|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-19-2008, 12:03 AM
|
#21 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
From what I can tell everything' s back to normal -- the theme and background wallpaper have returned, the icons that I had on my desktop prior to the "incident" have returned to where they used to be with holes only where I deleted .lnks; no odd security warnings when I use windows explorer. I finally got a log from ComboFix. I did however, notice a warning box popped up before combofix and explorer quit and the computer rebooted. It disappeared before I even caught a glimpse of the message. The computer appeared to stall before it restarted with just a blank screen so I left it, but everything seemed fine when I came back. My clock/date format is odd, maybe combofix didn't reset it or something. Here are the logs you requested (double post because of length):
ComboFix 08-06-16.5 - HP_Owner 06/18/2008 23:10:50.16 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Owner.AE066C3A9B\ntuser.dat . . . . failed to delete . --------------- SCopy --------------- {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 --> C:\Documents and Settings\HP_Owner.AE066C3A9B\ntuser.dat . ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))) . 2008-06-16 19:09 . 2008-06-18 23:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-06-16 18:36 . 2008-06-16 18:40 63,971,328 --a------ C:\WINDOWS\sectest.db 2008-06-14 23:24 . 2008-04-22 22:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-14 23:24 . 2007-04-17 03:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-14 23:24 . 2007-03-07 23:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-14 23:24 . 2008-04-22 22:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-14 23:24 . 2008-04-22 22:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-14 23:24 . 2008-04-22 22:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-14 23:24 . 2008-04-22 22:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-14 23:24 . 2008-04-22 22:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-14 23:24 . 2008-04-22 01:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-13 15:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-13 15:08 . 2008-06-13 15:09 <DIR> d-------- C:\Program Files\Java 2008-06-12 00:37 . 2008-06-12 00:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-11 15:44 . 2008-06-17 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-11 15:44 . 2008-06-17 17:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-10 17:14 . 2008-04-14 05:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 17:14 . 2008-04-14 05:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 16:34 . 2008-06-10 16:34 <DIR> d-------- C:\audio 2008-06-09 20:23 . 2008-06-09 20:24 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Media Player Classic 2008-06-09 20:16 . 2008-06-09 20:16 <DIR> d-------- C:\Program Files\AC3Filter 2008-06-09 20:16 . 2007-06-07 13:11 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-06-09 17:36 . 2008-06-09 17:36 <DIR> d-------- C:\Program Files\MP3Parse 2008-06-09 17:22 . 2008-06-09 17:22 <DIR> d-------- C:\Program Files\Xvid 2008-06-09 17:22 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-06-09 17:22 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-06-09 17:22 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-06-09 17:20 . 1999-05-28 15:13 301,568 --a------ C:\WINDOWS\system32\L3CODECP.ACM 2008-06-09 17:20 . 1998-04-30 14:56 129,024 --a------ C:\WINDOWS\UNWISE.EXE 2008-06-09 17:11 . 2008-06-09 17:11 0 --a------ C:\WINDOWS\GraphEdt.INI 2008-06-09 16:50 . 2008-06-09 16:50 <DIR> d-------- C:\Program Files\SHOUTcast Source 2008-06-09 16:50 . 2008-06-09 16:50 <DIR> d-------- C:\Program Files\DSP-worx 2008-06-09 16:49 . 2008-06-09 16:49 <DIR> d-------- C:\Program Files\OpenSource OGG Splitter 2008-06-09 16:49 . 2008-06-09 16:49 <DIR> d-------- C:\Program Files\CDXA Image Reader Filter (SVCDXCD) 2008-06-09 16:49 . 2008-06-09 16:49 49,604 --a------ C:\WINDOWS\system32\RadLightOFRUninstall.exe 2008-06-09 16:36 . 2008-06-09 16:36 <DIR> d-------- C:\Program Files\CD Audio Reader Filter 2008-06-09 16:35 . 2008-06-09 16:51 <DIR> d-------- C:\Program Files\ffdshow 2008-06-09 16:33 . 2008-06-09 16:33 <DIR> d-------- C:\Program Files\DirectVobSub 2008-06-09 16:33 . 2008-06-09 16:33 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2008-06-07 22:09 . 2008-06-07 22:10 <DIR> d-------- C:\Program Files\Panda Security 2008-06-07 13:04 . 2008-06-07 13:04 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Lavasoft 2008-06-07 13:02 . 2008-06-07 15:00 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-07 13:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-06-06 08:27 . 2008-06-06 08:27 <DIR> d-------- C:\WINDOWS\system32\com 2008-06-06 08:27 . 2008-06-16 19:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2008-06-06 08:23 . 2008-06-06 08:23 <DIR> d--hs---- C:\found.000 2008-06-06 07:58 . 2008-06-06 07:58 27,136 --a------ C:\WINDOWS\CYK36.tmp 2008-06-03 20:38 . 2008-06-03 20:47 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\ZoomBrowser EX 2008-06-03 19:48 . 2008-06-03 19:48 27,136 --a------ C:\WINDOWS\CYK3B.tmp 2008-06-01 17:23 . 2008-06-03 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Common Files\Canon 2008-05-31 12:18 . 2008-05-31 12:18 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-28 22:32 . 2008-05-28 22:32 27,136 --a------ C:\WINDOWS\CYK139.tmp 2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-05-25 17:18 . 2008-05-25 17:19 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\PE Explorer 2008-05-25 17:02 . 2008-05-25 17:02 66,336 --ah----- C:\BBACADEM 2008-05-22 19:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-05-22 19:54 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-05-22 17:24 . 2008-05-22 17:24 142 --a------ C:\WINDOWS\7thLevel.ini 2008-05-22 17:01 . 1995-01-30 01:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-19 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-19 05:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-19 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-19 00:31 --------- d-----w C:\Program Files\Winamp 2008-06-18 00:09 --------- d-----w C:\Program Files\iTunes 2008-06-18 00:09 --------- d-----w C:\Program Files\iPod 2008-06-18 00:07 --------- d-----w C:\Program Files\QuickTime 2008-06-18 00:07 --------- d-----w C:\Program Files\Bonjour 2008-06-17 01:53 --------- d-----w C:\Program Files\Incomplete 2008-06-16 21:15 --------- d-----w C:\Program Files\LimeWire 2008-06-14 21:32 --------- d-----w C:\Program Files\Windows Live 2008-06-14 21:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-10 05:13 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Azureus 2008-06-09 21:28 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter 2008-06-09 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-09 02:29 47,360 ----a-w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\pcouffin.sys 2008-06-09 02:29 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Vso 2008-06-09 02:27 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-06-09 02:21 --------- d-----w C:\Program Files\LucasArts 2008-06-09 02:04 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\SSH 2008-06-07 19:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-07 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-07 06:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-07 06:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-07 06:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-06-07 06:39 --------- d-----w C:\Program Files\Symantec 2008-06-01 23:26 --------- d-----w C:\Program Files\Canon 2008-05-16 02:16 27,136 ----a-w C:\WINDOWS\CYK51.tmp 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-30 22:52 --------- d-----w C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\LimeWire 2008-04-25 21:08 --------- d-----w C:\Program Files\Apple Software Update 2008-04-24 05:53 27,136 ----a-w C:\WINDOWS\CYK97F.tmp 2008-04-24 05:40 27,136 ----a-w C:\WINDOWS\CYK97D.tmp 2008-04-24 05:35 --------- d-----w C:\Program Files\DVDVideoSoft 2008-04-24 05:35 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-04-22 05:15 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\LimeWire 2008-04-09 13:17 27,136 ----a-w C:\WINDOWS\CYK3A.tmp 2008-04-05 02:12 27,136 ----a-w C:\WINDOWS\CYK3C.tmp 2008-04-01 04:34 27,136 ----a-w C:\WINDOWS\CYK39.tmp 2008-03-30 20:09 27,136 ----a-w C:\WINDOWS\CYK125.tmp 2005-01-09 22:46 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys . ------- Sigcheck ------- 2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe 2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe 2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll 2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll 2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll 2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll 2005-05-25 13:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-13 11:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-25 13:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe 2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys 2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys 2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2005-03-01 18:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 10:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 03:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2005-03-01 18:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 06:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 02:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 02:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 13:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe 2005-03-01 19:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 10:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 03:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2005-03-01 18:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 08:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 03:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 03:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\ntoskrnl.exe 2004-08-04 13:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe 2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe 2007-06-13 05:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe 2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe 2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe 2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe 2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-03-20 20:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cyrillic Keyboard"="C:\CYRSTART\CYRKBD32.EXE" [2004-01-30 06:01 124928] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SymLnch"="C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.AE066C3A9B^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Owner.AE066C3A9B\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2004-07-03 03:49 57344 C:\WINDOWS\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a------ 2004-07-06 02:05 2550272 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-14 11:01 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-03 16:29 165784 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] --a------ 2004-06-07 19:42 659456 C:\WINDOWS\system32\hphmon06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --ahs---- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2002-10-16 17:57 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-07-01 19:58 73728 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-08-07 15:03 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "MDM"=2 (0x2) "ISPwdSvc"=3 (0x3) "UleadBurningHelper"=2 (0x2) "Capture Device Service"=2 (0x2) "usnjsvc"=3 (0x3) "ose"=3 (0x3) "Adobe LM Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "LiveUpdate Notice"=2 (0x2) "LiveUpdate"=3 (0x3) "Automatic LiveUpdate Scheduler"=2 (0x2) "Bonjour Service"=2 (0x2) "Adobe Version Cue CS3"=3 (0x3) "WLSetupSvc"=3 (0x3) "comHost"=3 (0x3) "rpcapd"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S4 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-18 14:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-17 02:00:07 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 23:40:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-06-18 23:48:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-19 05:47:28 Pre-Run: 122,851,233,792 bytes free Post-Run: 122,821,980,160 bytes free 362 --- E O F --- 2008-06-15 09:03:12 |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-19-2008, 12:04 AM
|
#22 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-2331652603-1797162650-1282392798-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HP_Owner.AE066C3A9B HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-2331652603-1797162650-1282392798-1010 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Mom and Dad.AE066C3A9B HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-2331652603-1797162650-1282392798-1011 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Natalia.AE066C3A9B HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-2331652603-1797162650-1282392798-500 ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator.AE066C3A9B ======================= -c--a-w 4,452,352 2008-03-21 08:40:48 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP346\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-20 22:10:23 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP346\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-20 21:37:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP346\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP346\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-21 09:00:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP347\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-20 22:10:23 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP347\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-20 21:37:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP347\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP347\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-22 09:01:22 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP348\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-22 03:22:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP348\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-21 16:34:11 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP348\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP348\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 4,456,448 2008-03-23 08:00:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP349\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-23 04:17:18 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP349\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,534,848 2008-03-23 17:14:45 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP349\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP349\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-24 20:54:37 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP350\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-24 16:29:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP350\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,534,848 2008-03-24 20:54:37 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP350\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP350\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-26 04:20:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-25 00:10:38 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,551,232 2008-03-26 04:20:59 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-27 04:42:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP352\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-27 01:39:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP352\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-26 05:47:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP352\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP352\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-28 