Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Laptop


  • This topic is locked This topic is locked
35 replies to this topic

#1 Zer0Man

Zer0Man

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 20 November 2010 - 06:35 AM

I've just noticed that HijackThis Logs are not to be posted in this area, could a moderator please move this post so I don't cross-post, thank you.

I'm unaware where I picked up this infection from.

My laptop will only boot in safe mode.

Below is what I've tried so far (plus results)...
AVG Command Line Scanner - Found several files which could not be scanned as they were locked.
Spybot Search & Destroy (installed) - Nothing found.
Spybot Search & Destroy (boot disk) - Nothing found.
Combofix - Removed several files and a folder, but didn't fix boot problem.
Malwarebytes' Anti-Malware - Nothing found.
Ad-Aware - Nothing found.
BitDefender Online Scanner - Found virus, but could not remove.
Panda Online Scanner - Nothing found.


Here's my HijackThis log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:13:51, on 20/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Andrew\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061114
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://configuration.adsl/
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SecureBrowsing Toolbar - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\Finjan Secure Browsing\SecureBrowsing.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\Finjan Secure Browsing\SecureBrowsing.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [TSC] "C:\DOCUME~1\Andrew\LOCALS~1\Temp\HouseCall\tsc.exe" /HD
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258200254531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258068904984
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GFI LANguard 9.0 Attendant Service (gfi_lanss9_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard 9.0\lnssatt.exe
O23 - Service: GFI ReportCenter 3.5 (GFI_ReportCenter35) - GFI Software Ltd. - C:\Program Files\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13279 bytes

Edited by elise025, 20 November 2010 - 07:34 AM.
Moved from AII to Malware Removal ~ Elise


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:04 PM

Posted 29 November 2010 - 04:13 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 30 November 2010 - 03:38 PM

I'm unable to disable my AVG 9.0 as discribed by AVG in your link as I can only boot into safe mode and the user interface doesn't operate in safe mode.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 PM

Posted 02 December 2010 - 09:12 PM

Hi Zer0Man,




Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.




Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:


    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller.txt
2.OTListIt.txt and Extra.txt Thanks

#5 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 05 December 2010 - 08:32 PM

2010/12/05 23:14:32.0250 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 23:14:32.0250 ================================================================================
2010/12/05 23:14:32.0250 SystemInfo:
2010/12/05 23:14:32.0250
2010/12/05 23:14:32.0250 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/05 23:14:32.0250 Product type: Workstation
2010/12/05 23:14:32.0250 ComputerName: ANDYLAPTOP
2010/12/05 23:14:32.0250 UserName: Andrew
2010/12/05 23:14:32.0250 Windows directory: C:\WINDOWS
2010/12/05 23:14:32.0250 System windows directory: C:\WINDOWS
2010/12/05 23:14:32.0250 Processor architecture: Intel x86
2010/12/05 23:14:32.0250 Number of processors: 2
2010/12/05 23:14:32.0250 Page size: 0x1000
2010/12/05 23:14:32.0250 Boot type: Safe boot with network
2010/12/05 23:14:32.0250 ================================================================================
2010/12/05 23:14:32.0796 Initialize success
2010/12/05 23:14:43.0437 ================================================================================
2010/12/05 23:14:43.0437 Scan started
2010/12/05 23:14:43.0437 Mode: Manual;
2010/12/05 23:14:43.0437 ================================================================================
2010/12/05 23:14:45.0296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/05 23:14:45.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/05 23:14:45.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/05 23:14:45.0484 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/05 23:14:45.0625 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/05 23:14:45.0703 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/05 23:14:45.0765 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/05 23:14:45.0843 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/05 23:14:45.0875 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/05 23:14:45.0921 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/05 23:14:46.0031 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/05 23:14:46.0171 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/05 23:14:46.0234 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/05 23:14:46.0312 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/05 23:14:46.0375 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/05 23:14:46.0421 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/05 23:14:46.0625 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/12/05 23:14:46.0703 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/05 23:14:46.0750 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/05 23:14:46.0781 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/05 23:14:46.0843 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/05 23:14:46.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/05 23:14:47.0015 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/05 23:14:47.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/05 23:14:47.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/05 23:14:47.0406 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2010/12/05 23:14:47.0484 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2010/12/05 23:14:47.0687 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/05 23:14:47.0765 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/05 23:14:47.0812 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/12/05 23:14:47.0906 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/05 23:14:47.0984 b57w2k (1ca87e228e9aed459d6439b9ace5089c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/05 23:14:48.0187 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/12/05 23:14:48.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/05 23:14:48.0359 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
2010/12/05 23:14:48.0421 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/12/05 23:14:48.0562 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/12/05 23:14:48.0734 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2010/12/05 23:14:48.0812 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/12/05 23:14:48.0859 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/12/05 23:14:48.0953 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2010/12/05 23:14:49.0031 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/05 23:14:49.0359 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/05 23:14:49.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/05 23:14:49.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/05 23:14:49.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/05 23:14:49.0578 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/05 23:14:49.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/05 23:14:49.0781 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/05 23:14:49.0828 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/05 23:14:49.0968 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/05 23:14:50.0109 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/05 23:14:50.0250 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/05 23:14:50.0281 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/05 23:14:50.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/05 23:14:50.0515 DLABOIOM (795278665264c0b13bebbd29ae86b412) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/05 23:14:50.0593 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/05 23:14:50.0656 DLADResN (5ca787a303418595294bed9b46dadfdb) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/12/05 23:14:50.0687 DLAIFS_M (b84498f23d7a9eef825a1a6123bc5854) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/05 23:14:50.0718 DLAOPIOM (97eca0ddbe0330e6bb4c79bccfebf3e4) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/05 23:14:50.0765 DLAPoolM (571d7ec728ec65a0ee7ea7e618d56a36) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/05 23:14:50.0828 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/12/05 23:14:50.0859 DLAUDFAM (248eb7b4554408a741fd6734c55a36c2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/05 23:14:50.0906 DLAUDF_M (1cfabded94431a56cfdbd783b2457e7b) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/05 23:14:51.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/05 23:14:51.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/05 23:14:51.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/05 23:14:51.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/05 23:14:51.0390 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/05 23:14:51.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/05 23:14:51.0484 DRVMCDB (d626b0037e3585c12520f1e5cd67dfde) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/05 23:14:51.0531 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/12/05 23:14:51.0578 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/05 23:14:51.0718 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/05 23:14:51.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/05 23:14:51.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/05 23:14:51.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/05 23:14:52.0046 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/05 23:14:52.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/05 23:14:52.0171 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/05 23:14:52.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/05 23:14:52.0515 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
2010/12/05 23:14:52.0625 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/05 23:14:52.0718 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/05 23:14:53.0000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/05 23:14:53.0093 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/12/05 23:14:53.0140 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/12/05 23:14:53.0218 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/05 23:14:53.0406 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/05 23:14:53.0453 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/05 23:14:53.0500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/05 23:14:53.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/05 23:14:53.0671 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/05 23:14:53.0718 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/05 23:14:53.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/05 23:14:53.0968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/05 23:14:54.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/05 23:14:54.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/05 23:14:54.0125 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/05 23:14:54.0171 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/05 23:14:54.0218 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/05 23:14:54.0281 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/05 23:14:54.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/05 23:14:54.0484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/05 23:14:54.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/05 23:14:54.0609 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/05 23:14:54.0703 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/05 23:14:54.0890 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/05 23:14:54.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/05 23:14:55.0093 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/05 23:14:55.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/05 23:14:55.0250 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/05 23:14:55.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/05 23:14:55.0375 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/05 23:14:55.0406 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/05 23:14:55.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/05 23:14:55.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/05 23:14:55.0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/05 23:14:55.0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/05 23:14:55.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/05 23:14:55.0937 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/05 23:14:56.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/05 23:14:56.0203 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/05 23:14:56.0281 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/05 23:14:56.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/05 23:14:56.0359 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/05 23:14:56.0406 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/05 23:14:56.0437 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/05 23:14:56.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/05 23:14:56.0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/05 23:14:56.0828 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/05 23:14:56.0937 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2010/12/05 23:14:56.0984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/05 23:14:57.0046 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/05 23:14:57.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/05 23:14:57.0312 nv (f238620bc9d2fdf8734948c0a4441707) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/05 23:14:57.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/05 23:14:57.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/05 23:14:57.0609 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/05 23:14:57.0703 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
2010/12/05 23:14:57.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/05 23:14:57.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/05 23:14:57.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/05 23:14:57.0906 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2010/12/05 23:14:58.0093 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/05 23:14:58.0187 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/05 23:14:58.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/05 23:14:58.0484 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/05 23:14:58.0515 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/05 23:14:58.0640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/05 23:14:58.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/05 23:14:58.0890 PSI (14e6fb92f1788982e2bbc81d915b1f02) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/12/05 23:14:58.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/05 23:14:59.0031 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/05 23:14:59.0125 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/05 23:14:59.0156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/05 23:14:59.0203 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/05 23:14:59.0234 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/05 23:14:59.0343 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/05 23:14:59.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/05 23:14:59.0500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/05 23:14:59.0546 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/05 23:14:59.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/05 23:14:59.0640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/05 23:14:59.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/05 23:14:59.0718 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/05 23:14:59.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/05 23:14:59.0937 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/05 23:15:00.0078 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/05 23:15:00.0140 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/05 23:15:00.0203 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/12/05 23:15:00.0375 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/12/05 23:15:00.0593 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/05 23:15:00.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/05 23:15:00.0765 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/05 23:15:00.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/05 23:15:00.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/05 23:15:01.0078 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/05 23:15:01.0234 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/05 23:15:01.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/05 23:15:01.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/05 23:15:01.0531 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/05 23:15:01.0671 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/05 23:15:01.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/05 23:15:01.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/05 23:15:02.0015 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/05 23:15:02.0062 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/05 23:15:02.0093 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/05 23:15:02.0125 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/05 23:15:02.0218 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/05 23:15:02.0406 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/05 23:15:02.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/05 23:15:02.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/05 23:15:02.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/05 23:15:02.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/05 23:15:02.0937 TMPassthru (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
2010/12/05 23:15:03.0000 TMPassthruMP (690acb48dac04e44a3d5e7654ca3260d) C:\WINDOWS\system32\DRIVERS\TMPassthru.sys
2010/12/05 23:15:03.0062 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/05 23:15:03.0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/05 23:15:03.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/05 23:15:03.0281 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/05 23:15:03.0515 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2010/12/05 23:15:03.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/05 23:15:03.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/05 23:15:03.0687 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/05 23:15:03.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/05 23:15:03.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/05 23:15:03.0859 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/05 23:15:04.0031 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/05 23:15:04.0093 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/05 23:15:04.0250 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/12/05 23:15:04.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/05 23:15:04.0609 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/05 23:15:04.0718 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/12/05 23:15:04.0921 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/05 23:15:05.0187 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/05 23:15:05.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/05 23:15:05.0406 ================================================================================
2010/12/05 23:15:05.0406 Scan finished
2010/12/05 23:15:05.0406 ================================================================================



