-24 00:39 . 2008-09-24 00:39 <DIR> d--hs---- C:\FOUND.017
2008-09-16 11:18 . 2008-09-16 11:18 22 --a------ C:\WINDOWS\RsConfig.ini
2008-09-06 18:49 . 2008-09-06 18:49 <DIR> dr------- C:\RavBin
2008-09-06 18:47 . 2008-09-06 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rising
2008-09-06 18:46 . 2008-09-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:09 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-28 17:09 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-09 18:34 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 18:33 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\snp325
2008-08-12 14:16 --------- d-----w C:\Program Files\Flix
2008-08-12 13:19 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\ArcSoft
2008-08-12 13:15 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\Nikon
2008-08-12 13:13 --------- d-----w C:\Program Files\Common Files\Nikon
2008-08-11 12:52 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\EurekaLog
2008-08-11 12:14 --------- d-----w C:\Program Files\MySQL-Front
2008-08-11 12:14 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\MySQL-Front
2008-03-24 05:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-09-28 20480]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 20480]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 270336]
"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 835584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-03-12 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-03-30 2746104]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--------- 2005-09-28 10:54 20480 C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
--------- 2006-08-19 11:37 49152 C:\WINDOWS\ZSSnp211.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleTNSListener80"=2 (0x2)
"OracleStartORCL"=2 (0x2)
"OracleServiceORCL"=2 (0x2)
"OracleClientCache80"=3 (0x3)
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"=
"D:\\jdk 1.5\\bin\\java.exe"=
"D:\\jdk 1.5\\jre\\bin\\JAVA.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\instant_rails\\Apache\\Apache.exe"=
"C:\\instant_rails\\RUBY\\BIN\\ruby.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-11-17 9006]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
S3 8882fa1;8882fa1;C:\WINDOWS\system32\8882fa1.sys [2008-10-05 5504]
S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]
S4 OracleClientCache80;OracleClientCache80;C:\ORANT\BIN\ONRSD80.EXE [1997-06-14 141312]
S4 OracleServiceORCL;OracleServiceORCL;c:\orant\bin\oracle80.exe ORCL [ ]
S4 OracleStartORCL;OracleStartORCL;c:\orant\bin\strtdb80.exe [1997-06-05 5632]
S4 OracleTNSListener80;OracleTNSListener80;C:\ORANT\BIN\TNSLSNR80.EXE [1997-06-17 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91633337-5614-11db-acdc-806d6172696f}]
\Shell\AutoRun\command - G:\EISetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{8566F82E-03A4-416E-AEAC-66600D8881F1} - (no file)
ShellExecuteHooks-{EBE50EA1-89C8-463A-998A-69A05ECD2D26} - (no file)
ShellExecuteHooks-{7ADC2AB1-5C6A-4178-82DA-94863354AF7C} - (no file)
ShellExecuteHooks-{4F34C688-FD49-42FC-97F7-87D2F5791612} - 4F34C688.dll
ShellExecuteHooks-{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} - (no file)
ShellExecuteHooks-{D23B0004-30E2-4BDB-B53A-7E9041308C36} - D23B0004.dll
ShellExecuteHooks-{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} - (no file)
ShellExecuteHooks-{369774CA-7CB4-4A3F-A9A9-77D6BC53CB3B} - (no file)
ShellExecuteHooks-{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} - 4EFDDEBE.dll
ShellExecuteHooks-{AF05A291-7249-4C15-B212-3E8D8C02438D} - AF05A291.dll
SSODL-mznuetzd.dll-{65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - (no file)
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-HBService32 - System.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jaosh\Application Data\Mozilla\Firefox\Profiles\whkt3hyn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.in/ig?hl=en|www.orkut.com|http://www.facebook.com/home.php
FF -: plugin - C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 09:54:07
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-05 9:57:01 - machine was rebooted [Jaosh]
ComboFix-quarantined-files.txt 2008-10-05 04:27:00

Pre-Run: 7,705,542,656 bytes free
Post-Run: 7,911,669,760 bytes free

248



***OTViewIt.Txt***

OTViewIt logfile created on: 10/5/2008 10:01:28 AM - Run
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 95.41 Mb Available Physical Memory | 21.37% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 68.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.03 Gb Total Space | 7.43 Gb Free Space | 39.04% Space Free | Partition Type: FAT32
Drive D: | 18.48 Gb Total Space | 5.92 Gb Free Space | 32.06% Space Free | Partition Type: FAT32
Drive E: | 18.48 Gb Total Space | 11.69 Gb Free Space | 63.25% Space Free | Partition Type: FAT32
Drive F: | 18.49 Gb Total Space | 0.99 Gb Free Space | 5.33% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MR
Current User Name: Jaosh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/10/08 11:52:32 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2004/03/12 00:19:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/04/21 09:30:54 | 00,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
[2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2004/03/12 05:49:10 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/03/12 00:19:06 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2006/04/22 09:37:00 | 00,577,536 | ---- | M] (Sify Ltd) -- C:\Program Files\Sify Broadband\BBClient.exe
[2008/09/28 22:24:26 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/04/21 20:04:00 | 00,127,085 | ---- | M] () -- C:\Program Files\Sify Broadband\BBImpSec.exe
[2004/03/12 00:19:06 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
[2008/10/05 10:01:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaosh\Desktop\web 2.0\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/02 09:45:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand | Stopped])
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/30 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2004/03/12 00:18:56 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[1997/06/14 23:42:14 | 00,141,312 | ---- | M] () -- C:\ORANT\BIN\ONRSD80.EXE -- (OracleClientCache80 [Disabled | Stopped])
[1997/06/20 18:44:18 | 08,371,200 | ---- | M] (Oracle Corporation) -- c:\orant\bin\oracle80.exe -- (OracleServiceORCL [Disabled | Stopped])
[1997/06/05 14:29:36 | 00,005,632 | ---- | M] () -- c:\orant\bin\strtdb80.exe -- (OracleStartORCL [Disabled | Stopped])
[1997/06/17 10:16:18 | 00,124,928 | ---- | M] () -- C:\ORANT\BIN\TNSLSNR80.EXE -- (OracleTNSListener80 [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/03/12 00:19:10 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/10/05 09:48:44 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\8882fa1.sys -- (8882fa1 [On_Demand | Stopped])
[2004/07/20 00:41:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2005/08/31 11:12:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:56 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFSDRV [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRSDRV [Auto | Stopped])
[2004/03/12 00:55:20 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2004/03/12 00:45:06 | 00,101,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2004/03/12 00:55:18 | 00,273,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/03/12 00:55:16 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Running])
[2004/03/12 00:55:08 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
[2006/12/27 13:20:32 | 00,046,080 | R--- | M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\filespy.sys -- (FILESpy [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/19 02:45:42 | 04,034,048 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2005/01/31 15:42:46 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
[2004/03/12 00:44:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
[2004/03/12 00:55:12 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/03/12 00:55:06 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
[2004/03/11 22:48:04 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
[2005/01/31 15:50:04 | 00,211,712 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2004/03/12 00:28:58 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\regspy.sys -- (REGSpy [On_Demand | Stopped])
[2004/03/12 00:55:20 | 00,059,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Stopped])
[2004/03/11 23:43:50 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
[2006/11/17 19:45:32 | 00,009,006 | ---- | M] (ZD Soft) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys -- (scrcap [On_Demand | Running])
[2004/02/23 08:00:56 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/12 00:55:08 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
[2007/07/24 10:21:44 | 10,394,624 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\DRIVERS\snp325.sys -- (SNP325 [On_Demand | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/03/12 00:55:06 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2004/03/12 00:53:14 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/03/11 22:53:54 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/03/11 22:53:52 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand | Running])
[2004/03/12 00:55:10 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])
[2006/08/24 05:59:58 | 00,391,836 | R--- | M] (ZSMC Corporation) -- C:\WINDOWS\System32\Drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"CameraFixer"=C:\WINDOWS\CameraFixer.exe ()
"FixCamera"=C:\WINDOWS\FixCamera.exe ()
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"snp325"=C:\WINDOWS\vsnp325.exe ()
"tsnp325"=C:\WINDOWS\tsnp325.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()