06:03:44 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP353\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,863,104 2008-03-28 06:03:44 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP353\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-27 15:24:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP353\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP353\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-29 08:31:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP354\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,863,104 2008-03-29 08:31:20 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP354\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-28 20:55:25 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP354\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP354\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-30 09:34:05 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP355\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,863,104 2008-03-30 09:34:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP355\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 3,670,016 2008-03-30 01:54:05 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP355\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP355\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-03-31 09:59:28 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP356\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-03-27 01:39:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP356\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-03-31 09:59:29 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP356\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP356\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-04-01 10:40:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP357\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-01 03:51:41 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP357\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-01 10:40:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP357\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP357\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,452,352 2008-04-02 11:04:24 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP358\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-02 03:05:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP358\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-02 11:04:25 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP358\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP358\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,468,736 2008-04-03 12:04:24 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP359\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-02 03:05:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP359\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-03 12:04:25 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP359\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP359\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 4,718,592 2008-04-04 06:25:10 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP360\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,863,104 2008-04-04 12:41:18 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP360\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-04 06:16:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP360\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP360\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 4,501,504 2008-04-04 23:39:10 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP361\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,863,104 2008-04-04 23:39:10 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP361\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-04 06:16:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP361\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP361\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-05 23:43:59 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP362\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-05 15:47:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP362\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-04 06:16:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP362\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP362\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-06 06:46:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP363\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-06 04:46:35 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP363\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-04 06:16:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP363\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP363\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-07 07:47:09 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP364\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-06 21:36:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP364\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-06 06:46:22 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP364\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP364\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-08 08:47:09 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP365\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-07 22:45:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP365\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-07 22:47:47 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP365\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP365\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-09 08:57:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP366\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-09 04:02:34 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP366\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-09 04:55:12 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP366\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP366\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-09 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP367\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-09 04:02:34 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP367\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-09 04:55:12 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP367\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP367\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-10 09:00:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP368\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-10 03:16:31 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP368\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-10 05:40:56 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP368\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP368\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-11 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP369\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-11 01:58:49 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP369\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-11 03:43:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP369\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP369\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-12 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP370\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-12 03:59:29 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP370\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-11 03:43:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP370\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP370\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-13 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP371\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-13 01:50:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP371\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-12 23:01:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP371\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP371\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 5,767,168 2008-04-13 19:15:21 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-14 04:47:41 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-14 09:00:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-15 05:56:46 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,891,776 2008-04-15 05:56:46 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-15 05:56:47 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-15 09:03:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,891,776 2008-04-15 09:03:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-15 09:03:05 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-16 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-16 04:29:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-16 09:00:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-17 09:01:23 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-17 04:09:46 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-17 09:01:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-18 09:00:51 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-18 04:05:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-18 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-19 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP378\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-19 04:08:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP378\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-19 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP378\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP378\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-20 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-20 04:18:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-20 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-21 09:00:51 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 2,883,584 2008-04-21 03:34:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-21 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-22 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-22 02:03:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-22 09:00:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-23 09:00:51 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-23 03:39:07 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-23 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-24 09:00:59 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-24 03:36:46 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-16 18:26:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-25 09:00:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-25 02:01:18 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-25 06:30:01 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-26 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP385\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-26 05:36:27 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP385\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-04-26 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP385\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP385\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-27 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-27 05:02:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-27 00:35:24 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-28 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-28 02:42:40 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-28 08:07:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-29 09:00:56 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-29 03:13:45 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-28 21:35:18 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-04-30 09:00:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-29 03:13:45 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-04-30 07:30:02 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-01 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-30 19:11:29 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-01 07:38:23 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-02 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-30 19:11:29 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-02 06:39:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-03 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-30 19:11:29 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-03 06:04:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-04 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-04-30 19:11:29 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-04 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-05 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP394\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-05 00:27:21 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP394\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-05 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP394\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP394\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-06 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP395\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-05 00:27:21 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP395\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-06 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP395\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP395\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-07 09:00:51 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP396\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-07 03:35:27 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP396\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-07 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP396\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP396\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-08 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP397\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c--a-w 2,899,968 2008-05-08 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP397\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-08 05:13:24 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP397\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP397\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-09 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP398\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-09 03:30:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP398\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-09 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP398\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP398\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-10 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP399\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-10 04:27:51 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP399\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-10 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP399\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP399\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-11 09:00:50 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-10 22:46:44 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-11 09:00:51 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-12 09:00:56 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-12 02:04:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-12 09:00:56 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-13 06:10:28 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP402\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-13 01:10:11 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP402\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-13 06:10:28 