OTL logfile created on: 05/12/2010 23:23:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.26 Gb Total Space | 79.04 Gb Free Space | 74.38% Space Free | Partition Type: NTFS

Computer Name: ANDYLAPTOP | User Name: Andrew | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/05 23:19:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2010/12/05 23:03:24 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/12/05 23:03:23 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
PRC - [2010/06/21 23:42:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/05 23:19:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/12/05 23:03:23 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/20 21:17:14 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/07/29 23:09:32 | 000,017,920 | ---- | M] (Fork Ltd.) [Auto | Stopped] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/07/24 14:34:46 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/21 23:42:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/09 21:02:02 | 000,329,072 | ---- | M] (GFI Software Ltd.) [Auto | Stopped] -- C:\Program Files\GFI\LANguard 9.0\lnssatt.exe -- (gfi_lanss9_attservice)
SRV - [2009/06/16 08:48:20 | 000,111,912 | ---- | M] (GFI Software Ltd.) [Auto | Stopped] -- C:\Program Files\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe -- (GFI_ReportCenter35)
SRV - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2007/08/27 15:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/12/12 13:55:50 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/08 15:41:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Andrew\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/06 17:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/21 23:42:58 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/21 23:42:37 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 00:03:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/28 11:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/04 23:43:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/10/23 22:49:57 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/10/23 22:49:57 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/10/20 18:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2007/01/31 01:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/09/21 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/09/21 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/09/21 04:20:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/21 04:20:00 | 000,026,044 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/09/21 04:20:00 | 000,015,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/09/21 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/21 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/08/18 02:30:00 | 000,089,456 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/05/24 18:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 18:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 18:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 18:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 18:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 18:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 17:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 17:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/01 09:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/26 23:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/22 02:03:00 | 003,652,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/27 17:44:24 | 000,150,528 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061114


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061114
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061114
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve
IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.orange.co.uk/"
FF - prefs.js..extensions.enabledItems: accessme@security.compass:0.2.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: CLEO@guid.customsoftwareconsult.com:4.3
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {27a03cf3-856f-46b8-91cb-7289f58c7e6e}:1.314
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13
FF - prefs.js..extensions.enabledItems: sqlime@security.compass:0.4.5
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: viralthreatlevel@serevinus.com:0.54
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: xssme@security.compass:0.4.4
FF - prefs.js..extensions.enabledItems: pagehacker-nico@nc:1.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}:1.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/20 21:18:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/01 00:16:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 22:47:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 23:27:04 | 000,000,000 | ---D | M]

[2009/12/03 22:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2010/10/10 02:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions
[2010/04/27 01:44:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/03 23:27:07 | 000,000,000 | ---D | M] (Finjan Secure Browsing) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e}
[2010/07/10 02:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2009/12/10 12:15:25 | 000,000,000 | ---D | M] (RefControl) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010/08/08 22:45:26 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/12/14 23:06:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/10/05 21:21:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/10 20:57:14 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/04/02 02:22:16 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/02/12 03:28:01 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/02/27 23:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/12/10 12:15:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/08 22:38:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/10 12:15:43 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/07 02:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/08 02:16:24 | 000,000,000 | ---D | M] (HackBar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}
[2010/05/07 01:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\accessme@security.compass
[2009/12/10 12:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\CLEO@guid.customsoftwareconsult.com
[2009/12/07 23:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/05/07 01:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\firebug@software.joehewitt.com
[2010/01/16 00:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\firecookie@janodvarko.cz
[2010/08/08 21:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\firefox@tvunetworks.com
[2010/03/09 01:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\pagehacker-nico@nc
[2009/12/10 12:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\redshift_V2@shift-themes.com
[2010/05/07 01:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\sqlime@security.compass
[2009/12/10 12:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\viralthreatlevel@serevinus.com
[2010/05/07 01:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\xq63ffn2.default\extensions\xssme@security.compass
[2010/10/10 02:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 22:28:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/24 23:30:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/24 23:30:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/24 23:30:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/24 23:30:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/22 21:53:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SecureBrowsing bho) - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\Finjan Secure Browsing\SecureBrowsing.dll (Finjan LTD)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Finjan Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\Finjan Secure Browsing\SecureBrowsing.dll (Finjan LTD)
O3 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\Toolbar\WebBrowser: (Finjan Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\Finjan Secure Browsing\SecureBrowsing.dll (Finjan LTD)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [TSC] C:\Documents and Settings\Andrew\Local Settings\temp\HouseCall\TSC.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258200254531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258068904984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 23:19:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/02 12:29:14 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
[2010/11/19 23:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/11/19 23:35:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/11/19 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/11/19 23:23:21 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/11/19 22:15:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Andrew\Desktop\HijackThis.exe
[2010/11/19 20:32:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/11/19 20:32:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/05 23:19:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/05 23:11:35 | 001,230,433 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/12/05 23:06:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew\defogger_reenable
[2010/12/05 23:05:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 23:05:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Defogger.exe
[2010/12/05 23:02:41 | 000,521,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/05 23:02:41 | 000,096,720 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/05 22:59:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/05 22:58:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
[2010/11/19 22:15:33 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Andrew\Desktop\HijackThis.exe
[2010/11/19 21:49:24 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/12 20:39:29 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 23:11:30 | 001,230,433 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/12/05 23:06:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew\defogger_reenable
[2010/12/05 23:05:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Defogger.exe
[2010/07/28 22:30:23 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\housecall.guid.cache
[2010/01/13 00:31:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\prvlcl.dat
[2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/10 00:06:57 | 000,000,687 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/03/08 03:46:47 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\A3B98DFD87.dll
[2007/01/13 07:23:50 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\87FD8DB9A3.sys
[2007/01/13 04:56:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 06:14:42 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/09 05:23:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/08 23:56:57 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2006/12/04 23:38:06 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/04 00:41:06 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/03 23:55:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2006/11/14 09:06:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/14 08:59:07 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/11/14 08:54:27 | 000,000,442 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/14 08:47:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 08:41:54 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/14 08:16:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/14 08:16:36 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/14 08:16:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/14 08:16:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/14 08:16:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/14 08:16:16 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/14 08:16:12 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 18:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/05 08:34:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/10/23 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/14 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2007/02/23 00:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/10/10 22:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/14 08:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/01 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/07 23:11:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2007/07/08 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Aptana
[2009/11/18 00:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AVG9
[2008/12/05 07:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/03/07 01:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Eltima Software
[2009/07/15 00:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Finjan
[2010/06/27 23:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ICQ
[2006/12/09 06:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ICQLite
[2006/12/16 00:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2008/07/13 00:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\X-Chat 2
[2009/08/29 01:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/12/05 23:05:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/22 22:00:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1331D863-5176-4CD6-B24F-C8564AC473A9}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/19 21:49:24 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >



OTL Extras logfile created on: 05/12/2010 23:23:35 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.26 Gb Total Space | 79.04 Gb Free Space | 74.38% Space Free | Partition Type: NTFS

Computer Name: ANDYLAPTOP | User Name: Andrew | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 21
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{38496EC2-78B7-412A-9398-FC6B7DB8E182}" = Orange Preload
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F67FD4A-380F-4081-A506-1D2C0091A93E}" = GFI LANguard 9.0 ReportPack
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{722C2EC9-745F-44EA-A119-D548DB55A3B0}" = GFI ReportCenter Framework
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AD2EA30-5049-11D4-A08E-0080AD97BBF5}" = DJ Java Decompiler v.3.9.9.91
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE19707-CF6D-4819-9574-3DFD568960FA}" = GFI LANguard 9.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBF90128-9B0A-41B4-98E0-8D20B7606160}" = Sophos Windows Shortcut Exploit Protection Tool
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG 9.0
"Belarc Advisor" = Belarc Advisor 8.1
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DellSupport" = Dell Support 5.0.0 (630)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Finjan Secure Browsing" = Finjan Secure Browsing
"Flash Decompiler_is1" = Flash Decompiler
"FlexiMusic Wave Editor_is1" = FlexiMusic Wave Editor
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CBE19707-CF6D-4819-9574-3DFD568960FA}" = GFI LANguard 9.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetTools_is1" = NetTools 5.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Privacy Mantra 3.00" = Privacy Mantra 3.00
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SearchAssist" = SearchAssist
"Secunia PSI" = Secunia PSI
"SopCast" = SopCast 3.2.9
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.3.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3425880183-2744943636-806508281-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9a6486b569d4c070" = Gogglebox TV 2008

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2010 21:15:39 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\a48e15c.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:39 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\a48e15c.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:39 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\51bdf1e.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:39 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\51bdf1e.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:39 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\122e3.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:39 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\122e3.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:40 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\4e906f7.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:40 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\4e906f7.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:40 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\122ed.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 19/11/2010 21:15:40 | Computer Name = ANDYLAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\122ed.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

[ System Events ]
Error - 22/10/2010 17:33:59 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 22/10/2010 17:40:04 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 22/10/2010 17:42:32 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 22/10/2010 17:56:12 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19/11/2010 16:28:01 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19/11/2010 16:28:48 | Computer Name = ANDYLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV AvgLdx86 AvgMfx86 BANTExt Fips intelppm

Error - 19/11/2010 19:23:23 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 21/11/2010 16:22:43 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/12/2010 18:59:22 | Computer Name = ANDYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/12/2010 18:59:57 | Computer Name = ANDYLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV AvgLdx86 AvgMfx86 BANTExt Fips intelppm


< End of report >

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 PM

Posted 05 December 2010 - 10:17 PM

Hi Zer0Man,




BitDefender Online Scanner - Found virus, but could not remove.

