Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton will not load, could it be a virus


  • This topic is locked This topic is locked
61 replies to this topic

#1 tyl604

tyl604

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 22 October 2010 - 09:49 AM

Summary - Norton says I have a virus which prevents Norton Security Suite from loading and prevents Win XP updates from loading. They want to reformat the C drive. I am resisting. Forum folks, including Brodi and Queen Evie say to post it in the malware removal section, so here it is.

GMER will not run; it locks up the computer: Update from Post called "Unable to load Norton in Win XP Home Prem." 'I am following directions to post the information to the Malware Removal forum. GMER will not run to completion. The first time it ran for about a minute then I got a blue screen saying - approx - Windows was shut down to prevent damage. Bad Pool Caller. STOP: 0x000000c2, (0x00000040, 0x00000000, 0x80000000, 0x00000000)

I ran GMER again and it ran for about three minutes. Then I noticed that nothing was happening and the mouse would not respond. I had to turn the computer off with the button. But the hard drive light was completely on, not blinking, just on.

I tried opening into Safe to try to run GMER. However GMER did not show up on the desktop or in the programs. I rebooted.

This time when I tried to run GMER (after unchecking the appropriate boxes) it just locked up my computer. Hard drive full on and mouse dead. I turned the computer off with the button and rebooted.

So I guess I will post in the Malware Removal forum with the dds.txt and attach.txt file only. Not sure where to go from here.' End of other post.

I will put up the two files and hope for the best.

Appreciate any help.
DDS (Ver_10-10-21.02) - NTFSx86
Run by Owner at 9:38:17.59 on Fri 10/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.961 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M6NTF4LR\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: ALToolbarBho Class: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - c:\program files\estsoft\altoolbar\ALToolBand_114_25.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CGreenPrintPDF Object: {df96ba30-57f6-4700-8065-910ec3be9e3b} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - c:\program files\estsoft\altoolbar\ALToolBand_114_25.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ALToolBar &Search - c:\program files\estsoft\altoolbar\ALToolBandRes.dll/23/SEARCH.HTML
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {DF96BA30-57F6-4700-8065-910EC3BE9E3B}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {554099FE-3856-4d93-86B5-0024AEF63BC7} - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: {C67CCB09-8BC9-4F56-A019-BE10B941398D} = 68.94.156.1,68.94.157.1
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-18 130936]
R3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [2008-3-24 408064]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [2004-1-5 1080832]
S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]

=============== Created Last 30 ================

2010-10-22 00:31:06 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-22 00:31:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-21 15:40:40 -------- d-----w- c:\windows\LMI10.tmp
2010-10-21 15:03:33 -------- d-----w- c:\windows\LMI81C.tmp
2010-10-20 23:41:09 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-20 19:36:08 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-10-20 19:35:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 19:35:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 19:35:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 19:35:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-20 13:49:17 -------- d-----w- c:\program files\RegScrubXP
2010-10-19 16:18:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-19 16:18:16 -------- d-----w- c:\program files\NortonInstaller
2010-10-19 16:18:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-10-19 15:59:09 -------- d-----w- c:\windows\LMI792.tmp
2010-10-18 20:51:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-18 20:16:55 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 19:55:46 -------- d-----w- c:\program files\Microsoft
2010-10-18 19:55:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-18 19:51:38 -------- d-----w- c:\program files\common files\Windows Live
2010-10-18 17:23:32 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-18 17:23:23 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-18 17:23:23 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-18 17:23:12 -------- d-----w- c:\program files\common files\PC Tools
2010-10-18 17:23:11 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-18 17:23:04 -------- d-----w- c:\docume~1\owner\applic~1\PC Tools
2010-10-18 17:23:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-10-18 16:32:35 -------- d-----w- c:\windows\LMI77A.tmp
2010-10-15 15:13:29 -------- d-----w- c:\windows\LMI74B.tmp
2010-10-15 07:01:56 924432 ----a-w- c:\windows\system32\SET731.tmp
2010-10-15 07:01:51 285696 ----a-w- c:\windows\system32\SET721.tmp
2010-10-14 21:12:22 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 21:12:17 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 21:12:17 96768 ------w- c:\windows\system32\_000007_.tmp.dll
2010-10-14 21:12:17 2560 ----a-w- c:\windows\system32\SET742.tmp
2010-10-14 21:04:56 585216 ----a-w- c:\windows\system32\SET695.tmp
2010-10-14 21:04:56 2560 ----a-w- c:\windows\system32\SET697.tmp
2010-10-14 20:27:42 -------- d-----w- c:\windows\LMI6.tmp
2010-10-14 18:40:07 -------- d-----w- c:\program files\Secunia
2010-10-14 14:01:05 954368 ----a-w- c:\windows\system32\SET728.tmp
2010-10-14 13:58:19 590848 ------w- c:\windows\system32\SET7AD.tmp
2010-09-25 07:05:45 57856 ----a-w- c:\windows\system32\SET4F2.tmp
2010-09-25 07:05:40 293376 ----a-w- c:\windows\system32\SET4ED.tmp
2010-09-25 07:05:35 585216 ----a-w- c:\windows\system32\SET4E3.tmp
2010-09-25 07:05:35 2560 ----a-w- c:\windows\system32\SET4E4.tmp
2010-09-25 07:05:11 406016 ----a-w- c:\windows\system32\SET4BE.tmp
2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\SET71E.tmp
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 12:52:45 5120 ------w- c:\windows\system32\SET73C.tmp
2010-08-26 12:52:45 5120 ------w- c:\windows\system32\SET714.tmp
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-22 16:19:29 78549196 ----a-w- C:\Norton_Reg.reg
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\SETE.tmp

============= FINISH: 9:38:35.25 ===============


NB - the Ark.txt log is not attached because GMER keeps locking up my computer. I will keep trying.

One other thing. Hamluis suggested I add this problem to this thread rather than posting it in another thread: Yesterday I touched my power cord and the power went off just for an instant, enough to make my emachines t2698 reboot. After the reboot I get script against a blue background on the desktop - top left corner. The script shows over all my programs too. It says:

Zan1 V:2.70
sanuo 150 (with umlaut over u which is two dots)

It blocks the Edit box or the http: area when I type in a url or anything else as I open different programs.

How do I get rid of it or is it telling me something?

Edited by tyl604, 22 October 2010 - 01:05 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 31 October 2010 - 04:31 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 31 October 2010 - 07:21 PM

Elise - thanks for your assistance.

Unable to run RKUnhookerLE - After success with Oldtimer, I downloaded RKUnhookerLE per your instructions to the desktop; when I double clicked to get it to run I got the following messages - Error creating registry key and Error loading/opening driver. Tried three times unsuccessfully. So I do not know how to proceed with RKunhookerLE.