========== (O4) Startup Folders ==========

[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [2006/11/09 15:21:54 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}: Button: Upload -- %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}: https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab -- AxSubmitControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0100860D-83F1-4850-8026-8646EF807C26} (Servers: 202.144.115.4,202.144.10.50 | Description: Realtek RTL8029(AS) PCI Ethernet Adapter)
{02178E7B-AD83-4AC2-B295-73437C555883} (Servers: | Description: )
{2A297385-B3F8-4EA2-92DB-9081E8F1285E} (Servers: | Description: )
{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2} (Servers: 202.144.115.4,202.144.10.50 | Description: D-Link DFE-520TX PCI Fast Ethernet Adapter)
{48203F0D-2BB8-4DD5-A657-4A69598639B4} (Servers: | Description: )
{5CDAD276-F417-4C57-B127-D95950E6474A} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{A368F954-D19D-40B3-AB38-86C8FE6A747E} (Servers: | Description: )
{E631B284-CF07-455B-97C5-3B47425D9926} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found.

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/10/07 15:19:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}\Shell\Auto\command]
""=MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\Shell32.DLL -- [2004/03/12 00:18:50 | 08,368,640 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun\command]
""=G:\EISetup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\EXPLORER.EXE -- [2004/03/12 00:19:00 | 01,028,608 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}\Shell\explore\Command]
""=C:\WINDOWS\EXPLORER.EXE -- [2004/03/12 00:19:00 | 01,028,608 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}\Shell\open\Command]
""=C:\WINDOWS\EXPLORER.EXE -- [2004/03/12 00:19:00 | 01,028,608 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/10/05 09:59:44 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2008/10/05 09:57:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/05 09:50:27 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/10/05 09:49:19 | 00,000,200 | -HS- | C] () -- C:\WINDOWS\System32\AF05A291.cfg
[2008/10/05 09:49:09 | 00,000,212 | -HS- | C] () -- C:\WINDOWS\System32\4EFDDEBE.cfg
[2008/10/05 09:48:42 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\8882fa1.sys
[2008/10/05 09:47:16 | 00,047,409 | ---- | C] () -- C:\WINDOWS\255528WL.DLL
[2008/10/05 09:45:46 | 00,000,203 | ---- | C] () -- C:\Boot.bak
[2008/10/05 09:45:44 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/05 09:45:43 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/05 09:44:28 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/10/05 09:44:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/10/05 09:44:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/05 09:44:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/05 09:44:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/05 09:44:07 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/05 09:44:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/05 09:44:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/05 09:44:07 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/10/05 09:24:36 | 00,210,936 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:18:00 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:12:49 | 02,938,977 | R--- | C] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:12:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/05 09:11:47 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/05 09:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/03 16:14:50 | 00,000,000 | -HSD | C] -- C:\FOUND.018
[2008/10/03 10:33:06 | 00,015,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\HBKernel32.sys
[2008/10/02 09:44:12 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/02 09:44:12 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/02 09:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/02 09:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/02 09:43:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/02 09:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaosh\Desktop\backups
[2008/10/02 09:18:15 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe
[2008/10/01 19:11:54 | 00,106,172 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Spinach AntiSpyware
[2008/10/01 15:52:53 | 00,119,186 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:10 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:35 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/10/01 10:26:26 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/10/01 10:26:26 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/10/01 10:26:25 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/10/01 10:26:23 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/30 21:01:16 | 00,000,240 | -HS- | C] () -- C:\WINDOWS\System32\D23B0004.cfg
[2008/09/30 21:00:22 | 00,000,196 | -HS- | C] () -- C:\WINDOWS\System32\4F34C688.cfg
[2008/09/30 14:37:07 | 00,000,165 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:17:58 | 00,318,068 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/28 22:24:46 | 00,774,144 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\War Rock.exe
[2008/09/28 16:16:15 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:40 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/24 00:39:22 | 00,000,000 | -HSD | C] -- C:\FOUND.017
[2008/09/20 18:41:18 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/16 12:32:15 | 01,435,648 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:57 | 00,000,022 | ---- | C] () -- C:\WINDOWS\RsConfig.ini
[2008/09/06 18:49:34 | 00,000,000 | R--D | C] -- C:\RavBin
[2008/09/06 18:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2008/09/06 18:46:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/10/05 09:54:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/05 09:53:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 09:53:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/05 09:53:40 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/05 09:52:44 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/05 09:49:20 | 00,000,200 | -HS- | M] () -- C:\WINDOWS\System32\AF05A291.cfg
[2008/10/05 09:49:10 | 00,000,212 | -HS- | M] () -- C:\WINDOWS\System32\4EFDDEBE.cfg
[2008/10/05 09:48:44 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\8882fa1.sys
[2008/10/05 09:45:48 | 00,000,273 | RHS- | M] () -- C:\boot.ini
[2008/10/05 09:33:26 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:24:38 | 00,210,936 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:23:54 | 02,938,977 | R--- | M] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:11:48 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/05 00:20:38 | 06,384,416 | -H-- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\IconCache.db
[2008/10/02 09:44:14 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/02 09:44:14 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/01 19:12:08 | 00,106,172 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:52:58 | 00,119,186 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:12 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:36 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/09/30 21:01:18 | 00,000,240 | -HS- | M] () -- C:\WINDOWS\System32\D23B0004.cfg
[2008/09/30 21:00:24 | 00,000,196 | -HS- | M] () -- C:\WINDOWS\System32\4F34C688.cfg
[2008/09/30 14:37:08 | 00,000,165 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:18:08 | 00,318,068 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/30 12:14:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/28 22:39:22 | 00,159,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/28 22:39:08 | 00,182,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/28 16:16:16 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:42 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/27 01:27:14 | 00,059,985 | ---- | M] () -- C:\deb.sbl
[2008/09/24 16:48:48 | 00,149,504 | ---- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/20 18:50:10 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/17 20:53:48 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_CV.doc
[2008/09/16 12:32:16 | 01,435,648 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:58 | 00,000,022 | ---- | M] () -- C:\WINDOWS\RsConfig.ini
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 12:51:58 | 00,023,179 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\image001.jpg
[2008/09/05 21:08:04 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
< End of report >