Can you post that log? or tell me which file can't be removed. Please uninstall AVG via Add/Remove Programs for temporarily and also run the AVG remover from Here . Reboot normally. Do you have Windows Install CD handy?


Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    O3 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3425880183-2744943636-806508281-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2010/12/05 23:02:41 | 000,521,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/05 23:02:41 | 000,096,720 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2007/03/08 03:46:47 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\A3B98DFD87.dll
    [2007/01/13 07:23:50 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\87FD8DB9A3.sys
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

In your nex reply, please post back:

1.OTL delete log.

Let me know how things went.

#7 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 05 December 2010 - 11:16 PM

Can't find the BitDefender Online Scanner log, but if I remember right it's the rainbow file within Cain that BitDefender Online Scanner said was infected.

The OTL report didn't open after the re-boot, in safe mode (with networking) at the moment, didn't try booting into normal mode.

I don't have a Windows install CD, only a Dell restore CD.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 PM

Posted 05 December 2010 - 11:29 PM

Hi Zer0Man,



Did you uninstall AVG completely? and Had you experienced any blue screen? At what point you can't boot into normal mode? Can you post the ComboFix log if still available? Locat it at C:\Combofix.txt

#9 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 05 December 2010 - 11:58 PM

Found the OTL log...
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKU\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3425880183-2744943636-806508281-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
C:\WINDOWS\system32\A3B98DFD87.dll moved successfully.
C:\WINDOWS\system32\87FD8DB9A3.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Andrew
->Temp folder emptied: 94145750 bytes
->Temporary Internet Files folder emptied: 71887986 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 40858263 bytes
->Flash cache emptied: 63256 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2243949 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 284915 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 200.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Andrew
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12062010_015615


Combofix log...
2010-10-22 21:54:16 . 2010-10-22 21:54:16 1,236 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{7B63B2922B174135AFC0E1377DD81EC2}.reg.dat
2010-10-22 21:54:16 . 2010-10-22 21:54:16 610 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-VirusTotalUploader.reg.dat
2010-10-22 21:54:16 . 2010-10-22 21:54:16 510 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Asterisk Key.reg.dat
2010-10-22 21:53:56 . 2010-10-22 21:53:56 183 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-FirefoxUltimateOptimizer.reg.dat
2010-10-22 21:51:54 . 2010-10-22 21:51:54 8,390 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-10-22 21:46:04 . 2010-10-22 21:46:04 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-03-30 22:59:20 . 2008-12-23 15:35:12 100,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_packet.dlluninstall.vir
2009-05-24 02:01:21 . 2009-05-24 02:05:41 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\java\jre-6u13-windows-i586-p.exe.bak2.vir
2007-08-04 00:26:25 . 2007-08-04 00:26:25 4 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\a3kebook.ini.vir
2007-08-04 00:26:25 . 2007-08-04 00:26:25 20 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\akebook.ini.vir
2007-08-04 00:26:25 . 2008-08-03 06:22:11 72 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\ANS2000.INI.vir



When I try to boot into normal mode screen goes black just before log on page and goes no further. Also, while booting I get funny markings across the screen, some thing like the following...
|||||||||||||||||| < These lines across the screen, top to bottom.
||||||||||||||||||

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 PM

Posted 06 December 2010 - 12:12 AM

Hi Zer0Man,



You didn't response my questions fully. Did you uninstall AVG completely? Had you experienced any blue screen while you can't boot into normal mode?

When did you run Combofix? before or after the time you can't boot into normal mode? BTW, please navigate to the following filepath (C:\Windows\ERDNT) and check ERDNT folder for me. Is there a folder named by 3-30-2010?

Did you try to restore Windows XP to a previous state as instructed in this thread or Have you used Last Know Good Configuration?. Please answer my questions in your next reply. Thanks.

Edited by sundavis, 06 December 2010 - 12:50 AM.


#11 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 06 December 2010 - 12:55 PM

I've kept the AVG user-settings back-up files, all other program files removed. These back-up files will be needed for the AVG firewall when I re-install it.

No blue screens while trying to boot into normal mode.

I ran Combofix after I found that I could not boot into normal mode.

I will look for the ERDNT folder when I return home tonight and edit this post.

Yes, I tried a system restore before asking for assistance here on Bleeping Computer.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 PM

Posted 06 December 2010 - 01:25 PM

Hi Zer0Man,



I will look for the ERDNT folder when I return home tonight and edit this post.

If the folder named by 3-30-2010 is still present, that means we have a backup since you have run ComboFix at 3-20-2010. We can try to restore your system to the previous state.


Have you used Last Know Good Configuration?

Please try that to bootup while you're in safe mode. The best way to fix unknown device issues or corrupted registry is to run scannow SFC tool or repair install .

Can you borrow a XP Pro disk with sp3 from friends? Besides that, you are well advised to backup your important data, working documents, or photos,etc. just in case.

#13 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 06 December 2010 - 04:59 PM

In the ERDNT folder there is no folder called 3-30-2010, the folders I do have in ERDNT are as follows...
cache
Hiv-backup
Users
00000001
00000002
00000003
00000004
00000005
00000006


I will have to try booting into Last Known Good Configuration tomorrow as I have to have an early night tonight due to a hospital appointment in the morning.

When am I to try to run scannow SFC tool or repair install.

I don't know anyone with a Windows XP Pro SP3 CD.

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 PM

Posted 06 December 2010 - 05:30 PM

Hi Zer0Man,



When am I to try to run scannow SFC tool or repair install.

You need to have a XP Install disk to perform the above process. BTW, did you run AVG Remover? Lets check your system one more time. please do the following:



Step1

Please download AVP Tool by Kaspersky. Save it to your desktop, and Reboot your computer into SafeMode.

  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  • Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

    Hidden Startup Objects
    System Memory
    Disk Boot Sectors.
    My Computer.
    Also any other drives (Removable that you may have)

  • Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.



Step2

Please download BootCheck.exe to your desktop.

  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply


Step3

Please download the attached file (Restore.bat)on your desktop, double click on it and A Dos Window will prompt. When done, a restore text should appear. Copy/paste the contents in your next reply.



In your next reply, please post back:

1.AVP log
2.BootCheck log
3.Restore.txt

Let me know how things went.

Attached Files


Edited by sundavis, 06 December 2010 - 06:25 PM.


#15 Zer0Man

Zer0Man
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:06:04 PM

Posted 07 December 2010 - 07:49 PM

No I didn't run the AVG Remover, I needed to keep the user-settings back-up files for when I re-install AVG.

Was unable to save the report from the AVP tool as the report button wasn't available on the screen. It was hidden off the bottom of the screen.

CMDCONS Folder exists!

Contents of C:\boot.ini:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[spybotsd]
timeout.old=2


Volume in drive C has no label.
Volume Serial Number is E8C7-1BEB

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP767\snapshot

24/07/2010 14:41 28,672 _REGISTRY_MACHINE_SAM
24/07/2010 14:40 65,536 _REGISTRY_MACHINE_SECURITY
24/07/2010 14:41 40,349,696 _REGISTRY_MACHINE_SOFTWARE
24/07/2010 14:41 8,318,976 _REGISTRY_MACHINE_SYSTEM
24/07/2010 14:40 4,751,360 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
24/07/2010 14:40 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
24/07/2010 14:40 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
24/07/2010 14:40 9,154,560 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
07/07/2010 22:57 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
24/07/2010 14:40 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
24/07/2010 14:40 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
24/07/2010 14:40 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,106,560 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP768\snapshot

24/07/2010 15:15 28,672 _REGISTRY_MACHINE_SAM
24/07/2010 15:15 65,536 _REGISTRY_MACHINE_SECURITY
24/07/2010 15:15 40,349,696 _REGISTRY_MACHINE_SOFTWARE
24/07/2010 15:15 8,318,976 _REGISTRY_MACHINE_SYSTEM
24/07/2010 15:15 4,780,032 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
24/07/2010 15:15 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
24/07/2010 15:15 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
24/07/2010 15:15 9,162,752 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
24/07/2010 14:58 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
24/07/2010 15:15 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
24/07/2010 15:15 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
24/07/2010 15:15 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,143,424 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP769\snapshot

25/07/2010 15:24 28,672 _REGISTRY_MACHINE_SAM
25/07/2010 15:24 65,536 _REGISTRY_MACHINE_SECURITY
25/07/2010 15:24 40,349,696 _REGISTRY_MACHINE_SOFTWARE
25/07/2010 15:24 8,318,976 _REGISTRY_MACHINE_SYSTEM
25/07/2010 15:24 4,780,032 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
25/07/2010 15:24 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
25/07/2010 15:24 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
25/07/2010 15:24 9,162,752 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
24/07/2010 14:58 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
25/07/2010 15:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
25/07/2010 15:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
25/07/2010 15:24 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,139,328 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP770\snapshot

26/07/2010 15:37 28,672 _REGISTRY_MACHINE_SAM
26/07/2010 15:36 65,536 _REGISTRY_MACHINE_SECURITY
26/07/2010 15:37 40,349,696 _REGISTRY_MACHINE_SOFTWARE
26/07/2010 15:37 8,318,976 _REGISTRY_MACHINE_SYSTEM
26/07/2010 15:36 4,780,032 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
26/07/2010 15:36 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
26/07/2010 15:36 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
26/07/2010 15:36 9,175,040 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/07/2010 15:36 4,915,200 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
26/07/2010 15:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
26/07/2010 15:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
26/07/2010 15:36 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,086,080 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP771\snapshot