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP402\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP402\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 5,767,168 2008-05-14 05:57:05 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-14 03:07:22 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-14 00:50:21 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 5,767,168 2008-05-15 05:33:38 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-15 02:26:35 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-15 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-16 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-16 05:04:24 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-15 15:20:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-17 09:38:03 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-17 04:30:20 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-15 15:20:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-18 09:04:40 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-17 04:30:20 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-15 15:20:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-19 09:00:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-19 02:48:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-19 05:38:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-20 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-20 03:00:16 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-20 09:00:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-21 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-21 03:24:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-05-21 09:00:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-22 09:17:34 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-22 03:46:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-21 21:13:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-23 01:51:45 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-22 03:46:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-22 22:05:40 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-24 02:03:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-23 04:14:11 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-23 16:05:40 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-25 02:38:17 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-24 06:01:20 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-24 23:38:42 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-26 04:30:41 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-26 02:39:01 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-25 19:30:02 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-27 05:04:18 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-27 03:21:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-26 22:08:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-28 05:34:11 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-28 04:43:38 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-27 17:14:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-29 05:51:17 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-29 01:07:50 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-28 21:05:45 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-05-30 05:58:48 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-30 02:03:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-30 03:42:27 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,689,344 2008-05-31 21:19:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-05-31 18:24:46 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-05-31 20:56:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,689,344 2008-06-01 21:39:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-01 18:44:40 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-06-01 21:19:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,689,344 2008-06-02 22:31:56 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-02 03:14:42 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-06-02 22:31:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,689,344 2008-06-05 02:17:30 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-04 04:02:37 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-06-02 23:26:39 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-06-06 00:26:57 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-04 04:02:37 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-06-06 00:27:00 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 5,554,176 2008-06-06 00:31:23 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-04 04:02:37 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 3,952,640 2008-06-06 00:31:24 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 49,152 2008-06-06 20:13:33 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-04 04:02:37 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-06-06 19:05:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 53,248 2008-06-07 19:03:54 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-07 14:24:22 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,194,304 2008-06-07 17:44:27 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-08 03:48:34 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-08 03:44:35 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 02:03:32 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP432\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP432\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-08 20:09:03 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP432\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP432\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 02:18:01 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP433\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP433\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-08 20:09:03 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP433\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP433\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 02:25:53 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-08 20:09:03 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 02:41:25 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP435\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP435\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-08 20:09:03 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP435\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP435\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 05:00:47 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP437\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP437\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-08 20:09:03 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP437\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP437\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 21:29:09 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP438\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP438\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-09 05:41:31 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP438\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP438\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-09 21:49:48 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP439\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP439\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-09 05:41:31 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP439\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP439\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-10 04:22:13 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP440\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-08 03:42:04 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP440\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-09 05:41:31 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP440\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP440\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-11 09:00:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP442\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-11 03:20:21 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP442\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-11 01:36:36 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP442\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP442\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 262,144 2008-06-11 20:12:02 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP443\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-11 20:09:07 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP443\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-11 19:39:27 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP443\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP443\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-12 09:00:28 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP444\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-12 03:38:13 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP444\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-11 19:39:27 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP444\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP444\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-13 02:47:41 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP445\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-12 03:38:13 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP445\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP445\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP445\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 57,344 2008-06-13 02:52:43 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP446\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-12 03:38:13 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP446\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP446\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP446\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 61,440 2008-06-13 09:00:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP447\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-12 03:38:13 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP447\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP447\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP447\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 61,440 2008-06-13 20:28:22 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP448\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-12 03:38:13 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP448\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP448\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP448\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 61,440 2008-06-13 21:08:26 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP449\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-13 21:05:17 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP449\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP449\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP449\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 61,440 2008-06-14 09:00:48 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP450\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-14 03:58:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP450\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP450\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP450\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 61,440 2008-06-14 16:50:31 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-14 03:58:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-12 19:59:14 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 262,144 2008-06-15 01  02 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP452\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009-c-ha-w 3,145,728 2008-06-14 03:58:55 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP452\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-15 00:44:52 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP452\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP452\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 262,144 2008-06-16 03:58:32 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-16 03:45:07 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c--a-w 4,354,048 2008-06-16 17:09:18 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 69,632 2008-06-17 22:20:06 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP454\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-17 21:37:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP454\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-17 05:07:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP454\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP454\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 69,632 2008-06-17 23:34:36 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP456\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-17 21:37:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP456\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-17 05:07:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP456\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP456\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c--a-w 69,632 2008-06-18 00:08:11 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP457\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-17 21:37:19 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP457\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-17 05:07:08 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP457\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP457\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 -c-ha-w 262,144 2008-06-19 01:48:38 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP458\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 -c-ha-w 3,145,728 2008-06-18 22:28:47 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP458\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1010 -c-ha-w 4,456,448 2008-06-18 21:52:59 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP458\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1011 -c-ha-w 1,048,576 2007-09-09 18:41:58 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP458\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-500 Entries: 428 (141) Directories: 0 Files: 428 Bytes: 1,312,821,248 Blocks: 2,564,104 |
|
|
|
|
06-19-2008, 10:08 AM
|
#23 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,256
OS: XP SP3
|
Re: Possible Malware Issue
Hello kiranaus.
Please go to: VirusTotal
Open Notepad and copy/paste the following text in the codebox below, into Notepad: Code:
@echo off for %%g in ( "C:\WINDOWS\CYK51.tmp" "C:\WINDOWS\CYK125.tmp" ) do zip Files_for_submission %%g del %0 It should look like this:  Double-click on submit.bat to run it. This batchfile will create a Files_for_submission.zip file in the same location where the batchfile was saved. Please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 and include this link in the message->>http://www.techsupportforum.com/security-center/hijackthis-log-help/257721-possible-malware-issue.html ------------------------------------------------------ Try fixing those entries in HijackThis just as before: Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone Please remember to close all other windows, including browsers then click Fix checked. Click Scan and then Save log and post the HijackThis log in your next reply. ------------------------------------------------------ Please post the following in your next reply: VirusTotal results new HijackThis log |
|
|
|
|
06-19-2008, 10:46 PM
|
#24 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
The HiJackThis entries did not exist. If you don't mind me asking, what's the point of the top part of the VirusTotal log where various programs are listed? Oh...is there anyway I can reset my clock/fix date format?