***Extras.txt***

OTViewIt Extras logfile created on: 10/5/2008 10:01:28 AM - Run
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 95.41 Mb Available Physical Memory | 21.37% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 68.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.03 Gb Total Space | 7.43 Gb Free Space | 39.04% Space Free | Partition Type: FAT32
Drive D: | 18.48 Gb Total Space | 5.92 Gb Free Space | 32.06% Space Free | Partition Type: FAT32
Drive E: | 18.48 Gb Total Space | 11.69 Gb Free Space | 63.25% Space Free | Partition Type: FAT32
Drive F: | 18.49 Gb Total Space | 0.99 Gb Free Space | 5.33% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MR
Current User Name: Jaosh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/03/12 05:49:08 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:Remote Assistance
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/03/12 05:49:08 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:Remote Assistance
[2004/03/12 00:18:58 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/03/27 15:22:58 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2006/11/09 13:28:30 | 00,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/09/28 22:24:26 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2006/11/09 13:28:20 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_10\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/11/09 14:40:28 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- D:\jdk 1.5\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/11/09 13:28:20 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- D:\jdk 1.5\jre\bin\JAVA.EXE:*:Enabled:Java™ 2 Platform Standard Edition binary
[2004/03/12 00:19:10 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winver.exe:*:Enabled:winver
[2007/12/28 18:42:12 | 00,020,545 | ---- | M] () -- C:\instant_rails\Apache\Apache.exe:*:Enabled:Apache
[2007/12/28 18:42:08 | 00,020,541 | ---- | M] () -- C:\instant_rails\RUBY\BIN\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
[2008/02/01 17:22:12 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/01 17:22:12 | 01,934,672 | R--- | M] (Skype Technologies) C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/03/11 22:08:16 | 00,843,802 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{32A3A4F4-B792-11D6-A78A-00B0D0150100}"=J2SE Development Kit 5.0 Update 10
"{3819891A-030B-4a4e-98ED-B28A649E48AB}"=HP Deskjet 3900 series
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{42F6BED9-41DD-40F1-85A8-8E0350493626}"=HPDeskjet3900Series
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}"=USB PC Camera (ZS211)
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}"=MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}"=2.0 PC CAMERA
"{FE64AE29-0883-4C70-8388-DC026019C900}"=HP Image Zone Express
"123 Free Solitaire"=123 Free Solitaire
"274c5407c4fa26908310cb5c1c550000499880411"=NetBeans IDE 5.5
"274c5407c4fa26908310cb5c1c5500b2ep499880411"=NetBeans Enterprise Pack 5.5
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Defraggler"=Defraggler (remove only)
"ERUNT_is1"=ERUNT 1.1j
"fcd569e3a3b8ade0f9366fc662550000693919869"=NetBeans Mobility Pack 5.5
"Flickr Uploadr"=Flickr Uploadr 2.5.0.15
"FLVPlayer"=FLV Player 1.3.3
"Free Download Manager_is1"=Free Download Manager 2.5
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities"=HP Extended Capabilities 5.0
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MsJavaVM"=Microsoft VM for Java
"MS-MPEG4"=Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSNINST"=MSN
"MySQL-Front_is1"=MySQL-Front 4.2
"ObjectDock"=ObjectDock
"QcDrv"=Logitech® Camera Driver
"Rational Rose 98 Enterprise Edition"=Rational Rose 98 Enterprise Edition
"Sify Broadband_is1"=Sify Broadband 3.22
"VLC media player"=VideoLAN VLC media player 0.8.5
"VN_VUIns_Rhine_D-Link"=D-Link PCI Fast Ethernet Adapter
"WebPost"=Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"Yahoo! Messenger"=Yahoo! Messenger
"YASA VOB to AVI Converter v3.2 (build 039)"=YASA VOB to AVI Converter v3.2 (build 039)
"ZD Soft Screen Recorder"=ZD Soft Screen Recorder
"ZDSV"=ZD Soft Screen Video Decoder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2008 12:10:41 PM | Computer Name = MR | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service terminated
unexpectedly. It has done this 1 time(s).

Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Avira AntiVir Personal - Free Antivirus Guard service terminated
unexpectedly. It has done this 1 time(s).

Error - 10/5/2008 12:23:44 AM | Computer Name = MR | Source = Service Control Manager | ID = 7000
Description = The BDRSDRV service failed to start due to the following error: %%123

Error - 10/5/2008 12:23:51 AM | Computer Name = MR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln

Error - 10/5/2008 12:24:59 AM | Computer Name = MR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HOME-2BCF9AF272 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{479EAB7C-F88. The master browser is stopping or an election is being
forced.


< End of report >



Note:
ComboFix did restart my computer deleting some malware files but my avira antivirus seems to have picked them up again on my computer :-(

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 05 October 2008 - 12:02 PM

Hello Jaosh.

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    File::
    C:\WINDOWS\system32\4EFDDEBE.cfg
    C:\WINDOWS\system32\AF05A291.cfg
    C:\WINDOWS\255528WL.DLL
    C:\WINDOWS\system32\D23B0004.cfg
    C:\WINDOWS\system32\4F34C688.cfg
    C:\WINDOWS\system32\mznuetzd.nls
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}]
    
    Driver::
    8882fa1
    nvmini
    BDFSDRV
    BDRSDRV
    
    Rootkit::
    C:\WINDOWS\system32\8882fa1.sys
    C:\WINDOWS\system32\drivers\HBKernel32.sys
    C:\WINDOWS\system32\DRIVERS\nvmini.sys
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..


Post back with:
-the ComboFix log
-the GMER log
-a new OTViewIt log (only one will appear this time)

Could you please tell me if you live in India?

With Regards,
The Panda

#7 jaosh

jaosh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 October 2008 - 01:55 AM

Hey Propaganda Panda,

Yes i do live in India..i thought i said that in my earlier post too. Anyways here are my log files from all the programs


***COMBOFIX LOG***

ComboFix 08-10-04.07 - Jaosh 2008-10-06 12:02:16.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.190 [GMT 5.5:30]
Running from: C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jaosh\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\255528WL.DLL
C:\WINDOWS\system32\4EFDDEBE.cfg
C:\WINDOWS\system32\4F34C688.cfg
C:\WINDOWS\system32\AF05A291.cfg
C:\WINDOWS\system32\D23B0004.cfg
C:\WINDOWS\system32\mznuetzd.nls
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\4EFDDEBE.cfg
C:\WINDOWS\system32\4F34C688.cfg
C:\WINDOWS\system32\AF05A291.cfg
C:\WINDOWS\system32\D23B0004.cfg
C:\WINDOWS\system32\mznuetzd.nls

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_8882FA1
-------\Legacy_BDFSDRV
-------\Legacy_BDRSDRV
-------\Legacy_NVMINI
-------\Service_8882fa1
-------\Service_BDFSDRV
-------\Service_BDRSDRV