27/07/2010 16:36 28,672 _REGISTRY_MACHINE_SAM
27/07/2010 16:36 65,536 _REGISTRY_MACHINE_SECURITY
27/07/2010 16:36 40,349,696 _REGISTRY_MACHINE_SOFTWARE
27/07/2010 16:36 8,318,976 _REGISTRY_MACHINE_SYSTEM
27/07/2010 16:36 4,780,032 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
27/07/2010 16:36 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
27/07/2010 16:36 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
27/07/2010 16:36 9,179,136 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
24/07/2010 14:58 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
27/07/2010 16:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
27/07/2010 16:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
27/07/2010 16:36 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,155,712 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP772\snapshot

28/07/2010 17:36 28,672 _REGISTRY_MACHINE_SAM
28/07/2010 17:36 65,536 _REGISTRY_MACHINE_SECURITY
28/07/2010 17:36 40,349,696 _REGISTRY_MACHINE_SOFTWARE
28/07/2010 17:36 8,318,976 _REGISTRY_MACHINE_SYSTEM
28/07/2010 17:36 4,780,032 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
28/07/2010 17:36 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
28/07/2010 17:36 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
28/07/2010 17:36 9,179,136 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
24/07/2010 14:58 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
28/07/2010 17:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
28/07/2010 17:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
28/07/2010 17:36 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,155,712 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP773\snapshot

28/07/2010 22:27 28,672 _REGISTRY_MACHINE_SAM
28/07/2010 22:27 65,536 _REGISTRY_MACHINE_SECURITY
28/07/2010 22:27 40,349,696 _REGISTRY_MACHINE_SOFTWARE
28/07/2010 22:27 8,318,976 _REGISTRY_MACHINE_SYSTEM
28/07/2010 22:27 4,780,032 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
28/07/2010 22:27 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
28/07/2010 22:27 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
28/07/2010 22:27 9,179,136 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
24/07/2010 14:58 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
28/07/2010 22:27 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
28/07/2010 22:27 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
28/07/2010 22:27 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,155,712 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP774\snapshot

29/07/2010 22:36 28,672 _REGISTRY_MACHINE_SAM
29/07/2010 22:36 65,536 _REGISTRY_MACHINE_SECURITY
29/07/2010 22:36 40,349,696 _REGISTRY_MACHINE_SOFTWARE
29/07/2010 22:36 8,318,976 _REGISTRY_MACHINE_SYSTEM
29/07/2010 22:36 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
29/07/2010 22:36 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
29/07/2010 22:36 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
29/07/2010 22:36 9,175,040 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
29/07/2010 22:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
29/07/2010 22:36 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
29/07/2010 22:36 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,155,712 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP775\snapshot

31/07/2010 03:28 28,672 _REGISTRY_MACHINE_SAM
31/07/2010 03:28 65,536 _REGISTRY_MACHINE_SECURITY
31/07/2010 03:28 40,349,696 _REGISTRY_MACHINE_SOFTWARE
31/07/2010 03:28 8,318,976 _REGISTRY_MACHINE_SYSTEM
31/07/2010 03:28 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
31/07/2010 03:28 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
31/07/2010 03:28 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
31/07/2010 03:28 9,175,040 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
31/07/2010 03:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
31/07/2010 03:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
31/07/2010 03:28 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,159,808 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP776\snapshot

05/08/2010 22:28 28,672 _REGISTRY_MACHINE_SAM
05/08/2010 22:28 65,536 _REGISTRY_MACHINE_SECURITY
05/08/2010 22:28 40,349,696 _REGISTRY_MACHINE_SOFTWARE
05/08/2010 22:28 8,318,976 _REGISTRY_MACHINE_SYSTEM
05/08/2010 22:28 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
05/08/2010 22:28 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
05/08/2010 22:28 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
05/08/2010 22:28 9,175,040 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
05/08/2010 22:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
05/08/2010 22:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
05/08/2010 22:28 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,159,808 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP777\snapshot

05/08/2010 22:30 28,672 _REGISTRY_MACHINE_SAM
05/08/2010 22:30 65,536 _REGISTRY_MACHINE_SECURITY
05/08/2010 22:30 40,349,696 _REGISTRY_MACHINE_SOFTWARE
05/08/2010 22:30 8,318,976 _REGISTRY_MACHINE_SYSTEM
05/08/2010 22:30 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
05/08/2010 22:30 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
05/08/2010 22:30 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
05/08/2010 22:30 9,179,136 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
05/08/2010 22:30 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
05/08/2010 22:30 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
05/08/2010 22:30 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,163,904 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP778\snapshot

06/08/2010 22:43 28,672 _REGISTRY_MACHINE_SAM
06/08/2010 22:43 65,536 _REGISTRY_MACHINE_SECURITY
06/08/2010 22:43 40,349,696 _REGISTRY_MACHINE_SOFTWARE
06/08/2010 22:43 8,318,976 _REGISTRY_MACHINE_SYSTEM
06/08/2010 22:43 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
06/08/2010 22:43 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
06/08/2010 22:43 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
06/08/2010 22:43 9,179,136 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
06/08/2010 22:43 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
06/08/2010 22:43 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
06/08/2010 22:43 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,159,808 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP779\snapshot

08/08/2010 01:43 28,672 _REGISTRY_MACHINE_SAM
08/08/2010 01:42 65,536 _REGISTRY_MACHINE_SECURITY
08/08/2010 01:43 40,349,696 _REGISTRY_MACHINE_SOFTWARE
08/08/2010 01:43 8,318,976 _REGISTRY_MACHINE_SYSTEM
08/08/2010 01:42 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
08/08/2010 01:42 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
08/08/2010 01:42 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
08/08/2010 01:42 9,183,232 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
08/08/2010 01:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
08/08/2010 01:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
08/08/2010 01:42 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,168,000 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP780\snapshot

09/08/2010 03:06 28,672 _REGISTRY_MACHINE_SAM
09/08/2010 03:06 65,536 _REGISTRY_MACHINE_SECURITY
09/08/2010 03:06 40,349,696 _REGISTRY_MACHINE_SOFTWARE
09/08/2010 03:06 8,318,976 _REGISTRY_MACHINE_SYSTEM
09/08/2010 03:06 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
09/08/2010 03:06 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
09/08/2010 03:06 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
09/08/2010 03:06 9,187,328 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
09/08/2010 03:06 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
09/08/2010 03:06 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
09/08/2010 03:06 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,168,000 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP781\snapshot

10/08/2010 03:13 28,672 _REGISTRY_MACHINE_SAM
10/08/2010 03:13 65,536 _REGISTRY_MACHINE_SECURITY
10/08/2010 03:13 40,349,696 _REGISTRY_MACHINE_SOFTWARE
10/08/2010 03:13 8,318,976 _REGISTRY_MACHINE_SYSTEM
10/08/2010 03:13 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/08/2010 03:13 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
10/08/2010 03:13 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
10/08/2010 03:13 9,191,424 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
10/08/2010 03:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/08/2010 03:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/08/2010 03:13 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,172,096 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP782\snapshot

10/08/2010 22:51 28,672 _REGISTRY_MACHINE_SAM
10/08/2010 22:51 65,536 _REGISTRY_MACHINE_SECURITY
10/08/2010 22:51 40,349,696 _REGISTRY_MACHINE_SOFTWARE
10/08/2010 22:51 8,318,976 _REGISTRY_MACHINE_SYSTEM
10/08/2010 22:51 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/08/2010 22:51 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
10/08/2010 22:51 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
10/08/2010 22:51 9,191,424 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
10/08/2010 22:51 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/08/2010 22:51 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/08/2010 22:51 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,172,096 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP783\snapshot

11/08/2010 23:13 28,672 _REGISTRY_MACHINE_SAM
11/08/2010 23:13 65,536 _REGISTRY_MACHINE_SECURITY
11/08/2010 23:13 40,714,240 _REGISTRY_MACHINE_SOFTWARE
11/08/2010 23:13 8,318,976 _REGISTRY_MACHINE_SYSTEM
11/08/2010 23:13 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/08/2010 23:13 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
11/08/2010 23:13 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
11/08/2010 23:13 9,191,424 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
11/08/2010 23:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/08/2010 23:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/08/2010 23:13 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,536,640 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP784\snapshot

13/08/2010 00:37 28,672 _REGISTRY_MACHINE_SAM
13/08/2010 00:37 65,536 _REGISTRY_MACHINE_SECURITY
13/08/2010 00:37 40,714,240 _REGISTRY_MACHINE_SOFTWARE
13/08/2010 00:37 8,318,976 _REGISTRY_MACHINE_SYSTEM
13/08/2010 00:37 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
13/08/2010 00:37 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
13/08/2010 00:37 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
13/08/2010 00:37 9,216,000 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
13/08/2010 00:37 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
13/08/2010 00:37 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
13/08/2010 00:37 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,565,312 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP785\snapshot

14/08/2010 03:03 28,672 _REGISTRY_MACHINE_SAM
14/08/2010 03:03 65,536 _REGISTRY_MACHINE_SECURITY
14/08/2010 03:03 40,714,240 _REGISTRY_MACHINE_SOFTWARE
14/08/2010 03:03 8,318,976 _REGISTRY_MACHINE_SYSTEM
14/08/2010 03:03 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
14/08/2010 03:03 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
14/08/2010 03:03 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
14/08/2010 03:03 9,216,000 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
14/08/2010 03:03 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
14/08/2010 03:03 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
14/08/2010 03:03 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,565,312 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP786\snapshot

15/08/2010 03:11 28,672 _REGISTRY_MACHINE_SAM
15/08/2010 03:11 65,536 _REGISTRY_MACHINE_SECURITY
15/08/2010 03:11 40,714,240 _REGISTRY_MACHINE_SOFTWARE
15/08/2010 03:11 8,318,976 _REGISTRY_MACHINE_SYSTEM
15/08/2010 03:11 4,784,128 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
15/08/2010 03:11 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
15/08/2010 03:11 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
15/08/2010 03:11 9,216,000 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
28/07/2010 23:10 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
15/08/2010 03:11 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
15/08/2010 03:11 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
15/08/2010 03:11 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,565,312 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP787\snapshot