Antivirus Version Last Update Result AhnLab-V3 2008.6.19.0 2008.06.19 - AntiVir 7.8.0.55 2008.06.19 - Authentium 5.1.0.4 2008.06.20 - Avast 4.8.1195.0 2008.06.19 - AVG 7.5.0.516 2008.06.19 - BitDefender 7.2 2008.06.20 - CAT-QuickHeal 9.50 2008.06.19 - ClamAV 0.93.1 2008.06.20 - DrWeb 4.44.0.09170 2008.06.19 - eSafe 7.0.15.0 2008.06.19 - eTrust-Vet 31.6.5889 2008.06.19 - Ewido 4.0 2008.06.19 - F-Prot 4.4.4.56 2008.06.19 - F-Secure 6.70.13260.0 2008.06.19 - Fortinet 3.14.0.0 2008.06.20 - GData 2.0.7306.1023 2008.06.19 - Ikarus T3.1.1.26.0 2008.06.20 - Kaspersky 7.0.0.125 2008.06.20 - McAfee 5321 2008.06.19 - Microsoft 1.3604 2008.06.20 - NOD32v2 3201 2008.06.19 - Norman 5.80.02 2008.06.19 - Panda 9.0.0.4 2008.06.19 - Prevx1 V2 2008.06.20 - Rising 20.49.40.00 2008.06.20 - Sophos 4.30.0 2008.06.20 - Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.20 - TheHacker 6.2.92.355 2008.06.19 - TrendMicro 8.700.0.1004 2008.06.19 - VBA32 3.12.6.7 2008.06.19 - VirusBuster 4.3.26:9 2008.06.12 - Webwasher-Gateway 6.6.2 2008.06.20 - Additional information File size: 27136 bytes MD5...: 84de8bfbdaf0aeb530ece4af550a9263 SHA1..: 2c57748e7674c6917c458610e7a117cc69be5a7a SHA256: e7ad9aea57f409cde68f098faf5df07554d10b5fba0b75848411c0f77c787fb4 SHA512: aaa167071c976b4d424c15d3dd7d062d5d6bdcaf2f7d5d4d2f414914d275e93b eda753d016901c62e93321fba19daa9c09dc832542452c1cc0e857b334a23bf4 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x737814c0 timedatestamp.....: 0x4019885b (Thu Jan 29 22:25:31 2004) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x311b 0x3200 6.45 5d15e5d33e0fde31bde53e7ae0ed803b .rdata 0x5000 0xf2 0x200 2.74 643d049b8ec3abea93addaf5c1bbd4d3 .data 0x6000 0x3108 0x2000 3.99 78fa6816ec00ed57923b1f61311bfb25 .idata 0xa000 0x4ec 0x600 4.38 c09b7f281311db77e354940787375fbd .rsrc 0xb000 0x3bc 0x400 3.24 93182a3bc57f46d50061876f217eb955 .reloc 0xc000 0x70c 0x800 4.43 e8101cd947d299518fda6830f9d4c000 ( 2 imports ) > KERNEL32.dll: lstrlenA, lstrcpyA, FreeEnvironmentStringsA, GetLocalTime, GetCommandLineA, GetProcAddress, GetModuleHandleA, GetVersion, ExitProcess, HeapCreate, HeapDestroy, SetHandleCount, GetFileType, GetStdHandle, GetStartupInfoA, GetModuleFileNameA, GetCPInfo, GetACP, GetOEMCP, GetPrivateProfileStringA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, DisableThreadLibraryCalls, WriteFile, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, HeapAlloc, HeapFree, LoadLibraryA, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetLastError, HeapReAlloc, FlushFileBuffers, SetStdHandle, SetFilePointer, CloseHandle > ADVAPI32.dll: RegOpenKeyA, RegQueryValueA, RegCloseKey ( 1 exports ) KbdLayerDescriptor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42, on 2008-06-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\CYRSTART\CYRKBD32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched" O4 - HKCU\..\Run: [Cyrillic Keyboard] C:\CYRSTART\CYRKBD32.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.lrc.m.../ebraryRdr.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 7078 bytes |
|
|
|
|
06-20-2008, 11:28 AM
|
#25 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,256
OS: XP SP3
|
Re: Possible Malware Issue
Hello kiranaus.
Those programs scanned a file to see if it was malware. We can fix your clock later. Please download the following file and Save it to your Desktop: http://download.bleepingcomputer.com/sUBs/+/RootCat.exe Double-click the file to run it. It shall produce a log. Please post the log in your next reply. |
|
|
|
|
06-20-2008, 04:23 PM
|
#27 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Please delete your existing copy of RootCat. Then download a new one:
http://download.bleepingcomputer.com/sUBs/+/RootCat.exe
__________________
Question - what have you done for the community today? |
|
|
|
|
06-20-2008, 04:37 PM
|
#28 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Hang on. Something seems buggy with my compiler. I'll upload a fresh copy once I fixed that
__________________
Question - what have you done for the community today? |
|
|
|
|
06-20-2008, 04:51 PM
|
#29 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Okay. It's fixed. Try it now
__________________
Question - what have you done for the community today? |
|
|
|
|
06-20-2008, 07:25 PM
|
#30 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
Thanks.