((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-05 09:48 . 2008-10-06 12:03 5,504 --a------ C:\WINDOWS\system32\8882fa1.sys
2008-10-05 09:11 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\ERUNT
2008-10-03 16:14 . 2008-10-03 16:14 <DIR> d--hs---- C:\FOUND.018
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-02 09:43 . 2008-10-02 09:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Free Download Manager
2008-10-01 16:21 . 2008-10-01 16:21 <DIR> d-------- C:\Program Files\Google
2008-10-01 15:57 . 2008-10-01 15:57 <DIR> d-------- C:\Program Files\Spinach AntiSpyware
2008-10-01 15:28 . 2008-10-01 15:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Program Files\Avira
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-28 12:34 . 2008-10-06 12:03 17,152 --a------ C:\WINDOWS\system32\drivers\nvmini.sys
2008-09-28 12:33 . 2008-09-28 12:33 46,592 --a------ C:\WINDOWS\linkinfo.dll
2008-09-24 00:39 . 2008-09-24 00:39 <DIR> d--hs---- C:\FOUND.017
2008-09-16 11:18 . 2008-09-16 11:18 22 --a------ C:\WINDOWS\RsConfig.ini
2008-09-06 18:49 . 2008-09-06 18:49 <DIR> dr------- C:\RavBin
2008-09-06 18:47 . 2008-09-06 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rising
2008-09-06 18:46 . 2008-09-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:09 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-28 17:09 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-09 18:34 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 18:33 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\snp325
2008-08-12 14:16 --------- d-----w C:\Program Files\Flix
2008-08-12 13:19 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\ArcSoft
2008-08-12 13:15 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\Nikon
2008-08-12 13:13 --------- d-----w C:\Program Files\Common Files\Nikon
2008-08-11 12:52 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\EurekaLog
2008-08-11 12:14 --------- d-----w C:\Program Files\MySQL-Front
2008-08-11 12:14 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\MySQL-Front
2008-03-24 05:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-05_ 9.56.35.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\ERDNT.EXE
+ 2008-10-06 04:10:06 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000001\NTUSER.DAT
+ 2008-10-06 04:10:06 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000002\UsrClass.dat
+ 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\ERDNT.EXE
+ 2008-10-05 04:25:04 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000001\NTUSER.DAT
+ 2008-10-05 04:25:04 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000002\UsrClass.dat
+ 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\linkinfo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-09-28 20480]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 20480]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 270336]
"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 835584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-03-12 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-03-30 2746104]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--------- 2005-09-28 10:54 20480 C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
--------- 2006-08-19 11:37 49152 C:\WINDOWS\ZSSnp211.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleTNSListener80"=2 (0x2)
"OracleStartORCL"=2 (0x2)
"OracleServiceORCL"=2 (0x2)
"OracleClientCache80"=3 (0x3)
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"=
"D:\\jdk 1.5\\bin\\java.exe"=
"D:\\jdk 1.5\\jre\\bin\\JAVA.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\instant_rails\\Apache\\Apache.exe"=
"C:\\instant_rails\\RUBY\\BIN\\ruby.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-11-17 9006]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
S2 nvmini;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys [2008-10-06 17152]
S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]
S4 OracleClientCache80;OracleClientCache80;C:\ORANT\BIN\ONRSD80.EXE [1997-06-14 141312]
S4 OracleServiceORCL;OracleServiceORCL;c:\orant\bin\oracle80.exe ORCL [ ]
S4 OracleStartORCL;OracleStartORCL;c:\orant\bin\strtdb80.exe [1997-06-05 5632]
S4 OracleTNSListener80;OracleTNSListener80;C:\ORANT\BIN\TNSLSNR80.EXE [1997-06-17 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91633337-5614-11db-acdc-806d6172696f}]
\Shell\AutoRun\command - G:\EISetup.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 12:05:23
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-06 12:07:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-06 06:37:20
ComboFix2.txt 2008-10-05 04:27:04

Pre-Run: 7,755,366,400 bytes free
Post-Run: 7,686,914,048 bytes free

180



***GMER LOG***

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-06 12:17:23
Windows 5.1.2600 Service Pack 2, v.2096


---- System - GMER 1.0.14 ----

SSDT F7B6D374 ZwCreateThread
SSDT F7B6D360 ZwOpenProcess
SSDT F7B6D365 ZwOpenThread
SSDT F7B6D36F ZwTerminateProcess
SSDT F7B6D36A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_allmul + 10A 804E50EC 4 Bytes [ 74, D3, B6, F7 ]
.text ntoskrnl.exe!_allmul + 21E 804E5200 4 Bytes [ 60, D3, B6, F7 ]
.text ntoskrnl.exe!_allmul + 236 804E5218 4 Bytes [ 65, D3, B6, F7 ]
.text ntoskrnl.exe!_allmul + 43A 804E541C 4 Bytes [ 6F, D3, B6, F7 ]
.text ntoskrnl.exe!_allmul + 48A 804E546C 4 Bytes [ 6A, D3, B6, F7 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001583b3cffa
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3cffa
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b3cffa
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x75 0x8D 0xB6 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Model 134
Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Therad 31
Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\5\7\9\0@NodeSlot 264

---- EOF - GMER 1.0.14 ----



*** OTViewIt LOG***


OTViewIt logfile created on: 10/6/2008 12:19:51 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 78.65 Mb Available Physical Memory | 17.62% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 67.60% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.03 Gb Total Space | 7.19 Gb Free Space | 37.75% Space Free | Partition Type: FAT32
Drive D: | 18.48 Gb Total Space | 4.76 Gb Free Space | 25.75% Space Free | Partition Type: FAT32
Drive E: | 18.48 Gb Total Space | 11.69 Gb Free Space | 63.25% Space Free | Partition Type: FAT32
Drive F: | 18.49 Gb Total Space | 0.48 Gb Free Space | 2.60% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MR
Current User Name: Jaosh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/10/08 11:52:32 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2004/03/12 00:19:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/07/11 16:09:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2007/05/10 13:18:10 | 00,835,584 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
[2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2006/04/22 09:37:00 | 00,577,536 | ---- | M] (Sify Ltd) -- C:\Program Files\Sify Broadband\BBClient.exe
[2006/04/21 20:04:00 | 00,127,085 | ---- | M] () -- C:\Program Files\Sify Broadband\BBImpSec.exe
[2004/03/12 05:49:10 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/28 22:24:26 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/05 10:01:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaosh\Desktop\web 2.0\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/02 09:45:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand | Stopped])
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/30 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2004/03/12 00:18:56 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[1997/06/14 23:42:14 | 00,141,312 | ---- | M] () -- C:\ORANT\BIN\ONRSD80.EXE -- (OracleClientCache80 [Disabled | Stopped])
[1997/06/20 18:44:18 | 08,371,200 | ---- | M] (Oracle Corporation) -- c:\orant\bin\oracle80.exe -- (OracleServiceORCL [Disabled | Stopped])
[1997/06/05 14:29:36 | 00,005,632 | ---- | M] () -- c:\orant\bin\strtdb80.exe -- (OracleStartORCL [Disabled | Stopped])
[1997/06/17 10:16:18 | 00,124,928 | ---- | M] () -- C:\ORANT\BIN\TNSLSNR80.EXE -- (OracleTNSListener80 [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/03/12 00:19:10 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/07/20 00:41:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2005/08/31 11:12:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:56 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
[2004/03/12 00:55:20 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2004/03/12 00:45:06 | 00,101,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2004/03/12 00:55:18 | 00,273,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/03/12 00:55:16 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2004/03/12 00:55:08 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
[2006/12/27 13:20:32 | 00,046,080 | R--- | M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\filespy.sys -- (FILESpy [On_Demand | Stopped])
[2008/10/06 12:09:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/19 02:45:42 | 04,034,048 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2005/01/31 15:42:46 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
[2004/03/12 00:44:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
[2004/03/12 00:55:12 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/03/12 00:55:06 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
[2004/03/11 22:48:04 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
[2005/01/31 15:50:04 | 00,211,712 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2004/03/12 00:28:58 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\regspy.sys -- (REGSpy [On_Demand | Stopped])
[2004/03/12 00:55:20 | 00,059,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Stopped])
[2004/03/11 23:43:50 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
[2006/11/17 19:45:32 | 00,009,006 | ---- | M] (ZD Soft) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys -- (scrcap [On_Demand | Running])
[2004/02/23 08:00:56 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/12 00:55:08 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
[2007/07/24 10:21:44 | 10,394,624 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\DRIVERS\snp325.sys -- (SNP325 [On_Demand | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/03/12 00:55:06 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2004/03/12 00:53:14 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/03/11 22:53:54 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/03/11 22:53:52 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand | Running])
[2004/03/12 00:55:10 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])
[2006/08/24 05:59:58 | 00,391,836 | R--- | M] (ZSMC Corporation) -- C:\WINDOWS\System32\Drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"CameraFixer"=C:\WINDOWS\CameraFixer.exe ()
"FixCamera"=C:\WINDOWS\FixCamera.exe ()
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"snp325"=C:\WINDOWS\vsnp325.exe ()
"tsnp325"=C:\WINDOWS\tsnp325.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()