16/08/2010 04:11 28,672 _REGISTRY_MACHINE_SAM
16/08/2010 04:11 65,536 _REGISTRY_MACHINE_SECURITY
16/08/2010 04:11 40,714,240 _REGISTRY_MACHINE_SOFTWARE
16/08/2010 04:11 8,318,976 _REGISTRY_MACHINE_SYSTEM
16/08/2010 04:11 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
16/08/2010 04:11 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
16/08/2010 04:11 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
16/08/2010 04:11 9,216,000 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/08/2010 00:57 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
16/08/2010 04:11 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
16/08/2010 04:11 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
16/08/2010 04:11 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,573,504 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP788\snapshot

16/08/2010 20:14 28,672 _REGISTRY_MACHINE_SAM
16/08/2010 20:14 65,536 _REGISTRY_MACHINE_SECURITY
16/08/2010 20:14 40,714,240 _REGISTRY_MACHINE_SOFTWARE
16/08/2010 20:14 8,318,976 _REGISTRY_MACHINE_SYSTEM
16/08/2010 20:14 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
16/08/2010 20:14 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
16/08/2010 20:14 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
16/08/2010 20:14 9,216,000 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/08/2010 00:57 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
16/08/2010 20:14 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
16/08/2010 20:14 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
16/08/2010 20:14 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,573,504 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP789\snapshot

17/08/2010 21:11 28,672 _REGISTRY_MACHINE_SAM
17/08/2010 21:11 65,536 _REGISTRY_MACHINE_SECURITY
17/08/2010 21:11 40,714,240 _REGISTRY_MACHINE_SOFTWARE
17/08/2010 21:11 8,318,976 _REGISTRY_MACHINE_SYSTEM
17/08/2010 21:11 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
17/08/2010 21:11 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
17/08/2010 21:11 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
17/08/2010 21:11 9,224,192 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/08/2010 00:57 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
17/08/2010 21:11 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
17/08/2010 21:11 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
17/08/2010 21:11 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,581,696 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP790\snapshot

18/08/2010 22:09 28,672 _REGISTRY_MACHINE_SAM
18/08/2010 22:09 65,536 _REGISTRY_MACHINE_SECURITY
18/08/2010 22:09 40,730,624 _REGISTRY_MACHINE_SOFTWARE
18/08/2010 22:09 8,318,976 _REGISTRY_MACHINE_SYSTEM
18/08/2010 22:09 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
18/08/2010 22:09 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
18/08/2010 22:09 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
18/08/2010 22:09 9,224,192 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/08/2010 00:57 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
18/08/2010 22:09 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
18/08/2010 22:09 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
18/08/2010 22:09 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,598,080 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\snapshot

19/08/2010 22:58 28,672 _REGISTRY_MACHINE_SAM
19/08/2010 22:58 65,536 _REGISTRY_MACHINE_SECURITY
19/08/2010 22:58 40,730,624 _REGISTRY_MACHINE_SOFTWARE
19/08/2010 22:58 8,318,976 _REGISTRY_MACHINE_SYSTEM
19/08/2010 22:58 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
19/08/2010 22:58 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
19/08/2010 22:58 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
19/08/2010 22:58 9,224,192 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/08/2010 00:57 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
19/08/2010 22:58 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
19/08/2010 22:58 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
19/08/2010 22:58 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,598,080 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP792\snapshot

21/08/2010 02:12 28,672 _REGISTRY_MACHINE_SAM
21/08/2010 02:12 65,536 _REGISTRY_MACHINE_SECURITY
21/08/2010 02:12 40,730,624 _REGISTRY_MACHINE_SOFTWARE
21/08/2010 02:12 8,318,976 _REGISTRY_MACHINE_SYSTEM
21/08/2010 02:12 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
21/08/2010 02:12 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
21/08/2010 02:12 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
21/08/2010 02:12 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
20/08/2010 22:20 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
21/08/2010 02:12 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
21/08/2010 02:12 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
21/08/2010 02:12 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,614,464 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP793\snapshot

22/08/2010 03:06 28,672 _REGISTRY_MACHINE_SAM
22/08/2010 03:06 65,536 _REGISTRY_MACHINE_SECURITY
22/08/2010 03:06 40,730,624 _REGISTRY_MACHINE_SOFTWARE
22/08/2010 03:06 8,318,976 _REGISTRY_MACHINE_SYSTEM
22/08/2010 03:06 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
22/08/2010 03:06 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
22/08/2010 03:06 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
22/08/2010 03:06 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
20/08/2010 22:20 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
22/08/2010 03:06 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
22/08/2010 03:06 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
22/08/2010 03:06 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,614,464 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\snapshot

23/08/2010 03:42 28,672 _REGISTRY_MACHINE_SAM
23/08/2010 03:42 65,536 _REGISTRY_MACHINE_SECURITY
23/08/2010 03:42 40,730,624 _REGISTRY_MACHINE_SOFTWARE
23/08/2010 03:42 8,318,976 _REGISTRY_MACHINE_SYSTEM
23/08/2010 03:42 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
23/08/2010 03:42 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
23/08/2010 03:42 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
23/08/2010 03:42 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
20/08/2010 22:20 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
23/08/2010 03:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
23/08/2010 03:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
23/08/2010 03:42 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\snapshot

24/08/2010 04:42 28,672 _REGISTRY_MACHINE_SAM
24/08/2010 04:42 65,536 _REGISTRY_MACHINE_SECURITY
24/08/2010 04:42 40,730,624 _REGISTRY_MACHINE_SOFTWARE
24/08/2010 04:42 8,318,976 _REGISTRY_MACHINE_SYSTEM
24/08/2010 04:42 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
24/08/2010 04:42 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
24/08/2010 04:42 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
24/08/2010 04:42 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
20/08/2010 22:20 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
24/08/2010 04:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
24/08/2010 04:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
24/08/2010 04:42 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP796\snapshot

25/08/2010 05:42 28,672 _REGISTRY_MACHINE_SAM
25/08/2010 05:42 65,536 _REGISTRY_MACHINE_SECURITY
25/08/2010 05:42 40,730,624 _REGISTRY_MACHINE_SOFTWARE
25/08/2010 05:42 8,318,976 _REGISTRY_MACHINE_SYSTEM
25/08/2010 05:42 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
25/08/2010 05:42 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
25/08/2010 05:42 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
25/08/2010 05:42 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
20/08/2010 22:20 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
25/08/2010 05:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
25/08/2010 05:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
25/08/2010 05:42 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP797\snapshot

26/08/2010 06:42 28,672 _REGISTRY_MACHINE_SAM
26/08/2010 06:42 65,536 _REGISTRY_MACHINE_SECURITY
26/08/2010 06:42 40,730,624 _REGISTRY_MACHINE_SOFTWARE
26/08/2010 06:42 8,318,976 _REGISTRY_MACHINE_SYSTEM
26/08/2010 06:42 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
26/08/2010 06:42 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
26/08/2010 06:42 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
26/08/2010 06:42 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
26/08/2010 06:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
26/08/2010 06:42 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
26/08/2010 06:42 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP798\snapshot

27/08/2010 06:58 28,672 _REGISTRY_MACHINE_SAM
27/08/2010 06:58 65,536 _REGISTRY_MACHINE_SECURITY
27/08/2010 06:58 40,730,624 _REGISTRY_MACHINE_SOFTWARE
27/08/2010 06:58 8,318,976 _REGISTRY_MACHINE_SYSTEM
27/08/2010 06:58 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
27/08/2010 06:58 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
27/08/2010 06:58 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
27/08/2010 06:58 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
27/08/2010 06:58 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
27/08/2010 06:58 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
27/08/2010 06:58 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP799\snapshot

28/08/2010 07:24 28,672 _REGISTRY_MACHINE_SAM
28/08/2010 07:24 65,536 _REGISTRY_MACHINE_SECURITY
28/08/2010 07:24 40,730,624 _REGISTRY_MACHINE_SOFTWARE
28/08/2010 07:24 8,318,976 _REGISTRY_MACHINE_SYSTEM
28/08/2010 07:24 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
28/08/2010 07:24 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
28/08/2010 07:24 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
28/08/2010 07:24 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
28/08/2010 07:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
28/08/2010 07:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
28/08/2010 07:24 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP800\snapshot

29/08/2010 08:24 28,672 _REGISTRY_MACHINE_SAM
29/08/2010 08:24 65,536 _REGISTRY_MACHINE_SECURITY
29/08/2010 08:24 40,730,624 _REGISTRY_MACHINE_SOFTWARE
29/08/2010 08:24 8,318,976 _REGISTRY_MACHINE_SYSTEM
29/08/2010 08:24 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
29/08/2010 08:24 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
29/08/2010 08:24 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
29/08/2010 08:24 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
29/08/2010 08:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
29/08/2010 08:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
29/08/2010 08:24 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP801\snapshot

30/08/2010 08:28 28,672 _REGISTRY_MACHINE_SAM
30/08/2010 08:28 65,536 _REGISTRY_MACHINE_SECURITY
30/08/2010 08:28 40,730,624 _REGISTRY_MACHINE_SOFTWARE
30/08/2010 08:28 8,318,976 _REGISTRY_MACHINE_SYSTEM
30/08/2010 08:28 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
30/08/2010 08:28 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
30/08/2010 08:28 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
30/08/2010 08:28 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
30/08/2010 08:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
30/08/2010 08:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
30/08/2010 08:28 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP802\snapshot

31/08/2010 09:28 28,672 _REGISTRY_MACHINE_SAM
31/08/2010 09:28 65,536 _REGISTRY_MACHINE_SECURITY
31/08/2010 09:28 40,730,624 _REGISTRY_MACHINE_SOFTWARE
31/08/2010 09:28 8,318,976 _REGISTRY_MACHINE_SYSTEM
31/08/2010 09:28 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
31/08/2010 09:28 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
31/08/2010 09:28 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
31/08/2010 09:28 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
31/08/2010 09:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
31/08/2010 09:28 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
31/08/2010 09:28 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP803\snapshot