I was able to run Oldtimer and here are the two reports:

1. Ran Oldtimer, Scan All Users, Quick Scan. Here is the text of the OTL report:

OTL logfile created on: 10/31/2010 7:46:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 157.74 Gb Free Space | 67.74% Space Free | Partition Type: NTFS
Drive K: | 983.72 Mb Total Space | 358.97 Mb Free Space | 36.49% Space Free | Partition Type: FAT

Computer Name: OWNER-553C6D8F9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 19:44:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/10/28 16:16:31 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/24 16:53:08 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2003/09/16 16:55:36 | 001,388,648 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/31 19:44:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/28 16:16:31 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/04 01:56:58 | 000,073,796 | ---- | M] (Smart Link) [Disabled | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/09/16 16:55:36 | 001,388,648 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2009/04/15 09:17:15 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/01 17:20:40 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2006/07/07 16:23:30 | 000,408,064 | R--- | M] (Ativa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo BrantÚn) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/08/06 03:17:48 | 000,017,216 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (ax88772)
DRV - [2004/08/03 23:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 23:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 23:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 23:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 23:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 23:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 23:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/05/25 16:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 16:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/04/02 16:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2004/01/29 02:45:50 | 000,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2004/01/05 11:01:20 | 001,080,832 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpusbwdm.sys -- (hpusbwdm)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pfc.sys -- (pfc)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/24 03:21:00 | 000,082,784 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/03/26 12:43:34 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [1998/05/07 12:28:28 | 000,071,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A4S2600.SYS -- (A4S2600)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1935655697-879983540-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/04/16 17:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2009/04/16 17:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_114_25.dll (ESTsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (CGreenPrintPDF Object) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll (GreenPrint Technologies)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_114_25.dll (ESTsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1005\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKU\S-1-5-21-1935655697-879983540-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-879983540-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: ALToolBar &Search - C:\Program Files\ESTsoft\ALToolBar\ALToolBandRes.dll (ESTsoft Corporation)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll (GreenPrint Technologies)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.13/TSWeb.cab (Reg Error: Value error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 15:13:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 19:44:15 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/28 11:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Land Rover inspection
[2010/10/26 21:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Canon printer driver 2010
[2010/10/26 15:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Multiple scan test
[2010/10/25 10:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Rental House
[2010/10/22 10:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/10/21 11:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI10.tmp
[2010/10/21 11:03:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI81C.tmp
[2010/10/21 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My eBooks
[2010/10/20 19:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/10/20 15:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/20 15:35:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/20 15:35:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/20 15:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 15:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/20 09:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\RegScrubXP
[2010/10/19 12:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/10/19 12:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/19 12:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/10/19 11:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI792.tmp
[2010/10/18 17:22:00 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2011_1136_cnet.exe
[2010/10/18 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/18 16:16:55 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/10/18 15:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/10/18 15:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/18 15:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/10/18 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/10/18 15:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/10/18 13:23:32 | 000,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/10/18 13:23:23 | 000,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/10/18 13:23:23 | 000,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/10/18 13:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/10/18 13:23:11 | 000,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/10/18 13:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/10/18 13:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/10/18 13:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/10/18 12:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI77A.tmp
[2010/10/15 11:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI74B.tmp
[2010/10/14 16:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI6.tmp
[2010/10/14 15:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/10/14 14:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2008/03/24 14:36:37 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 19:44:18 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/10/31 19:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 14:14:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/29 11:28:00 | 000,001,287 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/10/29 11:27:27 | 000,005,589 | ---- | M] () -- C:\WINDOWS\ORG2.INI
[2010/10/28 16:29:11 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pep Boys Coupon.doc
[2010/10/28 16:26:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2010/10/28 16:19:51 | 000,069,172 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pep Boys coupon.jpg
[2010/10/28 16:19:50 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\spacer.gif
[2010/10/28 16:17:27 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/10/28 10:37:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 10:37:54 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/10/28 10:37:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 10:37:39 | 1543,032,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 10:03:33 | 001,552,712 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OutOfAreaExtensionApplication_student.pdf
[2010/10/26 15:31:29 | 001,792,529 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\House sales comps 2010 Ptree Btl.pdf
[2010/10/26 10:38:45 | 003,809,792 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ML Office.OR2
[2010/10/25 10:16:15 | 000,036,769 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AT_Resume_2010.pdf
[2010/10/22 10:04:45 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/10/22 09:42:11 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/10/22 09:30:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/10/22 08:57:29 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/21 20:24:16 | 000,001,037 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Account.atomsvc
[2010/10/21 15:55:40 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\App for Solomon Edwards.doc
[2010/10/21 12:24:35 | 415,614,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SOS_NBRT_TT.iso
[2010/10/21 11:51:49 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NPE.ctl
[2010/10/21 11:25:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 10:28:11 | 000,036,769 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AT Resume 2010.pdf
[2010/10/20 15:35:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 09:49:18 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RegScrubXP.lnk
[2010/10/20 09:02:29 | 000,834,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VISACHGcurrent.XLS
[2010/10/19 15:40:53 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Bleepingcomputer question on WinXP Oct 2010.doc
[2010/10/19 12:02:25 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/10/18 17:22:17 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2011_1136_cnet.exe
[2010/10/18 13:36:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/18 13:02:59 | 000,000,758 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/15 11:23:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mailmark.ini
[2010/10/15 11:23:54 | 000,000,052 | ---- | M] () -- C:\WINDOWS\watch.ini
[2010/10/15 11:16:18 | 079,706,746 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Regbackup.reg
[2010/10/14 17:20:37 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/10/14 17:19:06 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2010/10/14 17:12:00 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 14:49:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/14 14:28:41 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Glary Utilities.lnk
[2010/10/14 10:04:43 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\New_FDIC_Expense__Reimbursement_Oct_8,_2010.xls
[2010/10/13 09:10:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AT_Resume_Sept_2010_Word.doc
[2010/10/02 03:03:12 | 000,397,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/02 03:03:12 | 000,059,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 16:29:11 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pep Boys Coupon.doc
[2010/10/28 16:23:17 | 000,069,172 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pep Boys coupon.jpg
[2010/10/28 16:21:44 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\spacer.gif
[2010/10/28 10:03:33 | 001,552,712 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OutOfAreaExtensionApplication_student.pdf
[2010/10/26 15:31:29 | 001,792,529 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\House sales comps 2010 Ptree Btl.pdf
[2010/10/25 10:16:15 | 000,036,769 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AT_Resume_2010.pdf
[2010/10/22 10:19:58 | 1543,032,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/22 10:04:40 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/10/22 09:42:11 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/10/22 09:30:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/10/21 12:24:25 | 415,614,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SOS_NBRT_TT.iso
[2010/10/21 11:51:49 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NPE.ctl
[2010/10/21 11:22:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 11:00:21 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\App for Solomon Edwards.doc
[2010/10/21 10:27:57 | 000,036,769 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AT Resume 2010.pdf
[2010/10/20 15:35:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 09:49:18 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RegScrubXP.lnk
[2010/10/19 15:37:08 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Bleepingcomputer question on WinXP Oct 2010.doc
[2010/10/15 11:25:19 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Account.atomsvc
[2010/10/15 11:16:12 | 079,706,746 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Regbackup.reg
[2010/10/14 17:20:37 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/10/14 14:49:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/14 10:04:41 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\New_FDIC_Expense__Reimbursement_Oct_8,_2010.xls
[2010/10/13 09:09:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AT_Resume_Sept_2010_Word.doc
[2010/08/20 13:17:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/10/21 14:46:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/09/23 15:17:38 | 000,017,296 | ---- | C] () -- C:\WINDOWS\System32\gpmon.dll
[2009/07/22 14:52:25 | 000,007,378 | ---- | C] () -- C:\WINDOWS\_000004_.tmp.dll
[2009/07/22 14:52:24 | 000,010,782 | ---- | C] () -- C:\WINDOWS\_000005_.tmp.dll
[2009/07/13 15:31:33 | 000,000,758 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/16 17:43:41 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Smiley.ico
[2008/05/09 16:13:56 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\setup.txt
[2008/05/06 11:55:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/11 11:41:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2008/03/31 18:52:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/03/27 16:04:37 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008/03/27 16:04:34 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008/03/27 16:04:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008/03/26 10:43:41 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/03/26 10:42:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/03/26 10:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/03/26 10:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/03/25 10:22:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2008/03/25 10:22:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2008/03/25 10:22:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2008/03/25 10:22:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2008/03/24 19:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/03/24 19:45:05 | 000,001,676 | ---- | C] () -- C:\WINDOWS\EXCEL5.INI
[2008/03/24 19:45:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\msquery.ini
[2008/03/24 19:12:54 | 000,001,287 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/03/24 19:12:53 | 000,000,699 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2008/03/24 19:10:29 | 000,000,753 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008/03/24 19:09:34 | 000,000,160 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2008/03/24 19:09:29 | 000,000,513 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/24 19:09:21 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL
[2008/03/24 19:09:21 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2008/03/24 19:09:21 | 000,000,081 | ---- | C] () -- C:\WINDOWS\TB96.INI
[2008/03/24 19:09:20 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2008/03/24 19:08:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mailmark.ini
[2008/03/24 19:08:46 | 000,000,052 | ---- | C] () -- C:\WINDOWS\watch.ini
[2008/03/24 19:08:25 | 000,001,901 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2008/03/24 19:08:25 | 000,001,716 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2008/03/24 19:08:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2008/03/24 19:08:23 | 000,000,587 | ---- | C] () -- C:\WINDOWS\moffice.ini
[2008/03/24 19:08:22 | 000,071,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\A4S2600.SYS
[2008/03/24 19:08:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\S2600.INI
[2008/03/24 19:06:51 | 000,000,306 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/03/24 19:06:51 | 000,000,145 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/03/24 19:06:51 | 000,000,121 | ---- | C] () -- C:\WINDOWS\ODBCISAM.INI
[2008/03/24 19:06:50 | 000,005,589 | ---- | C] () -- C:\WINDOWS\ORG2.INI
[2008/03/24 19:06:49 | 000,001,684 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/24 16:55:14 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/24 14:36:37 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2008/03/24 14:36:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2008/03/24 14:36:37 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2008/03/24 14:36:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2008/03/24 10:04:36 | 000,005,406 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/01/20 19:53:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 11:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/22 12:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrain_Norton\Application Data\2Wire
[2009/11/12 14:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2Wire
[2009/05/12 15:56:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/18 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/05/01 13:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/03 16:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/10/27 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/18 13:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/15 09:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/25 12:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/27 17:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/12 14:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\2Wire
[2008/09/01 14:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
[2009/04/30 13:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bidgood Svcs
[2009/12/07 17:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/03/16 10:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2009/08/24 22:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2008/10/31 12:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ieSpell
[2009/07/29 15:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/06/30 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2009/10/27 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2009/01/21 11:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/04/23 16:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/04/07 15:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2009/10/14 13:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YouSendIt
[2010/10/28 10:37:54 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >





Here is the report called Extras. txt:

OTL Extras logfile created on: 10/31/2010 7:46:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 157.74 Gb Free Space | 67.74% Space Free | Partition Type: NTFS
Drive K: | 983.72 Mb Total Space | 358.97 Mb Free Space | 36.49% Space Free | Partition Type: FAT

Computer Name: OWNER-553C6D8F9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)
"C:\WINDOWS\LMI77A.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI77A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{121CD452-53B9-45AC-AEBC-B6C221DD135B}" = muvee autoProducer DVD Edition - HPC
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2E42C207-47A7-45C8-805C-5EF9AF4BD5A7}" = GreenPrint World
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DCB4E1D9-B187-4B54-971E-1478485C9A53}" = Live Mesh
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6B252D4-39FF-4A76-8E34-DF86DB0C5149}" = HP DC3000
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML
"7-Zip" = 7-Zip 9.04 beta
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALToolBar_is1" = ALToolbar
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"America Online us" = America Online (Choose which version to remove)
"Ask Toolbar_is1" = Foxit Toolbar
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP4b.DLL" = Canon i850
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cars_is1" = Cars 1.7
"CSCLIB" = Canon Camera Support Core Library
"DAO 3.5" = DAO 3.5
"Defraggler" = Defraggler (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 2.1.0.9 by MixMeister
"FileCD" = NTI FileCD
"FileZilla Client" = FileZilla Client 3.1.3.1
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities 2.28.0.1011
"Google Desktop" = Google Desktop
"hp deskjet 656c series" = hp deskjet 656c series (Remove only)
"HP DVD" = HP DVD Movie Writer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{1BA3FFE3-B30C-497E-8F83-1A4D6BD9041F}" = Ativa Wireless USB Utility
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"iPhoto Plus 4" = iPhoto Plus 4
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 3.5
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NTI Backup NOW! Deluxe" = NTI Backup NOW! Deluxe
"NTI CD-Maker 2000 Plus" = NTI CD-Maker 2000 Plus
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoShow Express 4" = PhotoShow Express 4
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Picture Resize_is1" = Free Picture Resize Starter 4.5
"Quicken Basic 99" = Quicken Basic 99
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RegScrubXP_is1" = RegScrubXP 3.25
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Remove Empty Directories" = Remove Empty Directories 2.1
"Revo Uninstaller" = Revo Uninstaller 1.88
"Secunia PSI" = Secunia PSI
"SLAMRNTV" = Smart Link 56K Voice Modem
"Spin It Again" = Spin It Again
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TextBridge Classic" = TextBridge Classic
"TightVNC_is1" = TightVNC 1.3.10
"UBCD4Win_is1" = UBCD4Win 3.12
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF2_32'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WCF'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_1'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WF'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WF_32'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF2'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'XPS'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WCS'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

Error - 10/31/2010 3:01:03 AM | Computer Name = OWNER-553C6D8F9 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other_32'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\dd_NET_Framework30_Setup4F74.txt.