C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\pcouffin.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\A0076509.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20070823.002\IDSVia64.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\A0059732.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20070823.002\IDSVix86.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\A0059735.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080314.001\IDSVia64.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP352\A0059758.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080314.001\IDSVix86.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP352\A0059761.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080325.003\IDSVia64.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0075235.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080325.003\IDSVix86.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0075238.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080326.002\IDSVia64.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP458\A0083105.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080326.002\IDSVix86.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP458\A0083108.cat C:\Program Files\Symantec\SYMEVENT.CAT {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0075229.CAT C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IDNMitigationAPIs.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\A0080449.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082156.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\A0080450.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082157.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB932823-v3.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082158.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB938127-IE7.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082159.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950759-IE7.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082160.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950760.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082161.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950762.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082162.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951376.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082163.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951698.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082164.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NLSDownlevelMapping.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP451\A0080451.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP453\A0082165.cat C:\WINDOWS\system32\drivers\COH_Mon.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP351\A0059722.cat C:\WINDOWS\system32\Drivers\SYMEVENT.CAT {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0075228.CAT C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d.cat {E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\A0075981.cat ================== C:\ATI\SUPPORT\6-12_xp_dd_38463\2KXP_INF\CX_38463.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\pcouffin.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NAV\External\System32\COH32\coh_mon.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NAV\External\System32\COH64\coh_mon.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NAV\External\VirusD64\SYMAVENG.CAT C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NAV\External\VirusD64\SYMERA64.CAT C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NAV\External\VirusDef\SYMAVENG.CAT C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NAV\External\VirusDef\SYMERASE.CAT C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\NCO\NCO\drivers\co_mon.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup\Setup\App\IDSDefs\IDSVia64.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup\Setup\App\IDSDefs\IDSVix86.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Suport64\SPBBC\SPBBC64\SYMSHARE\SPBBC\SPBBCD64.CAT C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Suport64\SRTSP\SRTSPx64\System32\Drivers\srtsp64.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Suport64\SRTSP\SRTSPx64\System32\Drivers\srtspl64.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Suport64\SRTSP\SRTSPx64\System32\Drivers\srtspx64.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Suport64\SymNet\SND_x64\Drivers\symim.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Suport64\SymNet\SND_x64\Drivers\SymRedir.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\SPBBCDrv.CAT C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SRTSP\SRTSP\System32\Drivers\srtsp.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SRTSP\SRTSP\System32\Drivers\srtspl.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SRTSP\SRTSP\System32\Drivers\srtspx.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymNet\SymNet\Drivers\symIM.cat C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymNet\SymNet\Drivers\SymRedir.cat C:\found.000\dir0000.chk\1.CAT C:\found.000\dir0000.chk\2.CAT C:\found.000\dir0000.chk\3.CAT C:\found.000\dir0000.chk\4.CAT C:\found.000\dir0000.chk\5.CAT C:\found.000\dir0000.chk\6.CAT C:\found.000\dir0000.chk\7.CAT C:\found.000\dir0000.chk\8.CAT C:\found.000\dir0000.chk\codecs10.CAT C:\found.000\dir0000.chk\d3dx9_32_x86.CAT C:\found.000\dir0000.chk\DRM10.CAT C:\found.000\dir0000.chk\FP4.CAT C:\found.000\dir0000.chk\h1c10210.CAT C:\found.000\dir0000.chk\HPCRDP.CAT C:\found.000\dir0000.chk\IASNT4.CAT C:\found.000\dir0000.chk\IMS.CAT C:\found.000\dir0000.chk\KB835221WXP.cat C:\found.000\dir0000.chk\KB873339.cat C:\found.000\dir0000.chk\KB883667.cat C:\found.000\dir0000.chk\KB885835.cat C:\found.000\dir0000.chk\KB885836.cat C:\found.000\dir0000.chk\KB886185.cat C:\found.000\dir0000.chk\KB887472.cat C:\found.000\dir0000.chk\KB888302.cat C:\found.000\dir0000.chk\KB890046.cat C:\found.000\dir0000.chk\KB890859.cat C:\found.000\dir0000.chk\KB891781.cat C:\found.000\dir0000.chk\KB893756.cat C:\found.000\dir0000.chk\KB893803v2_wxp.cat C:\found.000\dir0000.chk\KB894391.cat C:\found.000\dir0000.chk\KB896358.cat C:\found.000\dir0000.chk\KB896423.cat C:\found.000\dir0000.chk\KB896428.cat C:\found.000\dir0000.chk\KB898461.cat C:\found.000\dir0000.chk\KB899587.cat C:\found.000\dir0000.chk\KB899591.cat C:\found.000\dir0000.chk\KB900725.cat