========== (O4) Startup Folders ==========

[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [2006/11/09 15:21:54 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}: Button: Upload -- %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}: https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab -- AxSubmitControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0100860D-83F1-4850-8026-8646EF807C26} (Servers: 202.144.115.4,202.144.10.50 | Description: Realtek RTL8029(AS) PCI Ethernet Adapter)
{02178E7B-AD83-4AC2-B295-73437C555883} (Servers: | Description: )
{2A297385-B3F8-4EA2-92DB-9081E8F1285E} (Servers: | Description: )
{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2} (Servers: 202.144.115.4,202.144.10.50 | Description: D-Link DFE-520TX PCI Fast Ethernet Adapter)
{48203F0D-2BB8-4DD5-A657-4A69598639B4} (Servers: | Description: )
{5CDAD276-F417-4C57-B127-D95950E6474A} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{A368F954-D19D-40B3-AB38-86C8FE6A747E} (Servers: | Description: )
{E631B284-CF07-455B-97C5-3B47425D9926} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found.

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/10/07 15:19:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

auto []
[2007/10/23 21:21:36 | 00,000,000 | ---D | M] -- E:\auto -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun\command]
""=G:\EISetup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/10/06 12:09:51 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/06 12:09:50 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/06 12:09:50 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/06 12:09:50 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/06 12:09:50 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/06 12:09:36 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\gmer.exe
[2008/10/06 12:07:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/05 09:50:27 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/10/05 09:48:42 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\8882fa1.sys
[2008/10/05 09:45:46 | 00,000,203 | ---- | C] () -- C:\Boot.bak
[2008/10/05 09:45:44 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/05 09:45:43 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/05 09:44:28 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/10/05 09:44:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/10/05 09:44:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/05 09:44:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/05 09:44:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/05 09:44:07 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/05 09:44:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/05 09:44:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/05 09:44:07 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/10/05 09:24:36 | 00,210,936 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:18:00 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:12:49 | 02,938,977 | R--- | C] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:12:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/05 09:11:47 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/05 09:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/03 16:14:50 | 00,000,000 | -HSD | C] -- C:\FOUND.018
[2008/10/02 09:44:12 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/02 09:44:12 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/02 09:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/02 09:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/02 09:43:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/02 09:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaosh\Desktop\backups
[2008/10/02 09:18:15 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe
[2008/10/01 19:11:54 | 00,106,172 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Spinach AntiSpyware
[2008/10/01 15:52:53 | 00,119,186 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:10 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:35 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/10/01 10:26:26 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/10/01 10:26:26 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/10/01 10:26:25 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/10/01 10:26:23 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/30 14:37:07 | 00,000,165 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:17:58 | 00,318,068 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/28 22:24:46 | 00,774,144 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\War Rock.exe
[2008/09/28 16:16:15 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:40 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/24 00:39:22 | 00,000,000 | -HSD | C] -- C:\FOUND.017
[2008/09/20 18:41:18 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/16 12:32:15 | 01,435,648 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:57 | 00,000,022 | ---- | C] () -- C:\WINDOWS\RsConfig.ini
[2008/09/06 18:49:34 | 00,000,000 | R--D | C] -- C:\RavBin
[2008/09/06 18:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2008/09/06 18:46:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/10/06 12:13:48 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/06 12:12:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 12:12:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/06 12:12:04 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/06 12:11:20 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/06 12:11:14 | 06,390,206 | -H-- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\IconCache.db
[2008/10/06 12:09:52 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/06 12:09:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/06 12:09:52 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/06 12:05:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/05 09:45:48 | 00,000,273 | RHS- | M] () -- C:\boot.ini
[2008/10/05 09:33:26 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:24:38 | 00,210,936 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:23:54 | 02,938,977 | R--- | M] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:11:48 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/02 09:44:14 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/02 09:44:14 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/01 19:12:08 | 00,106,172 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:52:58 | 00,119,186 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:12 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:36 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/09/30 14:37:08 | 00,000,165 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:18:08 | 00,318,068 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/30 12:14:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/28 22:39:22 | 00,159,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/28 22:39:08 | 00,182,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/28 16:16:16 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:42 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/27 01:27:14 | 00,059,985 | ---- | M] () -- C:\deb.sbl
[2008/09/24 16:48:48 | 00,149,504 | ---- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/20 18:50:10 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/17 20:53:48 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_CV.doc
[2008/09/16 12:32:16 | 01,435,648 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:58 | 00,000,022 | ---- | M] () -- C:\WINDOWS\RsConfig.ini
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 12:51:58 | 00,023,179 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\image001.jpg
< End of report >








NOTE: My Antivir antivirus still seems to detect some trojans and viruses. Also i have noticed that there is a phony iexplorer.exe which loads up whenever my antivir detects such a trojan. Thanks for helping.




Regards,
Jaosh

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 06 October 2008 - 10:41 AM

Hello Jaosh.

This infection is known to constantly download new ones. Please install SpyBot to prevent this from happening.
Link: Spybot - Search & Destroy - Tutorial

After installing, update the software and database, but do not run a scan yet.

At this point, disconnect your computer from the Internet. Save the CFScript before hand, and the rest of the instructions onto a Word document.
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.


Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    Rootkit::
    C:\WINDOWS\system32\8882fa1.sys
    C:\WINDOWS\system32\drivers\nvmini.sys
    C:\WINDOWS\linkinfo.dll
    
    Driver::
    nvmini
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

At this time, re-enable TeaTimer by reversing the steps we took to disable it and reconnect to the Internet.


Post back with:
-the ComboFix log
-a new GMER log
-a new HijackThis log

With Regards,
The Panda

#9 jaosh

jaosh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 October 2008 - 01:19 PM

Hey Panda..thanks a lot for your help.

Here are all my logs

***COMBOFIX LOG***

ComboFix 08-10-04.07 - Jaosh 2008-10-06 22:30:42.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.143 [GMT 5.5:30]
Running from: C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jaosh\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jaosh\Desktop\jaosh\auto\Desktop_.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_nvmini