[ System Events ]
Error - 10/26/2010 8:23:12 PM | Computer Name = OWNER-553C6D8F9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 10/27/2010 3:01:38 AM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/27/2010 9:09:45 PM | Computer Name = OWNER-553C6D8F9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 10/28/2010 3:01:24 AM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/28/2010 11:41:44 AM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/29/2010 3:01:21 AM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/29/2010 1:41:13 PM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/29/2010 2:16:16 PM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/30/2010 3:01:30 AM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 10/31/2010 3:01:26 AM | Computer Name = OWNER-553C6D8F9 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.


< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 01 November 2010 - 04:24 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 01 November 2010 - 09:39 AM

Elise - here is the text:

ComboFix 10-10-31.04 - Owner 11/01/2010 10:20:49.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.796 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET1354.tmp
c:\program files\Internet Explorer\SET1355.tmp
c:\program files\Internet Explorer\SET1376.tmp
c:\program files\Internet Explorer\SET1377.tmp
c:\program files\Internet Explorer\SET1D1.tmp
c:\program files\Internet Explorer\SET1D2.tmp
c:\program files\Internet Explorer\SET1F5.tmp
c:\program files\Internet Explorer\SET1F6.tmp
c:\program files\Internet Explorer\SET216.tmp
c:\program files\Internet Explorer\SET217.tmp
c:\program files\Internet Explorer\SET22A.tmp
c:\program files\Internet Explorer\SET22B.tmp
c:\program files\Internet Explorer\SET34D.tmp
c:\program files\Internet Explorer\SET34E.tmp
c:\program files\Internet Explorer\SET36E.tmp
c:\program files\Internet Explorer\SET36F.tmp
c:\program files\Internet Explorer\SET3BE.tmp
c:\program files\Internet Explorer\SET3BF.tmp
c:\program files\Internet Explorer\SET3E5.tmp
c:\program files\Internet Explorer\SET3E6.tmp
c:\program files\Internet Explorer\SET4D.tmp
c:\program files\Internet Explorer\SET4E.tmp
c:\program files\Internet Explorer\SET6B3.tmp
c:\program files\Internet Explorer\SET6B4.tmp
c:\program files\Internet Explorer\SET6DE.tmp
c:\program files\Internet Explorer\SET6DF.tmp
c:\windows\_000005_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-10-31 23:56 . 2010-11-01 00:25 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-10-22 00:31 . 2010-10-22 00:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-21 15:40 . 2010-10-22 00:30 -------- d-----w- c:\windows\LMI10.tmp
2010-10-21 15:14 . 2010-10-22 00:30 -------- d-s---w- c:\documents and settings\Administrator
2010-10-21 15:03 . 2010-10-22 00:30 -------- d-----w- c:\windows\LMI81C.tmp
2010-10-20 23:41 . 2010-10-20 23:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-20 19:36 . 2010-10-20 19:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-20 19:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 19:35 . 2010-10-20 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 19:35 . 2010-10-20 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 19:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 13:49 . 2010-10-20 13:51 -------- d-----w- c:\program files\RegScrubXP
2010-10-19 16:18 . 2010-10-21 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-19 16:18 . 2010-10-20 23:42 -------- d-----w- c:\program files\NortonInstaller
2010-10-19 15:59 . 2010-10-19 16:25 -------- d-----w- c:\windows\LMI792.tmp
2010-10-18 20:51 . 2010-10-18 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-18 20:16 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Microsoft
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Windows Live
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-18 19:51 . 2010-10-18 19:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-18 17:23 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-18 17:23 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-18 17:23 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-18 17:23 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-10-18 16:32 . 2010-10-18 19:38 -------- d-----w- c:\windows\LMI77A.tmp
2010-10-15 15:13 . 2010-10-15 16:03 -------- d-----w- c:\windows\LMI74B.tmp
2010-10-15 07:01 . 2006-02-28 12:00 924432 ----a-w- c:\windows\system32\SET731.tmp
2010-10-15 07:01 . 2008-04-14 00:09 285696 ----a-w- c:\windows\system32\SET721.tmp
2010-10-14 21:12 . 2010-08-26 13:39 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 21:12 . 2010-08-27 05:57 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 21:12 . 2008-05-03 11:55 2560 ----a-w- c:\windows\system32\SET742.tmp
2010-10-14 21:04 . 2009-04-15 14:51 585216 ----a-w- c:\windows\system32\SET695.tmp
2010-10-14 21:04 . 2008-05-03 11:55 2560 ----a-w- c:\windows\system32\SET697.tmp
2010-10-14 20:27 . 2010-10-15 15:23 -------- d-----w- c:\windows\LMI6.tmp
2010-10-14 19:26 . 2010-10-14 19:26 -------- d-----w- c:\program files\NOS
2010-10-14 18:40 . 2010-10-14 18:40 -------- d-----w- c:\program files\Secunia
2010-10-14 14:01 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\SET728.tmp
2010-10-14 13:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\SET7AD.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2010-09-01 11:51 285824 ----a-w- c:\windows\system32\SET71E.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET7F7.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET7EA.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET7E2.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET7CC.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET7A7.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET77E.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET779.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET76D.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET74C.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET741.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET720.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET6F9.tmp
2010-09-01 11:51 . 2010-09-01 11:51 285824 ------w- c:\windows\system32\SET6E5.tmp
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 12:52 . 2010-08-26 12:52 5120 ------w- c:\windows\system32\SET73C.tmp
2010-08-26 12:52 . 2010-08-26 12:52 5120 ------w- c:\windows\system32\SET714.tmp
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-22 16:19 . 2010-08-22 16:19 78549196 ----a-w- C:\Norton_Reg.reg
2010-08-17 13:17 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\SET4EF.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7D4.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7CB.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7B8.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7B6.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET786.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET765.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET763.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET756.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET736.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET72B.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET71D.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6FC.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6FB.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6D7.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6C8.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET696.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET687.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET674.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET66D.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET64C.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET63E.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET627.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET608.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET5EE.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET5C8.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET5B3.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET591.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET579.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET559.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET546.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET520.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET516.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET4F4.tmp
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53 . 2009-04-16 13:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-28 30192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-4-15 36954]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI (RC1).lnk]
backup=c:\windows\pss\Secunia PSI (RC1).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Wire Wireless Manager]
2007-10-01 21:56 61440 ----a-w- c:\program files\2Wire Wireless Manager\2Wire.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-28 20:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPPrinterNotify]
2009-01-23 20:48 599968 ----a-w- c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2002-12-17 15:40 49152 ------r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoeMonitor.exe]
2009-11-20 17:54 1315152 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-24 20:53 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SLService"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-110309-193829"=3 (0x3)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/18/2010 1:23 PM 130936]
R3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [3/24/2008 9:04 PM 408064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/15/2010 4:41 PM 30192]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [1/5/2004 11:01 AM 1080832]
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-25 14:32]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 16:43]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ALToolBar &Search - c:\program files\ESTsoft\ALToolBar\ALToolBandRes.dll/23/SEARCH.HTML
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {C67CCB09-8BC9-4F56-A019-BE10B941398D} = 68.94.156.1,68.94.157.1
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-MCODS
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 10:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{02EE9E7C-C70F-A2A0-1973-7C3971A7EB1F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\documents and settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\Bin\WLCShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-01 10:35:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-01 14:35