01/09/2010 10:15 28,672 _REGISTRY_MACHINE_SAM
01/09/2010 10:15 65,536 _REGISTRY_MACHINE_SECURITY
01/09/2010 10:15 40,730,624 _REGISTRY_MACHINE_SOFTWARE
01/09/2010 10:15 8,318,976 _REGISTRY_MACHINE_SYSTEM
01/09/2010 10:15 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
01/09/2010 10:15 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
01/09/2010 10:15 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
01/09/2010 10:15 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
01/09/2010 10:15 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
01/09/2010 10:15 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
01/09/2010 10:15 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,610,368 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP804\snapshot

01/09/2010 21:47 28,672 _REGISTRY_MACHINE_SAM
01/09/2010 21:47 65,536 _REGISTRY_MACHINE_SECURITY
01/09/2010 21:47 40,730,624 _REGISTRY_MACHINE_SOFTWARE
01/09/2010 21:47 8,318,976 _REGISTRY_MACHINE_SYSTEM
01/09/2010 21:47 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
01/09/2010 21:47 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
01/09/2010 21:47 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
01/09/2010 21:47 9,240,576 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
01/09/2010 21:47 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
01/09/2010 21:47 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
01/09/2010 21:47 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,614,464 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP805\snapshot

01/09/2010 21:47 28,672 _REGISTRY_MACHINE_SAM
01/09/2010 21:47 65,536 _REGISTRY_MACHINE_SECURITY
01/09/2010 21:47 40,730,624 _REGISTRY_MACHINE_SOFTWARE
01/09/2010 21:47 8,318,976 _REGISTRY_MACHINE_SYSTEM
01/09/2010 21:47 4,796,416 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
01/09/2010 21:47 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
01/09/2010 21:47 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
01/09/2010 21:47 9,240,576 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
01/09/2010 21:47 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
01/09/2010 21:47 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
01/09/2010 21:47 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,614,464 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP806\snapshot

01/09/2010 22:02 28,672 _REGISTRY_MACHINE_SAM
01/09/2010 22:02 65,536 _REGISTRY_MACHINE_SECURITY
01/09/2010 22:02 40,730,624 _REGISTRY_MACHINE_SOFTWARE
01/09/2010 22:02 8,318,976 _REGISTRY_MACHINE_SYSTEM
01/09/2010 22:02 4,800,512 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
01/09/2010 22:02 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
01/09/2010 22:02 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
01/09/2010 22:02 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
26/08/2010 04:06 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
01/09/2010 22:02 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
01/09/2010 22:02 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
01/09/2010 22:02 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 71,614,464 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP807\snapshot

02/09/2010 22:15 32,768 _REGISTRY_MACHINE_SAM
02/09/2010 22:14 65,536 _REGISTRY_MACHINE_SECURITY
02/09/2010 22:15 41,922,560 _REGISTRY_MACHINE_SOFTWARE
02/09/2010 22:15 8,318,976 _REGISTRY_MACHINE_SYSTEM
02/09/2010 22:14 4,808,704 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
02/09/2010 22:14 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
02/09/2010 22:14 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
02/09/2010 22:14 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
01/09/2010 23:00 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
02/09/2010 22:14 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
02/09/2010 22:14 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
02/09/2010 22:14 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,818,688 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP808\snapshot

03/09/2010 22:50 32,768 _REGISTRY_MACHINE_SAM
03/09/2010 22:50 65,536 _REGISTRY_MACHINE_SECURITY
03/09/2010 22:50 41,922,560 _REGISTRY_MACHINE_SOFTWARE
03/09/2010 22:50 8,318,976 _REGISTRY_MACHINE_SYSTEM
03/09/2010 22:50 4,808,704 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
03/09/2010 22:50 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
03/09/2010 22:50 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
03/09/2010 22:50 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
01/09/2010 23:00 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
03/09/2010 22:50 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
03/09/2010 22:50 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
03/09/2010 22:50 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,818,688 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP809\snapshot

05/09/2010 03:22 32,768 _REGISTRY_MACHINE_SAM
05/09/2010 03:22 65,536 _REGISTRY_MACHINE_SECURITY
05/09/2010 03:22 41,922,560 _REGISTRY_MACHINE_SOFTWARE
05/09/2010 03:22 8,318,976 _REGISTRY_MACHINE_SYSTEM
05/09/2010 03:22 4,808,704 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
05/09/2010 03:22 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
05/09/2010 03:22 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
05/09/2010 03:22 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
01/09/2010 23:00 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
05/09/2010 03:22 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
05/09/2010 03:22 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
05/09/2010 03:22 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,822,784 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP810\snapshot

06/09/2010 03:32 32,768 _REGISTRY_MACHINE_SAM
06/09/2010 03:32 65,536 _REGISTRY_MACHINE_SECURITY
06/09/2010 03:32 41,922,560 _REGISTRY_MACHINE_SOFTWARE
06/09/2010 03:32 8,318,976 _REGISTRY_MACHINE_SYSTEM
06/09/2010 03:32 4,808,704 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
06/09/2010 03:31 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
06/09/2010 03:31 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
06/09/2010 03:32 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
01/09/2010 23:00 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
06/09/2010 03:31 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
06/09/2010 03:31 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
06/09/2010 03:32 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,818,688 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP811\snapshot

07/09/2010 04:32 32,768 _REGISTRY_MACHINE_SAM
07/09/2010 04:32 65,536 _REGISTRY_MACHINE_SECURITY
07/09/2010 04:32 41,922,560 _REGISTRY_MACHINE_SOFTWARE
07/09/2010 04:32 8,318,976 _REGISTRY_MACHINE_SYSTEM
07/09/2010 04:32 4,808,704 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
07/09/2010 04:32 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
07/09/2010 04:32 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
07/09/2010 04:32 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
01/09/2010 23:00 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
07/09/2010 04:32 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
07/09/2010 04:32 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
07/09/2010 04:32 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,818,688 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP812\snapshot

08/09/2010 04:55 32,768 _REGISTRY_MACHINE_SAM
08/09/2010 04:55 65,536 _REGISTRY_MACHINE_SECURITY
08/09/2010 04:55 41,922,560 _REGISTRY_MACHINE_SOFTWARE
08/09/2010 04:55 8,318,976 _REGISTRY_MACHINE_SYSTEM
08/09/2010 04:55 4,808,704 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
08/09/2010 04:55 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
08/09/2010 04:55 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
08/09/2010 04:55 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
01/09/2010 23:00 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
08/09/2010 04:55 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
08/09/2010 04:55 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
08/09/2010 04:55 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,822,784 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP813\snapshot

09/09/2010 05:16 32,768 _REGISTRY_MACHINE_SAM
09/09/2010 05:16 65,536 _REGISTRY_MACHINE_SECURITY
09/09/2010 05:16 41,922,560 _REGISTRY_MACHINE_SOFTWARE
09/09/2010 05:16 8,318,976 _REGISTRY_MACHINE_SYSTEM
09/09/2010 05:16 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
09/09/2010 05:16 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
09/09/2010 05:16 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
09/09/2010 05:16 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
09/09/2010 01:47 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
09/09/2010 05:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
09/09/2010 05:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
09/09/2010 05:16 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,830,976 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP814\snapshot

10/09/2010 05:17 32,768 _REGISTRY_MACHINE_SAM
10/09/2010 05:16 65,536 _REGISTRY_MACHINE_SECURITY
10/09/2010 05:17 41,922,560 _REGISTRY_MACHINE_SOFTWARE
10/09/2010 05:17 8,318,976 _REGISTRY_MACHINE_SYSTEM
10/09/2010 05:16 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/09/2010 05:16 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
10/09/2010 05:16 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
10/09/2010 05:16 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
09/09/2010 01:47 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
10/09/2010 05:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/09/2010 05:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/09/2010 05:16 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,830,976 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP815\snapshot

13/09/2010 03:31 32,768 _REGISTRY_MACHINE_SAM
13/09/2010 03:31 65,536 _REGISTRY_MACHINE_SECURITY
13/09/2010 03:31 41,922,560 _REGISTRY_MACHINE_SOFTWARE
13/09/2010 03:31 8,318,976 _REGISTRY_MACHINE_SYSTEM
13/09/2010 03:31 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
13/09/2010 03:31 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
13/09/2010 03:31 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
13/09/2010 03:31 9,236,480 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
09/09/2010 01:47 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
13/09/2010 03:31 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
13/09/2010 03:31 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
13/09/2010 03:31 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,835,072 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP816\snapshot

14/09/2010 03:40 32,768 _REGISTRY_MACHINE_SAM
14/09/2010 03:39 65,536 _REGISTRY_MACHINE_SECURITY
14/09/2010 03:39 41,922,560 _REGISTRY_MACHINE_SOFTWARE
14/09/2010 03:40 8,318,976 _REGISTRY_MACHINE_SYSTEM
14/09/2010 03:39 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
14/09/2010 03:39 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
14/09/2010 03:39 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
14/09/2010 03:39 9,252,864 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
09/09/2010 01:47 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
14/09/2010 03:39 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
14/09/2010 03:39 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
14/09/2010 03:39 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,847,360 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP817\snapshot

15/09/2010 02:45 32,768 _REGISTRY_MACHINE_SAM
15/09/2010 02:45 65,536 _REGISTRY_MACHINE_SECURITY
15/09/2010 02:45 41,922,560 _REGISTRY_MACHINE_SOFTWARE
15/09/2010 02:45 8,318,976 _REGISTRY_MACHINE_SYSTEM
15/09/2010 02:45 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
15/09/2010 02:45 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
15/09/2010 02:45 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
15/09/2010 02:45 9,252,864 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
09/09/2010 01:47 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
15/09/2010 02:45 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
15/09/2010 02:45 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
15/09/2010 02:45 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,851,456 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP818\snapshot