((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-06 22:16 . 2008-10-06 22:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-06 22:16 . 2008-10-06 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-06 12:09 . 2008-10-06 12:13 345 --a------ C:\WINDOWS\gmer.ini
2008-10-05 09:11 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\ERUNT
2008-10-03 16:14 . 2008-10-03 16:14 <DIR> d--hs---- C:\FOUND.018
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Free Download Manager
2008-10-01 16:21 . 2008-10-01 16:21 <DIR> d-------- C:\Program Files\Google
2008-10-01 15:57 . 2008-10-01 15:57 <DIR> d-------- C:\Program Files\Spinach AntiSpyware
2008-10-01 15:28 . 2008-10-01 15:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Program Files\Avira
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-24 00:39 . 2008-09-24 00:39 <DIR> d--hs---- C:\FOUND.017
2008-09-16 11:18 . 2008-09-16 11:18 22 --a------ C:\WINDOWS\RsConfig.ini
2008-09-06 18:49 . 2008-09-06 18:49 <DIR> dr------- C:\RavBin
2008-09-06 18:47 . 2008-09-06 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rising
2008-09-06 18:46 . 2008-09-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:09 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-28 17:09 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-09 18:34 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 18:33 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\snp325
2008-08-12 14:16 --------- d-----w C:\Program Files\Flix
2008-08-12 13:19 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\ArcSoft
2008-08-12 13:15 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\Nikon
2008-08-12 13:13 --------- d-----w C:\Program Files\Common Files\Nikon
2008-08-11 12:52 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\EurekaLog
2008-08-11 12:14 --------- d-----w C:\Program Files\MySQL-Front
2008-08-11 12:14 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\MySQL-Front
2008-03-24 05:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-05_ 9.56.35.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\ERDNT.EXE
+ 2008-10-06 04:10:06 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000001\NTUSER.DAT
+ 2008-10-06 04:10:06 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\10-6-2008\Users\00000002\UsrClass.dat
+ 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\ERDNT.EXE
+ 2008-10-05 04:25:04 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000001\NTUSER.DAT
+ 2008-10-05 04:25:04 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-05\Users\00000002\UsrClass.dat
+ 2005-10-20 06:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-06\ERDNT.EXE
+ 2008-10-06 06:36:32 7,417,856 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-06\Users\00000001\NTUSER.DAT
+ 2008-10-06 06:36:32 180,224 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-10-06\Users\00000002\UsrClass.dat
+ 2008-10-06 06:39:52 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 15:43:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2008-10-06 06:39:52 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2004-03-11 18:48:42 17,920 ----a-w C:\WINDOWS\system32\linkinfo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-09-28 20480]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 20480]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 270336]
"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 835584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-03-12 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-03-30 2746104]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--------- 2005-09-28 10:54 20480 C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
--------- 2006-08-19 11:37 49152 C:\WINDOWS\ZSSnp211.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleTNSListener80"=2 (0x2)
"OracleStartORCL"=2 (0x2)
"OracleServiceORCL"=2 (0x2)
"OracleClientCache80"=3 (0x3)
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"=
"D:\\jdk 1.5\\bin\\java.exe"=
"D:\\jdk 1.5\\jre\\bin\\JAVA.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\instant_rails\\Apache\\Apache.exe"=
"C:\\instant_rails\\RUBY\\BIN\\ruby.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-11-17 9006]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]
S4 OracleClientCache80;OracleClientCache80;C:\ORANT\BIN\ONRSD80.EXE [1997-06-14 141312]
S4 OracleServiceORCL;OracleServiceORCL;c:\orant\bin\oracle80.exe ORCL [ ]
S4 OracleStartORCL;OracleStartORCL;c:\orant\bin\strtdb80.exe [1997-06-05 5632]
S4 OracleTNSListener80;OracleTNSListener80;C:\ORANT\BIN\TNSLSNR80.EXE [1997-06-17 124928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91633337-5614-11db-acdc-806d6172696f}]
\Shell\AutoRun\command - G:\EISetup.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 22:33:35
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-06 22:35:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-06 17:05:34
ComboFix3.txt 2008-10-05 04:27:04
ComboFix2.txt 2008-10-06 06:37:26

Pre-Run: 7,458,799,616 bytes free
Post-Run: 7,440,072,704 bytes free

172



***GMER LOG***


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-06 22:42:58
Windows 5.1.2600 Service Pack 2, v.2096


---- System - GMER 1.0.14 ----

SSDT F7B64A54 ZwCreateThread
SSDT F7B64A40 ZwOpenProcess
SSDT F7B64A45 ZwOpenThread
SSDT F7B64A4F ZwTerminateProcess
SSDT F7B64A4A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_allmul + 10A 804E50EC 4 Bytes [ 54, 4A, B6, F7 ]
.text ntoskrnl.exe!_allmul + 21E 804E5200 4 Bytes [ 40, 4A, B6, F7 ]
.text ntoskrnl.exe!_allmul + 236 804E5218 4 Bytes [ 45, 4A, B6, F7 ]
.text ntoskrnl.exe!_allmul + 43A 804E541C 4 Bytes [ 4F, 4A, B6, F7 ]
.text ntoskrnl.exe!_allmul + 48A 804E546C 4 Bytes [ 4A, 4A, B6, F7 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001583b3cffa
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3cffa
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b3cffa
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x75 0x8D 0xB6 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Model 134
Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@Therad 31
Reg HKLM\SOFTWARE\Classes\CLSID\{6589f8ac-ae58-45e4-95bb-20c4815715f8}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\5\7\9\0@NodeSlot 264

---- EOF - GMER 1.0.14 ----



***HIJACKTHIS LOG***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:56 PM, on 10/6/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O17 - HKLM\System\CS3\Services\Tcpip\..\{0100860D-83F1-4850-8026-8646EF807C26}: NameServer = 202.144.115.4,202.144.10.50
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7499 bytes




Thanks again

Regards,
Jaosh


#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 07 October 2008 - 07:10 AM

Hello Jaosh. Looking much better.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine. Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

Install Firewall
Please now install a third-party firewall from the following selection of excellent programsThe main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop programs (possibly ones that could intrude your privacy) from sending outgoing signals to the Internet or to other networks. You can read this article for more.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

If you get warning from your security programs while running this scan, allow anything asked, otherwise ignore them.

This scanner will only scan. It does not remove any malware it finds.



Please post back with:
-the Kaspersky log
-a new OTViewIt log (link if you lost it)

Please tell me how your computer is running now. Does your antivirus detect anything other than cookies?

With Regards,
The Panda

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 09 October 2008 - 06:57 AM

Hello Jaosh.

Do you will need help?

With Regards,
The Panda

#12 jaosh

jaosh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 09 October 2008 - 01:58 PM

Hey Panda

I'm sorry i cudn't get back to you earlier..there is just to much work.
Anyways regarding the kasperky online scanner, it just takes to much time to download and get results as my net at home keeps coming down. I would appreciate if there was any way i could download something and run it. I did create an OTView Log along with a log of my last Antivir scan last night.
Thanks again for helping me out. Just tell me if there is any way i can remove these sort of trojans in my antivir scan forever.Thanks again