Pre-Run: 169,518,006,272 bytes free
Post-Run: 169,507,356,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 74ED98DC83E57991878F8B9A38444326

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 01 November 2010 - 11:47 AM

Hi, please let me know how things are running after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
File::
c:\windows\system32\SET71E.tmp
c:\windows\system32\SET7F7.tmp
c:\windows\system32\SET7EA.tmp
c:\windows\system32\SET7E2.tmp
c:\windows\system32\SET7CC.tmp
c:\windows\system32\SET7A7.tmp
c:\windows\system32\SET77E.tmp
c:\windows\system32\SET779.tmp
c:\windows\system32\SET76D.tmp
c:\windows\system32\SET74C.tmp
c:\windows\system32\SET741.tmp
c:\windows\system32\SET720.tmp
c:\windows\system32\SET6F9.tmp
c:\windows\system32\SET6E5.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 01 November 2010 - 12:53 PM

Elise - not sure everything ran properly. It said it needed to do a deeper scan; next thing I knew it had rebooted the computer and the message said make sure the computer is on the internet - however my screen showed only Bliss with not a single icon. I responded OK to the message and the reboot continued. So I do not know if it performed the deeper scan (10-15 minutes needed) or not. Here is the new ComboFix.txt.

ComboFix 10-10-31.04 - Owner 11/01/2010 13:25:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.889 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FILE ::
"c:\windows\system32\SET6E5.tmp"
"c:\windows\system32\SET6F9.tmp"
"c:\windows\system32\SET71E.tmp"
"c:\windows\system32\SET720.tmp"
"c:\windows\system32\SET741.tmp"
"c:\windows\system32\SET74C.tmp"
"c:\windows\system32\SET76D.tmp"
"c:\windows\system32\SET779.tmp"
"c:\windows\system32\SET77E.tmp"
"c:\windows\system32\SET7A7.tmp"
"c:\windows\system32\SET7CC.tmp"
"c:\windows\system32\SET7E2.tmp"
"c:\windows\system32\SET7EA.tmp"
"c:\windows\system32\SET7F7.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SET6E5.tmp
c:\windows\system32\SET6F9.tmp
c:\windows\system32\SET71E.tmp
c:\windows\system32\SET720.tmp
c:\windows\system32\SET741.tmp
c:\windows\system32\SET74C.tmp
c:\windows\system32\SET76D.tmp
c:\windows\system32\SET779.tmp
c:\windows\system32\SET77E.tmp
c:\windows\system32\SET7A7.tmp
c:\windows\system32\SET7CC.tmp
c:\windows\system32\SET7E2.tmp
c:\windows\system32\SET7EA.tmp
c:\windows\system32\SET7F7.tmp