C:\found.000\dir0000.chk\KB901017.cat C:\found.000\dir0000.chk\KB901214.cat C:\found.000\dir0000.chk\KB902400.cat C:\found.000\dir0000.chk\KB904706.cat C:\found.000\dir0000.chk\KB905414.cat C:\found.000\dir0000.chk\KB905749.cat C:\found.000\dir0000.chk\KB908519.cat C:\found.000\dir0000.chk\KB908531.cat C:\found.000\dir0000.chk\KB910437.cat C:\found.000\dir0000.chk\KB911280.cat C:\found.000\dir0000.chk\KB911562.cat C:\found.000\dir0000.chk\KB911564.cat C:\found.000\dir0000.chk\KB911927.cat C:\found.000\dir0000.chk\KB913580.cat C:\found.000\dir0000.chk\KB914388.cat C:\found.000\dir0000.chk\KB914389.cat C:\found.000\dir0000.chk\KB916595.cat C:\found.000\dir0000.chk\KB917344.cat C:\found.000\dir0000.chk\KB917734.cat C:\found.000\dir0000.chk\KB917953.cat C:\found.000\dir0000.chk\KB918118.cat C:\found.000\dir0000.chk\KB918439.cat C:\found.000\dir0000.chk\KB919007.cat C:\found.000\dir0000.chk\KB920213.cat C:\found.000\dir0000.chk\KB920670.cat C:\found.000\dir0000.chk\KB920683.cat C:\found.000\dir0000.chk\KB920685.cat C:\found.000\dir0000.chk\KB921503.cat C:\found.000\dir0000.chk\KB922582.cat C:\found.000\dir0000.chk\KB922819.cat C:\found.000\dir0000.chk\KB923191.cat C:\found.000\dir0000.chk\KB923414.cat C:\found.000\dir0000.chk\KB923689.cat C:\found.000\dir0000.chk\KB923723.cat C:\found.000\dir0000.chk\KB923980.cat C:\found.000\dir0000.chk\KB924191.cat C:\found.000\dir0000.chk\KB924270.cat C:\found.000\dir0000.chk\KB924496.cat C:\found.000\dir0000.chk\KB924667.cat C:\found.000\dir0000.chk\KB925398.cat C:\found.000\dir0000.chk\KB925902.cat C:\found.000\dir0000.chk\KB926255.cat C:\found.000\dir0000.chk\KB926436.cat C:\found.000\dir0000.chk\KB927779.cat C:\found.000\dir0000.chk\KB927802.cat C:\found.000\dir0000.chk\KB927891.cat C:\found.000\dir0000.chk\KB928255.cat C:\found.000\dir0000.chk\KB928843.cat C:\found.000\dir0000.chk\KB929123.cat C:\found.000\dir0000.chk\KB929969.cat C:\found.000\dir0000.chk\KB930178.cat C:\found.000\dir0000.chk\KB930916.cat C:\found.000\dir0000.chk\KB931261.cat C:\found.000\dir0000.chk\KB931836.cat C:\found.000\dir0000.chk\KB932168.cat C:\found.000\dir0000.chk\KB933360.cat C:\found.000\dir0000.chk\KB933566.cat C:\found.000\dir0000.chk\KB933729.cat C:\found.000\dir0000.chk\KB935448.cat C:\found.000\dir0000.chk\KB935839.cat C:\found.000\dir0000.chk\KB935840.cat C:\found.000\dir0000.chk\KB936021.cat C:\found.000\dir0000.chk\KB936357.cat C:\found.000\dir0000.chk\KB936782.cat C:\found.000\dir0000.chk\KB937143.cat C:\found.000\dir0000.chk\KB938127.cat C:\found.000\dir0000.chk\KB938828.cat C:\found.000\dir0000.chk\KB938829.cat C:\found.000\dir0000.chk\KB939653.cat C:\found.000\dir0000.chk\KB941202.cat C:\found.000\dir0000.chk\KB941568.cat C:\found.000\dir0000.chk\KB941569.cat C:\found.000\dir0000.chk\KB941644.cat C:\found.000\dir0000.chk\KB941693.cat C:\found.000\dir0000.chk\KB942615.cat C:\found.000\dir0000.chk\KB942763.cat C:\found.000\dir0000.chk\KB942840.cat C:\found.000\dir0000.chk\KB943055.cat C:\found.000\dir0000.chk\KB943460.cat C:\found.000\dir0000.chk\KB943485.cat C:\found.000\dir0000.chk\KB944338.cat C:\found.000\dir0000.chk\KB944533.cat C:\found.000\dir0000.chk\KB944653.cat C:\found.000\dir0000.chk\KB945553.cat C:\found.000\dir0000.chk\KB946026.cat C:\found.000\dir0000.chk\KB946627.cat C:\found.000\dir0000.chk\KB947864.cat C:\found.000\dir0000.chk\KB948590.cat C:\found.000\dir0000.chk\KB948881.cat C:\found.000\dir0000.chk\KB950749.cat C:\found.000\dir0000.chk\MAPIMIG.CAT C:\found.000\dir0000.chk\MPPRE10.CAT C:\found.000\dir0000.chk\MSMSGS.CAT C:\found.000\dir0000.chk\msn7.cat C:\found.000\dir0000.chk\msn9.cat C:\found.000\dir0000.chk\MSTSWEB.CAT C:\found.000\dir0000.chk\MW770.CAT C:\found.000\dir0000.chk\NT5.CAT C:\found.000\dir0000.chk\NT5IIS.CAT C:\found.000\dir0000.chk\NT5INF.CAT C:\found.000\dir0000.chk\NTPRINT.CAT C:\found.000\dir0000.chk\oem0.CAT C:\found.000\dir0000.chk\oem1.CAT C:\found.000\dir0000.chk\oem10.CAT C:\found.000\dir0000.chk\oem100.CAT C:\found.000\dir0000.chk\oem101.CAT C:\found.000\dir0000.chk\oem102.CAT C:\found.000\dir0000.chk\oem103.CAT C:\found.000\dir0000.chk\oem104.CAT C:\found.000\dir0000.chk\oem105.CAT C:\found.000\dir0000.chk\oem106.CAT C:\found.000\dir0000.chk\oem107.CAT C:\found.000\dir0000.chk\oem108.CAT C:\found.000\dir0000.chk\oem109.CAT C:\found.000\dir0000.chk\oem11.CAT C:\found.000\dir0000.chk\oem110.CAT C:\found.000\dir0000.chk\oem111.CAT C:\found.000\dir0000.chk\oem112.CAT C:\found.000\dir0000.chk\oem113.CAT C:\found.000\dir0000.chk\oem114.CAT C:\found.000\dir0000.chk\oem115.CAT C:\found.000\dir0000.chk\oem116.CAT C:\found.000\dir0000.chk\oem117.CAT C:\found.000\dir0000.chk\oem118.CAT C:\found.000\dir0000.chk\oem119.CAT C:\found.000\dir0000.chk\oem12.CAT C:\found.000\dir0000.chk\oem120.CAT C:\found.000\dir0000.chk\oem121.CAT C:\found.000\dir0000.chk\oem122.CAT C:\found.000\dir0000.chk\oem123.CAT C:\found.000\dir0000.chk\oem124.CAT C:\found.000\dir0000.chk\oem125.CAT C:\found.000\dir0000.chk\oem126.CAT C:\found.000\dir0000.chk\oem127.CAT C:\found.000\dir0000.chk\oem128.CAT C:\found.000\dir0000.chk\oem129.CAT C:\found.000\dir0000.chk\oem13.CAT C:\found.000\dir0000.chk\oem130.CAT C:\found.000\dir0000.chk\oem131.CAT C:\found.000\dir0000.chk\oem132.CAT C:\found.000\dir0000.chk\oem133.CAT C:\found.000\dir0000.chk\oem134.CAT C:\found.000\dir0000.chk\oem135.CAT C:\found.000\dir0000.chk\oem136.CAT C:\found.000\dir0000.chk\oem137.CAT C:\found.000\dir0000.chk\oem138.CAT C:\found.000\dir0000.chk\oem139.CAT C:\found.000\dir0000.chk\oem14.CAT C:\found.000\dir0000.chk\oem140.CAT C:\found.000\dir0000.chk\oem141.CAT C:\found.000\dir0000.chk\oem142.CAT C:\found.000\dir0000.chk\oem143.CAT C:\found.000\dir0000.chk\oem144.CAT C:\found.000\dir0000.chk\oem145.CAT C:\found.000\dir0000.chk\oem146.CAT C:\found.000\dir0000.chk\oem147.CAT C:\found.000\dir0000.chk\oem148.CAT C:\found.000\dir0000.chk\oem149.CAT C:\found.000\dir0000.chk\oem15.CAT C:\found.000\dir0000.chk\oem150.CAT C:\found.000\dir0000.chk\oem151.CAT C:\found.000\dir0000.chk\oem152.CAT C:\found.000\dir0000.chk\oem153.CAT C:\found.000\dir0000.chk\oem154.CAT C:\found.000\dir0000.chk\oem155.CAT C:\found.000\dir0000.chk\oem156.CAT C:\found.000\dir0000.chk\oem157.CAT C:\found.000\dir0000.chk\oem158.CAT C:\found.000\dir0000.chk\oem159.CAT C:\found.000\dir0000.chk\oem16.CAT C:\found.000\dir0000.chk\oem160.CAT C:\found.000\dir0000.chk\oem161.CAT C:\found.000\dir0000.chk\oem162.CAT C:\found.000\dir0000.chk\oem163.CAT