****OTVIEW LOG****


OTViewIt logfile created on: 10/10/2008 12:20:48 AM - Run 3
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 67.50 Mb Available Physical Memory | 15.12% Memory free
1.03 Gb Paging File | 0.40 Gb Available in Paging File | 38.90% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.03 Gb Total Space | 5.98 Gb Free Space | 31.43% Space Free | Partition Type: FAT32
Drive D: | 18.48 Gb Total Space | 11.02 Gb Free Space | 59.61% Space Free | Partition Type: FAT32
Drive E: | 18.48 Gb Total Space | 11.76 Gb Free Space | 63.61% Space Free | Partition Type: FAT32
Drive F: | 18.49 Gb Total Space | 7.01 Gb Free Space | 37.93% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MR
Current User Name: Jaosh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/10/08 19:57:26 | 00,519,936 | ---- | M] () -- D:\comodo firewall\Comodo\Firewall\cmdagent.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/10/08 11:52:32 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2004/03/12 00:19:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/07/11 16:09:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2007/04/21 09:30:54 | 00,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
[2007/05/10 13:18:10 | 00,835,584 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
[2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/10/08 19:57:26 | 01,655,552 | ---- | M] () -- D:\comodo firewall\Comodo\Firewall\cfp.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2004/03/12 00:19:06 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
[2004/03/12 05:49:10 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/09/28 22:24:26 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/04/22 09:37:00 | 00,577,536 | ---- | M] (Sify Ltd) -- C:\Program Files\Sify Broadband\BBClient.exe
[2006/04/21 20:04:00 | 00,127,085 | ---- | M] () -- C:\Program Files\Sify Broadband\BBImpSec.exe
[2008/10/05 10:01:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaosh\Desktop\web 2.0\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/30 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2004/03/12 00:18:56 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/08 19:57:26 | 00,519,936 | ---- | M] () -- D:\comodo firewall\Comodo\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[1997/06/14 23:42:14 | 00,141,312 | ---- | M] () -- C:\ORANT\BIN\ONRSD80.EXE -- (OracleClientCache80 [Disabled | Stopped])
[1997/06/20 18:44:18 | 08,371,200 | ---- | M] (Oracle Corporation) -- c:\orant\bin\oracle80.exe -- (OracleServiceORCL [Disabled | Stopped])
[1997/06/05 14:29:36 | 00,005,632 | ---- | M] () -- c:\orant\bin\strtdb80.exe -- (OracleStartORCL [Disabled | Stopped])
[1997/06/17 10:16:18 | 00,124,928 | ---- | M] () -- C:\ORANT\BIN\TNSLSNR80.EXE -- (OracleTNSListener80 [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/03/12 00:19:10 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/07/20 00:41:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2005/08/31 11:12:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:56 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
[2004/03/12 00:55:20 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2004/03/12 00:45:06 | 00,101,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2004/03/12 00:55:18 | 00,273,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/03/12 00:55:16 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2004/03/12 00:55:08 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
[2008/10/08 19:57:28 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Stopped])
[2008/10/08 19:57:28 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
[2006/12/27 13:20:32 | 00,046,080 | R--- | M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\filespy.sys -- (FILESpy [On_Demand | Stopped])
[2008/10/06 12:09:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
[2008/10/08 19:57:28 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
[2005/10/19 02:45:42 | 04,034,048 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2005/01/31 15:42:46 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
[2004/03/12 00:44:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
[2004/03/12 00:55:12 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/03/12 00:55:06 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
[2004/03/11 22:48:04 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
[2005/01/31 15:50:04 | 00,211,712 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2004/03/12 00:28:58 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\regspy.sys -- (REGSpy [On_Demand | Stopped])
[2004/03/12 00:55:20 | 00,059,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Stopped])
[2004/03/11 23:43:50 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
[2006/11/17 19:45:32 | 00,009,006 | ---- | M] (ZD Soft) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys -- (scrcap [On_Demand | Running])
[2004/02/23 08:00:56 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/12 00:55:08 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
[2007/07/24 10:21:44 | 10,394,624 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\DRIVERS\snp325.sys -- (SNP325 [On_Demand | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/03/12 00:55:06 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2004/03/12 00:53:14 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/03/11 22:53:54 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/03/11 22:53:52 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand | Running])
[2004/03/12 00:55:10 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])
[2006/08/24 05:59:58 | 00,391,836 | R--- | M] (ZSMC Corporation) -- C:\WINDOWS\System32\Drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"CameraFixer"=C:\WINDOWS\CameraFixer.exe ()
"COMODO Firewall Pro"="D:\comodo firewall\Comodo\Firewall\cfp.exe" -h ()
"FixCamera"=C:\WINDOWS\FixCamera.exe ()
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"snp325"=C:\WINDOWS\vsnp325.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"tsnp325"=C:\WINDOWS\tsnp325.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}: Button: Upload -- %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}: https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab -- AxSubmitControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0100860D-83F1-4850-8026-8646EF807C26} (Servers: 202.144.115.4,202.144.10.50 | Description: Realtek RTL8029(AS) PCI Ethernet Adapter)
{02178E7B-AD83-4AC2-B295-73437C555883} (Servers: | Description: )
{2A297385-B3F8-4EA2-92DB-9081E8F1285E} (Servers: | Description: )
{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2} (Servers: 202.144.115.4,202.144.10.50 | Description: D-Link DFE-520TX PCI Fast Ethernet Adapter)
{48203F0D-2BB8-4DD5-A657-4A69598639B4} (Servers: | Description: )
{5CDAD276-F417-4C57-B127-D95950E6474A} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{A368F954-D19D-40B3-AB38-86C8FE6A747E} (Servers: | Description: )
{E631B284-CF07-455B-97C5-3B47425D9926} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\guard32.dll
>[2008/10/08 19:57:28 | 00,143,104 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found.

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/10/07 15:19:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

auto []
[2007/10/23 21:21:36 | 00,000,000 | ---D | M] -- E:\auto -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun\command]
""=G:\EISetup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Jaosh\Application Data\*.tmp files]
[2008/10/09 22:17:33 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2008/10/09 22:17:33 | 00,318,976 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2008/10/09 22:17:32 | 00,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/10/09 22:17:32 | 00,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/10/09 22:17:32 | 00,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/10/09 22:17:32 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2008/10/09 22:17:32 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2008/10/09 22:17:32 | 00,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/10/09 22:17:32 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/10/09 22:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2008/10/09 22:17:17 | 00,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2008/10/09 22:17:17 | 00,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2008/10/09 22:17:17 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2008/10/09 22:17:17 | 00,054,784 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLAPEDec.ax
[2008/10/09 22:17:17 | 00,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2008/10/09 22:17:17 | 00,037,888 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLMPCDec.ax
[2008/10/09 22:17:16 | 00,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2008/10/09 22:17:16 | 00,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2008/10/09 22:17:16 | 00,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2008/10/09 22:17:16 | 00,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2008/10/09 22:17:16 | 00,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2008/10/09 22:17:16 | 00,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2008/10/09 22:17:16 | 00,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2008/10/09 22:17:16 | 00,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2008/10/09 22:17:16 | 00,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2008/10/09 22:17:16 | 00,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2008/10/09 22:17:07 | 00,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2008/10/09 21:55:55 | 12,228,608 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\dd1.avi
[2008/10/09 00:27:47 | 00,049,376 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081009_002744.reg
[2008/10/08 20:50:58 | 00,000,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[2008/10/08 19:57:28 | 00,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2008/10/08 19:57:28 | 00,087,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2008/10/08 19:57:28 | 00,079,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2008/10/08 19:57:28 | 00,024,208 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2008/10/08 00:34:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaosh\Application Data\Comodo
[2008/10/08 00:34:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\comodo
[2008/10/08 00:30:45 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/10/07 14:33:58 | 00,171,008 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\HeartAttack1.pps
[2008/10/06 23:41:16 | 00,000,000 | -HSD | C] -- C:\FOUND.019
[2008/10/06 22:35:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/06 22:16:48 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Spybot - Search & Destroy.lnk
[2008/10/06 22:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/06 22:16:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/06 22:14:00 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\At this point.doc
[2008/10/06 12:09:51 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/06 12:09:50 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/06 12:09:50 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/06 12:09:50 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/06 12:09:50 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/06 12:09:36 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\gmer.exe
[2008/10/05 09:50:27 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/10/05 09:45:46 | 00,000,203 | ---- | C] () -- C:\Boot.bak
[2008/10/05 09:45:44 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/05 09:45:43 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/05 09:44:28 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/10/05 09:44:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/10/05 09:44:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/05 09:44:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/05 09:44:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/05 09:44:07 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/05 09:44:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/05 09:44:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/05 09:44:07 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/10/05 09:24:36 | 00,210,936 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:18:00 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:12:49 | 02,938,977 | R--- | C] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:12:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/05 09:11:47 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/05 09:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/03 16:14:50 | 00,000,000 | -HSD | C] -- C:\FOUND.018
[2008/10/02 09:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/02 09:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/02 09:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaosh\Desktop\backups
[2008/10/02 09:18:15 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe
[2008/10/01 19:11:54 | 00,106,172 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Spinach AntiSpyware
[2008/10/01 15:52:53 | 00,119,186 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:10 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:35 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/10/01 10:26:26 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/10/01 10:26:26 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/10/01 10:26:25 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/10/01 10:26:23 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/30 14:37:07 | 00,000,165 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:17:58 | 00,318,068 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/28 22:24:46 | 00,774,144 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\War Rock.exe
[2008/09/28 16:16:15 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:40 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/24 00:39:22 | 00,000,000 | -HSD | C] -- C:\FOUND.017
[2008/09/20 18:41:18 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/16 12:32:15 | 01,435,648 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:57 | 00,000,022 | ---- | C] () -- C:\WINDOWS\RsConfig.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Jaosh\Application Data\*.tmp files]
[2008/10/09 22:20:52 | 00,149,504 | ---- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 22:07:08 | 00,001,125 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/09 21:57:00 | 12,228,608 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\dd1.avi
[2008/10/09 18:20:34 | 00,060,720 | ---- | M] () -- C:\deb.sbl
[2008/10/09 08:16:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/09 08:16:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/09 08:16:28 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/09 00:38:38 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/09 00:27:54 | 00,049,376 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081009_002744.reg
[2008/10/08 20:51:00 | 00,000,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[2008/10/08 19:57:28 | 00,143,104 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
[2008/10/08 19:57:28 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2008/10/08 19:57:28 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2008/10/08 19:57:28 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2008/10/07 14:34:12 | 00,171,008 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\HeartAttack1.pps
[2008/10/06 22:39:52 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/06 22:33:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/06 22:27:24 | 06,924,848 | -H-- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\IconCache.db
[2008/10/06 22:16:50 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Spybot - Search & Destroy.lnk
[2008/10/06 22:14:02 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\At this point.doc
[2008/10/06 12:09:52 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/06 12:09:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/06 12:09:52 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/05 09:45:48 | 00,000,273 | RHS- | M] () -- C:\boot.ini
[2008/10/05 09:33:26 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:24:38 | 00,210,936 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:23:54 | 02,938,977 | R--- | M] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:11:48 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/01 19:12:08 | 00,106,172 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:52:58 | 00,119,186 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:12 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:36 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/09/30 14:37:08 | 00,000,165 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:18:08 | 00,318,068 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/30 12:14:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/28 22:39:22 | 00,159,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/28 22:39:08 | 00,182,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/28 16:16:16 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:42 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/20 18:50:10 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/17 20:53:48 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_CV.doc
[2008/09/16 12:32:16 | 01,435,648 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:58 | 00,000,022 | ---- | M] () -- C:\WINDOWS\RsConfig.ini
< End of report >