16/09/2010 02:57 32,768 _REGISTRY_MACHINE_SAM
16/09/2010 02:57 65,536 _REGISTRY_MACHINE_SECURITY
16/09/2010 02:57 41,922,560 _REGISTRY_MACHINE_SOFTWARE
16/09/2010 02:57 8,318,976 _REGISTRY_MACHINE_SYSTEM
16/09/2010 02:57 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
16/09/2010 02:57 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
16/09/2010 02:57 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
16/09/2010 02:57 9,256,960 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
09/09/2010 01:47 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
16/09/2010 02:57 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
16/09/2010 02:57 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
16/09/2010 02:57 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,851,456 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP819\snapshot

16/09/2010 22:46 32,768 _REGISTRY_MACHINE_SAM
16/09/2010 22:46 65,536 _REGISTRY_MACHINE_SECURITY
16/09/2010 22:46 41,938,944 _REGISTRY_MACHINE_SOFTWARE
16/09/2010 22:46 8,318,976 _REGISTRY_MACHINE_SYSTEM
16/09/2010 22:46 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
16/09/2010 22:46 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
16/09/2010 22:46 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
16/09/2010 22:46 9,256,960 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
16/09/2010 22:46 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
16/09/2010 22:46 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
16/09/2010 22:46 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,871,936 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP820\snapshot

18/09/2010 02:55 32,768 _REGISTRY_MACHINE_SAM
18/09/2010 02:55 65,536 _REGISTRY_MACHINE_SECURITY
18/09/2010 02:55 41,938,944 _REGISTRY_MACHINE_SOFTWARE
18/09/2010 02:55 8,318,976 _REGISTRY_MACHINE_SYSTEM
18/09/2010 02:55 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
18/09/2010 02:55 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
18/09/2010 02:55 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
18/09/2010 02:55 9,256,960 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
18/09/2010 02:55 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
18/09/2010 02:55 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
18/09/2010 02:55 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,871,936 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP821\snapshot

19/09/2010 03:04 32,768 _REGISTRY_MACHINE_SAM
19/09/2010 03:04 65,536 _REGISTRY_MACHINE_SECURITY
19/09/2010 03:04 41,938,944 _REGISTRY_MACHINE_SOFTWARE
19/09/2010 03:04 8,318,976 _REGISTRY_MACHINE_SYSTEM
19/09/2010 03:04 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
19/09/2010 03:04 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
19/09/2010 03:04 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
19/09/2010 03:04 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
19/09/2010 03:04 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
19/09/2010 03:04 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
19/09/2010 03:04 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,876,032 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP822\snapshot

20/09/2010 03:29 32,768 _REGISTRY_MACHINE_SAM
20/09/2010 03:29 65,536 _REGISTRY_MACHINE_SECURITY
20/09/2010 03:29 41,938,944 _REGISTRY_MACHINE_SOFTWARE
20/09/2010 03:29 8,318,976 _REGISTRY_MACHINE_SYSTEM
20/09/2010 03:29 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
20/09/2010 03:29 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
20/09/2010 03:29 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
20/09/2010 03:29 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
20/09/2010 03:29 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
20/09/2010 03:29 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
20/09/2010 03:29 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,871,936 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP823\snapshot

20/09/2010 21:17 32,768 _REGISTRY_MACHINE_SAM
20/09/2010 21:17 65,536 _REGISTRY_MACHINE_SECURITY
20/09/2010 21:17 41,938,944 _REGISTRY_MACHINE_SOFTWARE
20/09/2010 21:17 8,318,976 _REGISTRY_MACHINE_SYSTEM
20/09/2010 21:16 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
20/09/2010 21:16 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
20/09/2010 21:16 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
20/09/2010 21:16 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
20/09/2010 21:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
20/09/2010 21:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
20/09/2010 21:16 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,871,936 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP824\snapshot

20/09/2010 21:17 32,768 _REGISTRY_MACHINE_SAM
20/09/2010 21:17 65,536 _REGISTRY_MACHINE_SECURITY
20/09/2010 21:17 41,938,944 _REGISTRY_MACHINE_SOFTWARE
20/09/2010 21:17 8,318,976 _REGISTRY_MACHINE_SYSTEM
20/09/2010 21:17 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
20/09/2010 21:17 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
20/09/2010 21:17 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
20/09/2010 21:17 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
20/09/2010 21:17 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
20/09/2010 21:17 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
20/09/2010 21:17 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,871,936 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP825\snapshot

22/09/2010 02:39 32,768 _REGISTRY_MACHINE_SAM
22/09/2010 02:39 65,536 _REGISTRY_MACHINE_SECURITY
22/09/2010 02:39 41,938,944 _REGISTRY_MACHINE_SOFTWARE
22/09/2010 02:39 8,318,976 _REGISTRY_MACHINE_SYSTEM
22/09/2010 02:39 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
22/09/2010 02:39 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
22/09/2010 02:39 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
22/09/2010 02:39 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
22/09/2010 02:39 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
22/09/2010 02:39 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
22/09/2010 02:39 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,876,032 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP826\snapshot

23/09/2010 03:30 32,768 _REGISTRY_MACHINE_SAM
23/09/2010 03:30 65,536 _REGISTRY_MACHINE_SECURITY
23/09/2010 03:30 41,938,944 _REGISTRY_MACHINE_SOFTWARE
23/09/2010 03:30 8,318,976 _REGISTRY_MACHINE_SYSTEM
23/09/2010 03:30 4,820,992 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
23/09/2010 03:30 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
23/09/2010 03:30 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
23/09/2010 03:30 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
16/09/2010 09:31 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
23/09/2010 03:30 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
23/09/2010 03:30 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
23/09/2010 03:30 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,871,936 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP827\snapshot

24/09/2010 04:06 32,768 _REGISTRY_MACHINE_SAM
24/09/2010 04:06 65,536 _REGISTRY_MACHINE_SECURITY
24/09/2010 04:06 41,938,944 _REGISTRY_MACHINE_SOFTWARE
24/09/2010 04:06 8,318,976 _REGISTRY_MACHINE_SYSTEM
24/09/2010 04:06 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
24/09/2010 04:06 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
24/09/2010 04:06 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
24/09/2010 04:06 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
24/09/2010 04:06 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
24/09/2010 04:06 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
24/09/2010 04:06 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,880,128 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP828\snapshot

25/09/2010 03:07 32,768 _REGISTRY_MACHINE_SAM
25/09/2010 03:07 65,536 _REGISTRY_MACHINE_SECURITY
25/09/2010 03:07 41,938,944 _REGISTRY_MACHINE_SOFTWARE
25/09/2010 03:07 8,318,976 _REGISTRY_MACHINE_SYSTEM
25/09/2010 03:07 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
25/09/2010 03:07 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
25/09/2010 03:07 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
25/09/2010 03:07 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
25/09/2010 03:07 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
25/09/2010 03:07 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
25/09/2010 03:07 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,880,128 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP829\snapshot

25/09/2010 03:07 32,768 _REGISTRY_MACHINE_SAM
25/09/2010 03:07 65,536 _REGISTRY_MACHINE_SECURITY
25/09/2010 03:07 41,938,944 _REGISTRY_MACHINE_SOFTWARE
25/09/2010 03:07 8,318,976 _REGISTRY_MACHINE_SYSTEM
25/09/2010 03:07 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
25/09/2010 03:07 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
25/09/2010 03:07 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
25/09/2010 03:07 9,261,056 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
25/09/2010 03:07 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
25/09/2010 03:07 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
25/09/2010 03:07 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,880,128 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP830\snapshot

26/09/2010 03:13 32,768 _REGISTRY_MACHINE_SAM
26/09/2010 03:13 65,536 _REGISTRY_MACHINE_SECURITY
26/09/2010 03:13 41,938,944 _REGISTRY_MACHINE_SOFTWARE
26/09/2010 03:13 8,318,976 _REGISTRY_MACHINE_SYSTEM
26/09/2010 03:13 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
26/09/2010 03:13 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
26/09/2010 03:13 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
26/09/2010 03:13 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
26/09/2010 03:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
26/09/2010 03:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
26/09/2010 03:13 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,888,320 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP831\snapshot

27/09/2010 04:13 32,768 _REGISTRY_MACHINE_SAM
27/09/2010 04:13 65,536 _REGISTRY_MACHINE_SECURITY
27/09/2010 04:13 41,938,944 _REGISTRY_MACHINE_SOFTWARE
27/09/2010 04:13 8,318,976 _REGISTRY_MACHINE_SYSTEM
27/09/2010 04:13 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
27/09/2010 04:13 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
27/09/2010 04:13 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
27/09/2010 04:13 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
27/09/2010 04:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
27/09/2010 04:13 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
27/09/2010 04:13 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,888,320 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP832\snapshot

28/09/2010 04:44 32,768 _REGISTRY_MACHINE_SAM
28/09/2010 04:44 65,536 _REGISTRY_MACHINE_SECURITY
28/09/2010 04:44 41,938,944 _REGISTRY_MACHINE_SOFTWARE
28/09/2010 04:44 8,318,976 _REGISTRY_MACHINE_SYSTEM
28/09/2010 04:44 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
28/09/2010 04:44 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
28/09/2010 04:44 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
28/09/2010 04:44 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
28/09/2010 04:44 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
28/09/2010 04:44 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
28/09/2010 04:44 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,888,320 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP833\snapshot

28/09/2010 21:39 32,768 _REGISTRY_MACHINE_SAM
28/09/2010 21:39 65,536 _REGISTRY_MACHINE_SECURITY
28/09/2010 21:39 41,938,944 _REGISTRY_MACHINE_SOFTWARE
28/09/2010 21:39 8,318,976 _REGISTRY_MACHINE_SYSTEM
28/09/2010 21:39 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
28/09/2010 21:39 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
28/09/2010 21:39 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
28/09/2010 21:39 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
28/09/2010 21:39 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
28/09/2010 21:39 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
28/09/2010 21:39 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,888,320 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP834\snapshot

29/09/2010 21:44 32,768 _REGISTRY_MACHINE_SAM
29/09/2010 21:44 65,536 _REGISTRY_MACHINE_SECURITY
29/09/2010 21:44 41,938,944 _REGISTRY_MACHINE_SOFTWARE
29/09/2010 21:44 8,318,976 _REGISTRY_MACHINE_SYSTEM
29/09/2010 21:44 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
29/09/2010 21:44 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
29/09/2010 21:44 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
29/09/2010 21:44 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
29/09/2010 21:44 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
29/09/2010 21:44 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
29/09/2010 21:44 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,888,320 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP835\snapshot