C:\found.000\dir0000.chk\oem164.CAT C:\found.000\dir0000.chk\oem165.CAT C:\found.000\dir0000.chk\oem166.CAT C:\found.000\dir0000.chk\oem167.CAT C:\found.000\dir0000.chk\oem168.CAT C:\found.000\dir0000.chk\oem169.CAT C:\found.000\dir0000.chk\oem17.CAT C:\found.000\dir0000.chk\oem170.CAT C:\found.000\dir0000.chk\oem171.CAT C:\found.000\dir0000.chk\oem172.CAT C:\found.000\dir0000.chk\oem173.CAT C:\found.000\dir0000.chk\oem174.CAT C:\found.000\dir0000.chk\oem175.CAT C:\found.000\dir0000.chk\oem176.CAT C:\found.000\dir0000.chk\oem177.CAT C:\found.000\dir0000.chk\oem178.CAT C:\found.000\dir0000.chk\oem179.CAT C:\found.000\dir0000.chk\oem18.CAT C:\found.000\dir0000.chk\oem180.CAT C:\found.000\dir0000.chk\oem181.CAT C:\found.000\dir0000.chk\oem182.CAT C:\found.000\dir0000.chk\oem183.CAT C:\found.000\dir0000.chk\oem184.CAT C:\found.000\dir0000.chk\oem185.CAT C:\found.000\dir0000.chk\oem186.CAT C:\found.000\dir0000.chk\oem187.CAT C:\found.000\dir0000.chk\oem188.CAT C:\found.000\dir0000.chk\oem189.CAT C:\found.000\dir0000.chk\oem19.CAT C:\found.000\dir0000.chk\oem190.CAT C:\found.000\dir0000.chk\oem191.CAT C:\found.000\dir0000.chk\oem192.CAT C:\found.000\dir0000.chk\oem193.CAT C:\found.000\dir0000.chk\oem194.CAT C:\found.000\dir0000.chk\oem195.CAT C:\found.000\dir0000.chk\oem196.CAT C:\found.000\dir0000.chk\oem197.CAT C:\found.000\dir0000.chk\oem198.CAT C:\found.000\dir0000.chk\oem199.CAT C:\found.000\dir0000.chk\oem2.CAT C:\found.000\dir0000.chk\oem20.CAT C:\found.000\dir0000.chk\oem200.CAT C:\found.000\dir0000.chk\oem201.CAT C:\found.000\dir0000.chk\oem202.CAT C:\found.000\dir0000.chk\oem203.CAT C:\found.000\dir0000.chk\oem204.CAT C:\found.000\dir0000.chk\oem205.CAT C:\found.000\dir0000.chk\oem206.CAT C:\found.000\dir0000.chk\oem207.CAT C:\found.000\dir0000.chk\oem208.CAT C:\found.000\dir0000.chk\oem209.CAT C:\found.000\dir0000.chk\oem21.CAT C:\found.000\dir0000.chk\oem210.CAT C:\found.000\dir0000.chk\oem211.CAT C:\found.000\dir0000.chk\oem212.CAT C:\found.000\dir0000.chk\oem213.CAT C:\found.000\dir0000.chk\oem214.CAT C:\found.000\dir0000.chk\oem215.CAT C:\found.000\dir0000.chk\oem216.CAT C:\found.000\dir0000.chk\oem217.CAT C:\found.000\dir0000.chk\oem219.CAT C:\found.000\dir0000.chk\oem22.CAT C:\found.000\dir0000.chk\oem220.CAT C:\found.000\dir0000.chk\oem221.CAT C:\found.000\dir0000.chk\oem222.CAT C:\found.000\dir0000.chk\oem223.CAT C:\found.000\dir0000.chk\oem224.CAT C:\found.000\dir0000.chk\oem225.CAT C:\found.000\dir0000.chk\oem226.CAT C:\found.000\dir0000.chk\oem23.CAT C:\found.000\dir0000.chk\oem24.CAT C:\found.000\dir0000.chk\oem25.CAT C:\found.000\dir0000.chk\oem26.CAT C:\found.000\dir0000.chk\oem27.CAT C:\found.000\dir0000.chk\oem28.CAT C:\found.000\dir0000.chk\oem29.CAT C:\found.000\dir0000.chk\oem3.CAT C:\found.000\dir0000.chk\oem30.CAT C:\found.000\dir0000.chk\oem31.CAT C:\found.000\dir0000.chk\oem32.CAT C:\found.000\dir0000.chk\oem33.CAT C:\found.000\dir0000.chk\oem34.CAT C:\found.000\dir0000.chk\oem35.CAT C:\found.000\dir0000.chk\oem36.CAT C:\found.000\dir0000.chk\oem37.CAT C:\found.000\dir0000.chk\oem38.CAT C:\found.000\dir0000.chk\oem39.CAT C:\found.000\dir0000.chk\oem4.CAT C:\found.000\dir0000.chk\oem40.CAT C:\found.000\dir0000.chk\oem41.CAT C:\found.000\dir0000.chk\oem42.CAT C:\found.000\dir0000.chk\oem43.CAT C:\found.000\dir0000.chk\oem44.CAT C:\found.000\dir0000.chk\oem45.CAT C:\found.000\dir0000.chk\oem46.CAT C:\found.000\dir0000.chk\oem47.CAT C:\found.000\dir0000.chk\oem48.CAT C:\found.000\dir0000.chk\oem49.CAT C:\found.000\dir0000.chk\oem5.CAT C:\found.000\dir0000.chk\oem50.CAT C:\found.000\dir0000.chk\oem51.CAT C:\found.000\dir0000.chk\oem52.CAT C:\found.000\dir0000.chk\oem53.CAT C:\found.000\dir0000.chk\oem6.CAT C:\found.000\dir0000.chk\oem61.CAT C:\found.000\dir0000.chk\oem62.CAT C:\found.000\dir0000.chk\oem63.CAT C:\found.000\dir0000.chk\oem64.CAT C:\found.000\dir0000.chk\oem65.CAT C:\found.000\dir0000.chk\oem66.CAT C:\found.000\dir0000.chk\oem67.CAT C:\found.000\dir0000.chk\oem69.CAT C:\found.000\dir0000.chk\oem7.CAT C:\found.000\dir0000.chk\oem70.CAT C:\found.000\dir0000.chk\oem71.CAT C:\found.000\dir0000.chk\oem72.CAT C:\found.000\dir0000.chk\oem73.CAT C:\found.000\dir0000.chk\oem74.CAT C:\found.000\dir0000.chk\oem76.CAT C:\found.000\dir0000.chk\oem77.CAT C:\found.000\dir0000.chk\oem78.CAT C:\found.000\dir0000.chk\oem79.CAT C:\found.000\dir0000.chk\oem8.CAT C:\found.000\dir0000.chk\oem80.CAT C:\found.000\dir0000.chk\oem81.CAT C:\found.000\dir0000.chk\oem82.CAT C:\found.000\dir0000.chk\oem83.CAT C:\found.000\dir0000.chk\oem84.CAT C:\found.000\dir0000.chk\oem85.CAT C:\found.000\dir0000.chk\oem86.CAT C:\found.000\dir0000.chk\oem87.CAT C:\found.000\dir0000.chk\oem88.CAT C:\found.000\dir0000.chk\oem89.CAT C:\found.000\dir0000.chk\oem9.CAT C:\found.000\dir0000.chk\oem90.CAT C:\found.000\dir0000.chk\oem91.CAT C:\found.000\dir0000.chk\oem92.CAT C:\found.000\dir0000.chk\oem93.CAT C:\found.000\dir0000.chk\oem94.CAT C:\found.000\dir0000.chk\oem95.CAT C:\found.000\dir0000.chk\oem96.CAT C:\found.000\dir0000.chk\oem97.CAT C:\found.000\dir0000.chk\oem98.CAT C:\found.000\dir0000.chk\oem99.CAT C:\found.000\dir0000.chk\OEMBIOS.CAT C:\found.000\dir0000.chk\SP2.CAT C:\found.000\dir0000.chk\startoc.cat C:\found.000\dir0000.chk\WgaNotify.cat C:\found.000\dir0000.chk\WIC.cat C:\found.000\dir0000.chk\WMDM10.CAT C:\found.000\dir0000.chk\wmerrenu.cat C:\found.000\dir0000.chk\WMFSDK10.CAT C:\found.000\dir0000.chk\WPD10.CAT C:\hp\drivers\audio_HD_realtek\RtkAzAud.cat C:\hp\drivers\keyboard\H1C10210.CAT C:\hp\drivers\lan_Realtek\Netrtsxp.cat C:\hp\drivers\modem_Agere_Sequoia\AGRSMxp.cat C:\hp\drivers\monitor\5017.cat C:\hp\drivers\monitor\5500.cat C:\hp\drivers\monitor\7020.cat C:\hp\drivers\monitor\7500.cat C:\hp\drivers\monitor\7550.cat C:\hp\drivers\monitor\9500.cat C:\hp\drivers\monitor\cpq1501.cat C:\hp\drivers\monitor\CPQ7600.cat C:\hp\drivers\monitor\cpq_fp15.cat C:\hp\drivers\monitor\cpq_fp17.cat C:\hp\drivers\monitor\f1503.cat C:\hp\drivers\monitor\f1703.cat C:\hp\drivers\monitor\f50.cat C:\hp\drivers\monitor\f50s.cat C:\hp\drivers\monitor\f70.cat C:\hp\drivers\monitor\fp5315.cat C:\hp\drivers\monitor\fp7317.cat C:\hp\drivers\monitor\FP9419.cat C:\hp\drivers\monitor\FS7555.cat C:\hp\drivers\monitor\hp1825.cat C:\hp\drivers\monitor\hpp4796.cat C:\hp\drivers\monitor\hpp4803.cat C:\hp\drivers\monitor\hpv90.cat C:\hp\drivers\monitor\hp_5500.cat C:\hp\drivers\monitor\hp_7500.cat C:\hp\drivers\monitor\hp_7550.cat