****ANTIVIR ANTIVIRUS LOG****


Avira AntiVir Personal
Report file date: Wednesday, October 08, 2008 21:43

Scanning for 1667208 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2, v.2096) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MR

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 05:27:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 04:26:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 09:14:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 04:28:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 07:03:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 10:24:16
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 9/26/2008 05:04:12
ANTIVIR3.VDF : 7.0.7.7 311296 Bytes 10/7/2008 06:09:04
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 06:28:22
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 10/1/2008 05:06:46
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 09:14:50
AERDL.DLL : 8.1.1.2 438644 Bytes 10/1/2008 05:06:32
AEPACK.DLL : 8.1.2.3 364918 Bytes 10/1/2008 05:05:52
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 10/1/2008 05:05:30
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/1/2008 05:05:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 09:14:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/1/2008 05:04:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 05:03:22
AECORE.DLL : 8.1.1.11 172406 Bytes 10/1/2008 05:04:26
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 09:14:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 05:10:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 05:58:02
AVREP.DLL : 8.0.0.2 98344 Bytes 10/1/2008 05:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 07:56:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 04:59:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 08:57:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 13:58:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 09:19:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 08:35:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 10:18:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 10:04:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: delete
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, October 08, 2008 21:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'BBImpSec.exe' - '1' Module(s) have been scanned
Scan process 'BBClient.exe' - '1' Module(s) have been scanned
Scan process 'ping.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'VSNP325.EXE' - '1' Module(s) have been scanned
Scan process 'TSNP325.EXE' - '1' Module(s) have been scanned
Scan process 'FixCamera.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CTYN096F\gbu[1].gif
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZCL348OB\update[1].gif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was deleted!
C:\Documents and Settings\Jaosh\Local Settings\Temporary Internet Files\Content.IE5\KXAZ01E3\gbu[1].gif
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\QooBox\Quarantine\catchme2008-10-06_120333.65.zip
[0] Archive type: ZIP
--> 8882fa1.sys
[DETECTION] Is the TR/Thief.OnLineGames.tmug Trojan
--> nvmini.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.GA root kit
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\HBSO2.dll.vir
[DETECTION] Is the TR/PSW.OnlineGames.ZXX.4 Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\'
Begin scan in 'E:\'
Begin scan in 'F:\'


End of the scan: Wednesday, October 08, 2008 22:31
Used time: 47:58 Minute(s)

The scan has been done completely.

16565 Scanning directories
760630 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
760622 Files not concerned
4854 Archives were scanned
2 Warnings
5 Notes


Regards,

Jaosh


#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 09 October 2008 - 02:29 PM

Hello Jaosh. Your computer is clean of malware :thumbsup: .

Anyways regarding the kasperky online scanner, it just takes to much time to download and get results as my net at home keeps coming down. I would appreciate if there was any way i could download something and run it. I did create an OTView Log along with a log of my last Antivir scan last night.

From what I can see in the logs you gave, you are clean, so there really isn't a need to run further scans. Your Avira scan is pretty much as accurate as an online scan would be.

Uninstall ComboFix
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Run Cleanup! with OTViewIt
Let's clear out the tools we've used.
  • Double click the OTViewIt.exe icon on your desktop to start the program.
  • Click CleanUp!.
  • A pop-up box will appear asking "Begin Removal Process?". Click Yes.
  • Click Yes when asked to reboot.
Remove ERUNT Backups
You should remove all the backups that ERUNT has made. Those backups may contain old registry keys, possibly those created by malware.

Delete everything under:
C:\WINDOWS\erdnt\

ERUNT will automatically remove backups older than 30 days, so there is no need to clear that folder manually in the future.

It is a good idea to have ERUNT installed, even when you are not infected. Tasks like installing programs and changing settings, which involve working with the registry, can cause problems that can be quickly undone by reverting to a backup. However, if you with to uninstall the program, do so using Add/Remove Programs.

Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for choosing Bleeping Computer as you malware removal source. Be sure to tell your friends about us!


Do you have any further questions or concerns?

With Regards,
The Panda

#14 jaosh

jaosh
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 11 October 2008 - 06:12 AM

Hey Panda


Thanks for all your help buddy. Gonna give u a big 2 thumbs up for all the help :thumbsup:

Just one last annoying factor that keeps popping up with my antivir antivirus. Keep getting this alert

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\temp\wmsetup.dll.
Action performed: Delete file


is there anyway i can permanently delete this sort of problem???

Thanks again for all your help.

Regards,
Jaosh

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:08 AM

Posted 11 October 2008 - 08:17 AM

Hello Jaosh.

That doesn't look good. Can you please post a new log with OTViewIt?

That file is known to install other malware. If SpyBot asks for allow any changes, deny them unless you are sure that you make them (like installing a program).

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users