----- File Replicators -----

c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114519.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114523.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114534.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114538.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114623.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114627.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114639.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114643.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114656.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114660.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114671.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114675.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114686.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP567\A0114690.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114702.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114706.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114719.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114723.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114734.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114738.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114750.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114754.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114766.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114770.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114783.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114787.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114798.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114802.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114813.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP568\A0114817.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114835.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114839.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114851.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114855.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114866.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114870.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114882.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114886.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114898.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114902.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114915.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114919.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114930.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114934.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114945.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP569\A0114949.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115194.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115198.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115215.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115219.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115378.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115382.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115394.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115398.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115411.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115415.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115432.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP575\A0115436.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115478.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115482.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115494.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115498.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115510.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115514.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115526.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115530.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115570.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115574.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115587.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115591.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115603.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115607.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115620.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115624.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115635.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP576\A0115639.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115931.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115935.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115947.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115951.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115962.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115966.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115978.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115982.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115995.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0115999.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116011.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116015.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116027.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116031.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116044.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116048.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116059.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP579\A0116063.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116115.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116119.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116131.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116135.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116146.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116150.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116162.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116166.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116179.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116183.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116195.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116199.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116211.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116215.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116228.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116232.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116243.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP581\A0116247.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116310.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116314.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116326.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116330.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116341.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116345.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116357.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116361.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116374.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116378.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116390.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116394.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116407.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116411.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116422.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP583\A0116426.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116480.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116484.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116502.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116506.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116517.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116521.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116533.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116537.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116554.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116555.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116562.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116566.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116578.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116582.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116595.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116599.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116615.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP585\A0116619.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116650.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116654.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116666.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116670.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116682.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116686.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116697.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116701.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116713.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116717.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116730.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116734.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116746.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116750.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116761.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116765.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116770.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116777.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116781.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116793.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116797.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116810.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116814.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116825.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP586\A0116829.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116859.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116863.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116875.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116879.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116890.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116894.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116906.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116910.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116923.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116927.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116938.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116942.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116953.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116957.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116962.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116969.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116973.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116985.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0116989.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0117002.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0117006.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0117017.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP587\A0117021.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117048.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117052.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117064.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117068.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117079.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117083.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117095.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117099.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117112.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117116.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117127.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117131.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117142.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117146.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117151.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117158.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117162.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117174.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117178.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117191.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117195.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117206.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP588\A0117210.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117236.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117240.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117252.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117256.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117267.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117271.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117287.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117291.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117304.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117308.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117319.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117323.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117334.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117338.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117343.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117350.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117354.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117366.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117370.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117383.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117387.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117398.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP589\A0117402.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117425.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117429.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117441.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117445.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117456.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117460.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117472.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117476.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117489.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117493.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117504.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117508.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117519.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117523.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117528.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117535.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117539.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117551.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117555.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117568.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117572.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117583.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP590\A0117587.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117610.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117614.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117626.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117630.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117641.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117645.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117657.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117661.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117674.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117678.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117689.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117693.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117704.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117708.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117713.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117720.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117724.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117736.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117740.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117753.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117757.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117768.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP591\A0117772.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117825.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117829.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117843.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117847.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117858.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117862.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117942.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117946.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117959.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117963.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117974.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117978.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117989.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117993.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0117998.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118005.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118009.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118021.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118025.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118038.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118042.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118053.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP592\A0118057.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118080.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118084.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118096.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118100.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118111.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118115.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118127.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118131.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118144.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118148.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118159.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118163.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118174.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118178.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118183.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118190.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118194.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118206.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118210.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118223.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118227.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118238.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP593\A0118242.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118265.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118269.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118281.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118285.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118296.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118300.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118312.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118316.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118329.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118333.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118344.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118348.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118359.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118363.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118368.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118375.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118379.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118391.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118395.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118408.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118412.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118423.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP594\A0118427.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118450.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118454.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118466.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118470.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118481.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118485.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118497.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118501.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118514.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118518.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118529.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118533.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118544.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118548.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118553.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118560.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118564.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118576.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118580.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118593.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118597.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118608.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP595\A0118612.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118635.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118639.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118651.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118655.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118666.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118670.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118682.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118686.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118699.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118703.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118714.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118718.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118729.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118733.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118738.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118745.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118749.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118761.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118765.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118778.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118782.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118793.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP596\A0118797.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118820.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118824.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118836.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118840.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118851.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118855.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118867.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118871.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118884.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118888.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118899.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118903.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118914.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118918.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118923.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118930.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118934.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118946.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118950.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118963.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118967.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118978.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP597\A0118982.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119005.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119009.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119021.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119025.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119036.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119040.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119052.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119056.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119069.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119073.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119084.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119088.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119099.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119103.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119108.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119115.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119119.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119131.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119135.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119148.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119152.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119163.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP598\A0119167.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119190.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119194.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119206.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119210.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119221.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119225.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119237.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119241.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119254.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119258.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119269.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119273.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119284.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119288.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119293.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119300.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119304.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119316.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119320.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119333.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119337.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119348.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP599\A0119352.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119375.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119379.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119391.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119395.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119406.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119410.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119422.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119426.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119439.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119443.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119454.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119458.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119469.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119473.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119478.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119485.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119489.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119501.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119505.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119518.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119522.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119533.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP600\A0119537.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119561.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119565.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119576.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119580.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119592.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119596.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119609.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119613.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119624.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119628.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119639.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119643.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119648.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119655.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119659.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119671.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119675.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119688.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119692.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119703.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP601\A0119707.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119731.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119735.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119747.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119751.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119764.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119768.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119779.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119783.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119794.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119798.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119803.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119810.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119814.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119826.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119830.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119843.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119847.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119858.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP602\A0119862.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119892.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119896.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119908.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119912.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119925.