29/09/2010 22:00 32,768 _REGISTRY_MACHINE_SAM
29/09/2010 22:00 65,536 _REGISTRY_MACHINE_SECURITY
29/09/2010 22:00 41,938,944 _REGISTRY_MACHINE_SOFTWARE
29/09/2010 22:00 8,318,976 _REGISTRY_MACHINE_SYSTEM
29/09/2010 22:00 4,825,088 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
29/09/2010 22:00 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
29/09/2010 22:00 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
29/09/2010 22:00 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
23/09/2010 23:07 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
29/09/2010 22:00 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
29/09/2010 22:00 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
29/09/2010 22:00 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,888,320 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP836\snapshot

30/09/2010 22:16 32,768 _REGISTRY_MACHINE_SAM
30/09/2010 22:16 65,536 _REGISTRY_MACHINE_SECURITY
30/09/2010 22:16 41,938,944 _REGISTRY_MACHINE_SOFTWARE
30/09/2010 22:16 8,318,976 _REGISTRY_MACHINE_SYSTEM
30/09/2010 22:16 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
30/09/2010 22:16 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
30/09/2010 22:16 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
30/09/2010 22:16 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
30/09/2010 22:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
30/09/2010 22:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
30/09/2010 22:16 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,896,512 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP837\snapshot

01/10/2010 23:04 32,768 _REGISTRY_MACHINE_SAM
01/10/2010 23:04 65,536 _REGISTRY_MACHINE_SECURITY
01/10/2010 23:04 41,938,944 _REGISTRY_MACHINE_SOFTWARE
01/10/2010 23:04 8,318,976 _REGISTRY_MACHINE_SYSTEM
01/10/2010 23:04 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
01/10/2010 23:04 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
01/10/2010 23:04 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
01/10/2010 23:04 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
01/10/2010 23:04 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
01/10/2010 23:04 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
01/10/2010 23:04 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,896,512 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP838\snapshot

02/10/2010 03:02 32,768 _REGISTRY_MACHINE_SAM
02/10/2010 03:02 65,536 _REGISTRY_MACHINE_SECURITY
02/10/2010 03:02 41,938,944 _REGISTRY_MACHINE_SOFTWARE
02/10/2010 03:02 8,318,976 _REGISTRY_MACHINE_SYSTEM
02/10/2010 03:02 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
02/10/2010 03:02 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
02/10/2010 03:02 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
02/10/2010 03:02 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
02/10/2010 03:02 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
02/10/2010 03:02 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
02/10/2010 03:02 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 72,900,608 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP839\snapshot

03/10/2010 03:31 32,768 _REGISTRY_MACHINE_SAM
03/10/2010 03:31 65,536 _REGISTRY_MACHINE_SECURITY
03/10/2010 03:31 42,491,904 _REGISTRY_MACHINE_SOFTWARE
03/10/2010 03:31 8,318,976 _REGISTRY_MACHINE_SYSTEM
03/10/2010 03:31 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
03/10/2010 03:30 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
03/10/2010 03:30 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
03/10/2010 03:31 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
03/10/2010 03:30 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
03/10/2010 03:30 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
03/10/2010 03:31 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,453,568 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP840\snapshot

04/10/2010 03:51 32,768 _REGISTRY_MACHINE_SAM
04/10/2010 03:51 65,536 _REGISTRY_MACHINE_SECURITY
04/10/2010 03:51 42,491,904 _REGISTRY_MACHINE_SOFTWARE
04/10/2010 03:51 8,318,976 _REGISTRY_MACHINE_SYSTEM
04/10/2010 03:51 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
04/10/2010 03:51 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
04/10/2010 03:51 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
04/10/2010 03:51 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
04/10/2010 03:51 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
04/10/2010 03:51 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
04/10/2010 03:51 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,453,568 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP841\snapshot

05/10/2010 04:24 32,768 _REGISTRY_MACHINE_SAM
05/10/2010 04:24 65,536 _REGISTRY_MACHINE_SECURITY
05/10/2010 04:24 42,491,904 _REGISTRY_MACHINE_SOFTWARE
05/10/2010 04:24 8,318,976 _REGISTRY_MACHINE_SYSTEM
05/10/2010 04:24 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
05/10/2010 04:24 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
05/10/2010 04:24 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
05/10/2010 04:24 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
05/10/2010 04:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
05/10/2010 04:24 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
05/10/2010 04:24 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,449,472 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP842\snapshot

06/10/2010 04:33 32,768 _REGISTRY_MACHINE_SAM
06/10/2010 04:33 65,536 _REGISTRY_MACHINE_SECURITY
06/10/2010 04:33 42,491,904 _REGISTRY_MACHINE_SOFTWARE
06/10/2010 04:33 8,318,976 _REGISTRY_MACHINE_SYSTEM
06/10/2010 04:33 4,833,280 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
06/10/2010 04:33 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
06/10/2010 04:33 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
06/10/2010 04:33 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
29/09/2010 23:01 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
06/10/2010 04:33 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
06/10/2010 04:33 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
06/10/2010 04:33 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,453,568 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP843\snapshot

07/10/2010 05:22 32,768 _REGISTRY_MACHINE_SAM
07/10/2010 05:22 65,536 _REGISTRY_MACHINE_SECURITY
07/10/2010 05:22 42,491,904 _REGISTRY_MACHINE_SOFTWARE
07/10/2010 05:22 8,318,976 _REGISTRY_MACHINE_SYSTEM
07/10/2010 05:22 4,841,472 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
07/10/2010 05:22 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
07/10/2010 05:22 1,425,408 _REGISTRY_USER_NTUSER_S-1-5-20
07/10/2010 05:22 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
06/10/2010 23:16 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
07/10/2010 05:22 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
07/10/2010 05:22 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
07/10/2010 05:22 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,457,664 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP844\snapshot

08/10/2010 01:22 32,768 _REGISTRY_MACHINE_SAM
08/10/2010 01:22 65,536 _REGISTRY_MACHINE_SECURITY
08/10/2010 01:22 42,491,904 _REGISTRY_MACHINE_SOFTWARE
08/10/2010 01:22 8,318,976 _REGISTRY_MACHINE_SYSTEM
08/10/2010 01:22 4,841,472 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
08/10/2010 01:22 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
08/10/2010 01:22 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
08/10/2010 01:22 9,273,344 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
06/10/2010 23:16 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
08/10/2010 01:22 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
08/10/2010 01:22 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
08/10/2010 01:22 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,461,760 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP845\snapshot

09/10/2010 03:46 32,768 _REGISTRY_MACHINE_SAM
09/10/2010 03:46 65,536 _REGISTRY_MACHINE_SECURITY
09/10/2010 03:46 42,491,904 _REGISTRY_MACHINE_SOFTWARE
09/10/2010 03:46 8,318,976 _REGISTRY_MACHINE_SYSTEM
09/10/2010 03:46 4,841,472 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
09/10/2010 03:46 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
09/10/2010 03:46 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
09/10/2010 03:46 9,281,536 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
06/10/2010 23:16 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
09/10/2010 03:46 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
09/10/2010 03:46 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
09/10/2010 03:46 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,469,952 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP846\snapshot

10/10/2010 04:16 32,768 _REGISTRY_MACHINE_SAM
10/10/2010 04:16 65,536 _REGISTRY_MACHINE_SECURITY
10/10/2010 04:16 42,491,904 _REGISTRY_MACHINE_SOFTWARE
10/10/2010 04:16 8,318,976 _REGISTRY_MACHINE_SYSTEM
10/10/2010 04:16 4,841,472 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
10/10/2010 04:16 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
10/10/2010 04:16 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
10/10/2010 04:16 9,285,632 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
06/10/2010 23:16 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
10/10/2010 04:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
10/10/2010 04:16 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
10/10/2010 04:16 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,474,048 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP847\snapshot

11/10/2010 04:46 32,768 _REGISTRY_MACHINE_SAM
11/10/2010 04:46 65,536 _REGISTRY_MACHINE_SECURITY
11/10/2010 04:46 42,491,904 _REGISTRY_MACHINE_SOFTWARE
11/10/2010 04:46 8,318,976 _REGISTRY_MACHINE_SYSTEM
11/10/2010 04:46 4,841,472 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
11/10/2010 04:46 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-19
11/10/2010 04:46 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
11/10/2010 04:46 9,281,536 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
06/10/2010 23:16 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
11/10/2010 04:46 8,192 _REGISTRY_USER_USRCLASS_S-1-5-19
11/10/2010 04:46 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
11/10/2010 04:46 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
13 File(s) 73,469,952 bytes

Directory of C:\system~1\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP848\snapshot

18/10/2010 21:21 32,768 _REGISTRY_MACHINE_SAM
18/10/2010 21:21 65,536 _REGISTRY_MACHINE_SECURITY
18/10/2010 21:21 42,491,904 _REGISTRY_MACHINE_SOFTWARE
18/10/2010 21:21 8,318,976 _REGISTRY_MACHINE_SYSTEM
18/10/2010 21:21 4,841,472 _REGISTRY_USER_.DEFAULT
14/11/2006 08:22 262,144 _REGISTRY_USER_NTUSER_S-1-5-18
18/10/2010 21:21 1,429,504 _REGISTRY_USER_NTUSER_S-1-5-20
18/10/2010 21:21 9,289,728 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-1006
06/10/2010 23:16 4,980,736 _REGISTRY_USER_NTUSER_S-1-5-21-3425880183-2744943636-806508281-500
18/10/2010 21:21 8,192 _REGISTRY_USER_USRCLASS_S-1-5-20
18/10/2010 21:21 319,488 _REGISTRY_USER_USRCLASS_S-1-5-21-3425880183-2744943636-806508281-1006
11 File(s) 72,040,448 bytes

Total Files Listed:
1064 File(s) 5,921,554,432 bytes
0 Dir(s) 82,956,529,664 bytes free




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users