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119929.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119940.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119944.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119955.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119959.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119964.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119971.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119975.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119987.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0119991.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0120004.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0120008.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0120019.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP603\A0120023.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP604\A0120070.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP604\A0120074.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP605\A0121060.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP605\A0121064.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121306.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121310.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121361.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121365.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121383.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121387.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121392.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121404.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121408.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121420.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121424.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121442.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121446.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121461.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP613\A0121465.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121528.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121532.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121544.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121548.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121560.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121564.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121608.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121612.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121623.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121627.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121641.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121645.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121650.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121657.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121661.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121673.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121677.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121690.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121694.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121705.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121709.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121720.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP614\A0121724.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121893.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121897.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121908.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121912.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121924.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121928.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121941.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121945.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121956.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121960.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121972.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121976.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121981.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121988.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0121992.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122004.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122008.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122021.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122025.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122036.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122040.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122051.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122055.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122068.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP616\A0122072.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122091.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122095.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122106.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122110.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122122.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122126.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122139.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122143.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122154.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122158.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122170.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122174.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122179.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122186.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122190.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122202.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122206.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122219.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122223.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122234.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122238.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122249.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP617\A0122253.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122265.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122269.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122280.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122284.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122296.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122300.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122313.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122317.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122328.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122332.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122344.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122348.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122353.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122360.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122364.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122376.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122380.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122393.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122397.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122408.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122412.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122423.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP618\A0122427.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122460.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122464.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122475.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122479.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122491.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122495.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122508.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122512.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122523.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122527.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122539.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122543.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122548.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122555.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122559.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122571.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122575.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122588.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122592.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122603.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122607.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122618.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP619\A0122622.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122642.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122646.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122657.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122661.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122673.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122677.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122690.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122694.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122705.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122709.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122721.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122725.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122730.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122737.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122741.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122753.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122757.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122770.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122774.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122785.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122789.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122800.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP620\A0122804.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122829.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122833.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122844.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122848.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122860.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122864.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122877.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122881.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122892.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122896.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122908.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122912.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122917.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122924.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122928.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122940.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122944.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122957.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122961.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122972.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122976.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122987.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP623\A0122991.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123041.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123045.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123056.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123060.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123072.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123076.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123089.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123093.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123104.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123108.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123120.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123124.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123129.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123136.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123140.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123152.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123156.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123169.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123173.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123184.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123188.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123199.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP631\A0123203.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123252.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123256.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123267.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123271.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123284.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123288.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123299.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123303.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123315.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123319.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123331.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123335.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123346.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123350.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123355.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123362.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123366.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123378.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123382.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123395.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123399.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123411.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP633\A0123415.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123426.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123430.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123441.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123445.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123457.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123461.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123474.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123478.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123489.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123493.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123505.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123509.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123514.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123521.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123525.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123537.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123541.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123554.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123558.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123569.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123573.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123584.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP634\A0123588.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124146.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124150.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124161.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124165.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124178.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124182.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124197.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124201.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124212.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124216.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124229.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124233.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124238.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124245.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124249.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124261.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124265.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124278.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124282.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124295.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124299.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124310.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP635\A0124314.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124327.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124331.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124342.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124346.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124358.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124362.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124375.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124379.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124390.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124394.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124406.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124410.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124415.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124422.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124426.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124438.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124442.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124455.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124459.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124470.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124474.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124485.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP636\A0124489.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125541.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125545.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125556.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125560.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125572.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125576.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125589.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125593.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125604.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125608.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125620.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125624.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125629.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125636.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125640.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125652.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP637\A0125656.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126585.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126589.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126600.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126604.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126615.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126619.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126630.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126634.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126645.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126649.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126660.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126664.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126675.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126679.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126690.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126694.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126777.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126781.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126792.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126796.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126807.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP638\A0126811.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127150.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127154.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127164.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127168.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127180.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127184.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127198.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127202.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127212.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127216.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127228.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127232.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127237.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127243.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127247.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127258.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127262.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127274.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127278.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127290.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127294.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127304.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP639\A0127308.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127336.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127340.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127351.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127355.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127367.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127371.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127384.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127388.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127399.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127403.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127415.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127419.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127424.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127431.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127435.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127447.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127451.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127464.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127468.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127479.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127483.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127494.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP640\A0127498.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127523.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127527.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127532.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127539.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127543.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127555.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127559.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127572.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127576.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127587.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127591.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127602.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127606.exe
c:\system volume information\_restore{9D1A4C99-E141-4B32-851C-B01FBAF27868}\RP641\A0127613.exe
c:\windows\$NtUninstallKB2347290$\spoolsv.exe
c:\windows\ServicePackFiles\i386\spoolsv.exe
c:\windows\system32\spoolsv(2).exe
c:\windows\system32\spoolsv(3).exe
c:\windows\system32\spoolsv(4).exe
.
.
((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-10-31 23:56 . 2010-11-01 00:25 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2010-10-22 00:31 . 2010-10-22 00:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-21 15:40 . 2010-10-22 00:30 -------- d-----w- c:\windows\LMI10.tmp
2010-10-21 15:14 . 2010-10-22 00:30 -------- d-s---w- c:\documents and settings\Administrator
2010-10-21 15:03 . 2010-10-22 00:30 -------- d-----w- c:\windows\LMI81C.tmp
2010-10-20 23:41 . 2010-10-20 23:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-20 19:36 . 2010-10-20 19:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-20 19:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 19:35 . 2010-10-20 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 19:35 . 2010-10-20 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-20 19:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 13:49 . 2010-10-20 13:51 -------- d-----w- c:\program files\RegScrubXP
2010-10-19 16:18 . 2010-10-21 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-19 16:18 . 2010-10-20 23:42 -------- d-----w- c:\program files\NortonInstaller
2010-10-19 15:59 . 2010-10-19 16:25 -------- d-----w- c:\windows\LMI792.tmp
2010-10-18 20:51 . 2010-10-18 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-18 20:16 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Microsoft
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Windows Live
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-18 19:55 . 2010-10-18 19:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-18 19:51 . 2010-10-18 19:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-18 17:23 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-18 17:23 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-18 17:23 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-18 17:23 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-10-18 17:23 . 2010-10-18 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-10-18 17:21 . 2010-10-18 17:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-10-18 16:32 . 2010-10-18 19:38 -------- d-----w- c:\windows\LMI77A.tmp
2010-10-15 15:13 . 2010-10-15 16:03 -------- d-----w- c:\windows\LMI74B.tmp
2010-10-15 07:01 . 2006-02-28 12:00 924432 ----a-w- c:\windows\system32\SET731.tmp
2010-10-15 07:01 . 2008-04-14 00:09 285696 ----a-w- c:\windows\system32\SET721.tmp
2010-10-14 21:12 . 2010-08-26 13:39 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 21:12 . 2010-08-27 05:57 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 21:12 . 2008-05-03 11:55 2560 ----a-w- c:\windows\system32\SET742.tmp
2010-10-14 21:04 . 2009-04-15 14:51 585216 ----a-w- c:\windows\system32\SET695.tmp
2010-10-14 21:04 . 2008-05-03 11:55 2560 ----a-w- c:\windows\system32\SET697.tmp
2010-10-14 20:27 . 2010-10-15 15:23 -------- d-----w- c:\windows\LMI6.tmp
2010-10-14 19:26 . 2010-10-14 19:26 -------- d-----w- c:\program files\NOS
2010-10-14 18:40 . 2010-10-14 18:40 -------- d-----w- c:\program files\Secunia
2010-10-14 14:01 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\SET728.tmp
2010-10-14 13:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\SET7AD.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 12:52 . 2010-08-26 12:52 5120 ------w- c:\windows\system32\SET73C.tmp
2010-08-26 12:52 . 2010-08-26 12:52 5120 ------w- c:\windows\system32\SET714.tmp
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-22 16:19 . 2010-08-22 16:19 78549196 ----a-w- C:\Norton_Reg.reg
2010-08-17 13:17 . 2010-08-17 13:17 58880 ----a-w- c:\windows\system32\SET4EF.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7D4.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7CB.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7B8.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET7B6.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET786.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET765.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET763.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET756.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET736.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET72B.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET71D.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6FC.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6FB.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6D7.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET6C8.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET696.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET687.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET674.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET66D.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET64C.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET63E.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET627.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET608.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET5EE.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET5C8.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET5B3.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET591.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET579.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET559.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET546.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET520.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET516.tmp
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\SET4F4.tmp
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53 . 2009-04-16 13:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-28 30192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-4-15 36954]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
backup=c:\windows\pss\TextBridge Instant Access OCR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI (RC1).lnk]
backup=c:\windows\pss\Secunia PSI (RC1).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Wire Wireless Manager]
2007-10-01 21:56 61440 ----a-w- c:\program files\2Wire Wireless Manager\2Wire.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-28 20:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPPrinterNotify]
2009-01-23 20:48 599968 ----a-w- c:\program files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2002-12-17 15:40 49152 ------r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoeMonitor.exe]
2009-11-20 17:54 1315152 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-24 20:53 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SLService"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-110309-193829"=3 (0x3)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/18/2010 1:23 PM 130936]
R3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [3/24/2008 9:04 PM 408064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/15/2010 4:41 PM 30192]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [1/5/2004 11:01 AM 1080832]
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-25 14:32]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 16:43]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ALToolBar &Search - c:\program files\ESTsoft\ALToolBar\ALToolBandRes.dll/23/SEARCH.HTML
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {C67CCB09-8BC9-4F56-A019-BE10B941398D} = 68.94.156.1,68.94.157.1
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{02EE9E7C-C70F-A2A0-1973-7C3971A7EB1F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-01 13:32:54
ComboFix-quarantined-files.txt 2010-11-01 17:32
ComboFix2.txt 2010-11-01 14:35

Pre-Run: 169,514,795,008 bytes free
Post-Run: 169,777,213,440 bytes free

- - End Of File - - 74051EE7D57BD3ADC26E9E1792F1D5F0

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 01 November 2010 - 01:30 PM

Hello again, looks like we might be dealing with an infection that is still active.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 01 November 2010 - 04:20 PM

Elise - I ran Eset Online Scanner. It found no threat. Zero threat. If it is there, it must be hiding deep.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 02 November 2010 - 02:37 AM

Please use the Kaspersky virus removal tool and see if it finds anything.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 02 November 2010 - 10:29 AM

Elise - I ran Kaspersky. It loaded strangely. At first I got a couple of error messages saying that it would not install, I clicked OK on a couple of these messages and then it seemed to complete the install. So I wonder if my virus was smart enough to carve out a bit of Kaspersky and let the remainder install with directions not to ID my virus???

Anyway I ran Kaspersky (it ran in Safe mode) and got a message about two events. I could not get it to give me the name of the two events and I could not even verify what the two events were. In Safe mode I could not see the bottom of the Kaspersky screen - I could barely see the arrow to begin the scan - so after the scan was over I did not know what to do. I looked at and saved the report and then X'd out of Kaspersky but I asked it not to uninstall the program. The text file was saved in My Documents but when I restarted in regular Windows it was not in the My Documents folder - guess the folder for Safe and Regular must be separate. I did a search, think I found it, and copied it to the desktop. It reads:

Autoscan: completed 7 minutes ago (events: 2, objects: 264678, time: 01:03:57)
11/2/2010 10:58:52 AM Task completed
11/2/2010 9:54:55 AM Task started

Just for grins I tried to install Norton Security Suite again; bombed out as usual so I still have the problem.

Edited by tyl604, 02 November 2010 - 10:32 AM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 02 November 2010 - 12:29 PM

Besides the Norton issue, how is everything running?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 02 November 2010 - 12:46 PM

Elise - that's the funny thing. Everything is and has been running fine. However I since Comcast switched from Mcafee to Norton Security Suite (months and months ago), I have never been able to get the computer to load a virus protection program. I have never known whether I have a virus or not - but with no virus protection, it will certainly happen sooner or later. Again here are the symptoms:

Unable to load Norton Security Suite.
Unable to load AVG virus protection.
A text message now appears in the top left side of the screen - regardless of what is open. It says:

ZAN1 V:2.70
sanuo 150 (the u has two dots above which I believe is an umlaut)

The Zan message never showed until I mistakenly knocked my power cord out of the wall while running the computer; when it booted back up the message began to show. I have no idea whether this indicates a virus or only that the computer is mad that I knocked the power out.

No idea whether some virus, rootkit, etc is spying on me when I do my online banking or put my personal passwords in while using the internet. But for sure I need some virus protection and am unable to get anything to load.

Norton personnel suggested that this may be a permission issue and told me just to reformat the C drive; generally speaking that's a solution when folks really do not know what is the problem. That's why I contacted BleepingComputer.

Thanks.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,082 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:51 PM

Posted 02 November 2010 - 03:20 PM

A text message now appears in the top left side of the screen

That sounds to me more like a hardware issue. Does this already show up before windows is fully loaded?

Lets try another antivirus and see if that has issues: Try for example Avira Antivir

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:11:51 AM

Posted 02 November 2010 - 06:36 PM

Elise - the ZAN1 script appears even before Windows opens up. Never happened before I knocked out the power plug so maybe it has nothing to do with a virus.

Next - I saved AntiVir on my desktop and then clicked Run. It began to install; then I got several error messages and I thought I was toast. However after clicking X on about three error messages, AntiVir seemed to load and I got a message that it had loaded successfully. Surprisingly after AntiVir rebooted the computer, there is an AntiVir icon on the right side of the tray and it actually looks like I have installed virus protection - even after Norton and AVG would not install.

I ran AntiVir and it found 14 instances of a worm called WORM/Rbot.655092. It quarantined 14 instances of the worm. I looked in the AntiVir definitions but this worm did not appear. Maybe we are getting somewhere.

Here is the log:

Avira AntiVir Personal
Report file date: Tuesday, November 02, 2010 18:36

Scanning for 2690356 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : OWNER-553C6D8F9

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 20:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 20:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:10:06
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 20:10:06
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 20:10:06
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 20:10:06
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 20:10:06
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 20:10:06
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 20:10:06
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:10:07
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 20:10:07
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 20:38:44
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 13:35:55
VBASE018.VDF : 7.10.10.85 1536 Bytes 8/6/2010 13:35:55
VBASE019.VDF : 7.10.10.86 1536 Bytes 8/6/2010 13:35:55
VBASE020.VDF : 7.10.10.87 1536 Bytes 8/6/2010 13:35:55
VBASE021.VDF : 7.10.10.88 1536 Bytes 8/6/2010 13:35:55
VBASE022.VDF : 7.10.10.89 1536 Bytes 8/6/2010 13:35:55
VBASE023.VDF : 7.10.10.90 1536 Bytes 8/6/2010 13:35:55
VBASE024.VDF : 7.10.10.91 1536 Bytes 8/6/2010 13:35:55
VBASE025.VDF : 7.10.10.92 1536 Bytes 8/6/2010 13:35:56
VBASE026.VDF : 7.10.10.93 1536 Bytes 8/6/2010 13:35:56
VBASE027.VDF : 7.10.10.94 1536 Bytes 8/6/2010 13:35:56
VBASE028.VDF : 7.10.10.95 1536 Bytes 8/6/2010 13:35:56
VBASE029.VDF : 7.10.10.96 1536 Bytes 8/6/2010 13:35:56
VBASE030.VDF : 7.10.10.97 1536 Bytes 8/6/2010 13:35:56
VBASE031.VDF : 7.10.10.105 119296 Bytes 8/8/2010 03:09:34
Engineversion : 8.2.4.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 20:09:54
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/2/2010 20:09:54
AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 20:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 20:09:53
AERDL.DLL : 8.1.8.2 614772 Bytes 8/2/2010 20:09:53
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/6/2010 22:52:09
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 20:09:52
AEHEUR.DLL : 8.1.2.11 2834805 Bytes 8/6/2010 22:52:09
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/2/2010 20:09:49
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/6/2010 22:52:08
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 20:09:49
AECORE.DLL : 8.1.16.2 192887 Bytes 8/2/2010 20:09:49
AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 20:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 20:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 20:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 20:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 20:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 20:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 20:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 20:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 20:10:08

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, November 02, 2010 18:36

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '63' Module(s) have been scanned
Scan process 'wscntfy.exe' - '17' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'wuauclt.exe' - '44' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'acsd.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '56' Module(s) have been scanned
Scan process 'avgnt.exe' - '45' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '59' Module(s) have been scanned
Scan process 'Explorer.EXE' - '100' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '33' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '73' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1087' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6E5.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6F9.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET71E.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET720.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET741.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74C.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET76D.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET779.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET77E.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7A7.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7CC.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7E2.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7EA.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7F7.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7F7.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '4bae3978.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7EA.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '533916df.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7E2.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '01664c37.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7CC.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '675103f5.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7A7.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '22d52ecb.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET77E.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '5dce1caa.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET779.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '117630e0.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET76D.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '6d6e70b0.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74C.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '40345fe2.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET741.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '595c6478.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET720.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '35004848.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET71E.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '44b971dd.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6F9.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '4aa3411a.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6E5.tmp.vir
[DETECTION] Contains recognition pattern of the WORM/Rbot.655092 worm
[NOTE] The file was moved to the quarantine directory under the name '0f8a3858.qua'.


End of the scan: Tuesday, November 02, 2010 19:24
Used time: 47:42 Minute(s)

The scan has been done completely.

8572 Scanned directories
377596 Files were scanned
14 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
14 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
377582 Files not concerned
3536 Archives were scanned
0 Warnings
14 Notes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users