C:\hp\drivers\monitor\hp_9500.cat C:\hp\drivers\monitor\hp_f1523.cat C:\hp\drivers\monitor\hp_f1723.cat C:\hp\drivers\monitor\hp_f1903.cat C:\hp\drivers\monitor\hp_f1904.cat C:\hp\drivers\monitor\hp_f2304.cat C:\hp\drivers\monitor\hp_L1530.cat C:\hp\drivers\monitor\hp_L1702.cat C:\hp\drivers\monitor\hp_L1730.cat C:\hp\drivers\monitor\hp_L1902.cat C:\hp\drivers\monitor\hp_L1925.cat C:\hp\drivers\monitor\hp_L2035.cat C:\hp\drivers\monitor\hp_L2335.cat C:\hp\drivers\monitor\hp_m703.cat C:\hp\drivers\monitor\hp_mx703.cat C:\hp\drivers\monitor\hp_mx704.cat C:\hp\drivers\monitor\hp_v52.cat C:\hp\drivers\monitor\hp_v72.cat C:\hp\drivers\monitor\hp_vf15.cat C:\hp\drivers\monitor\hp_vf17.cat C:\hp\drivers\monitor\hp_vf52.cat C:\hp\drivers\monitor\hp_vx73.cat C:\hp\drivers\monitor\hp_vx74.cat C:\hp\drivers\monitor\L1502.cat C:\hp\drivers\monitor\mx50.cat C:\hp\drivers\monitor\mx70.cat C:\hp\drivers\monitor\mx75.cat C:\hp\drivers\monitor\mx90.cat C:\hp\drivers\monitor\p3902a.cat C:\hp\drivers\monitor\v50.cat C:\hp\drivers\monitor\vf51.cat C:\hp\drivers\QuickCam_ELCH\lvELCHv.cat C:\hp\drivers\QuickCam_Exp\lvXPRSv.cat C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl.cat C:\Program Files\Common Files\Logitech\WMDrivers\WmBEnum.cat C:\Program Files\Common Files\Logitech\WMDrivers\Wmjoyhid.cat C:\Program Files\Common Files\Logitech\WMDrivers\WmVirHid.cat C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.CAT C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080606.003\IDSVia64.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080606.003\IDSVix86.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080617.001\IDSVia64.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080617.001\IDSVix86.cat C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSVia64.CAT C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSVix86.CAT C:\Program Files\Common Files\Symantec Shared\SymNetDrv\symIM.cat C:\Program Files\Common Files\Symantec Shared\SymNetDrv\symIMv.cat C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071019.009\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071019.009\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080606.023\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080606.023\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080619.003\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080619.003\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.cat C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1b0b.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1b0b.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2c8f.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2c8f.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp352c.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp352c.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp514c.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp514c.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp570e.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp570e.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp64a9.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp64a9.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6f5.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6f5.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp78c6.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp78c6.tmp\SYMERASE.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7950.tmp\SYMAVENG.CAT C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7950.tmp\SYMERASE.CAT C:\Program Files\Creative\MuVo Slim\StMp3Recnt.cat C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hpoprn08.cat C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hposcu08.cat C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hpounp08.cat C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hpzid412.cat C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hpzipr12.cat C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\hpzius12.cat C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\hpzid412.cat C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\hpzid413.cat C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\hpzipr12.cat C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\hpzipr13.cat C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\hpzius12.cat C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\hpzius13.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphprn13.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphunp13.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hpzid412.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hpzid413.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hpzipr12.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hpzipr13.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hpzius12.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hpzius13.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\enu\drivers\win2k_xp\hphp2k13.cat C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\enu\drivers\win9x_me\hphp9x13.cat C:\Program Files\iPod\iPod Updater 2006-06-28\StMp3Recnt.cat C:\Program Files\Norton Internet Security\IDSDefs\IDSVia64.cat C:\Program Files\Norton Internet Security\IDSDefs\IDSVix86.cat C:\Program Files\Symantec\SYMEVENT.CAT C:\WINDOWS\$hf_mig$\KB834707\update\KB834707.CAT C:\WINDOWS\$hf_mig$\KB867282\update\KB867282.CAT C:\WINDOWS\$hf_mig$\KB873333\update\KB873333.CAT C:\WINDOWS\$hf_mig$\KB873339\update\KB873339.CAT C:\WINDOWS\$hf_mig$\KB883939\update\KB883939.CAT C:\WINDOWS\$hf_mig$\KB885250\update\KB885250.CAT C:\WINDOWS\$hf_mig$\KB885835\update\KB885835.CAT C:\WINDOWS\$hf_mig$\KB885836\update\KB885836.CAT C:\WINDOWS\$hf_mig$\KB886185\update\KB886185.CAT C:\WINDOWS\$hf_mig$\KB887472\update\KB887472.CAT C:\WINDOWS\$hf_mig$\KB887742\update\KB887742.CAT C:\WINDOWS\$hf_mig$\KB888113\update\KB888113.CAT C:\WINDOWS\$hf_mig$\KB888302\update\KB888302.CAT C:\WINDOWS\$hf_mig$\KB890046\update\KB890046.CAT C:\WINDOWS\$hf_mig$\KB890047\update\KB890047.CAT C:\WINDOWS\$hf_mig$\KB890175\update\KB890175.CAT C:\WINDOWS\$hf_mig$\KB890859\update\KB890859.CAT C:\WINDOWS\$hf_mig$\KB890923\update\KB890923.CAT C:\WINDOWS\$hf_mig$\KB891781\update\KB891781.CAT C:\WINDOWS\$hf_mig$\KB893066\update\KB893066.CAT C:\WINDOWS\$hf_mig$\KB893086\update\KB893086.CAT C:\WINDOWS\$hf_mig$\KB893756\update\KB893756.CAT C:\WINDOWS\$hf_mig$\KB894391\update\KB894391.CAT C:\WINDOWS\$hf_mig$\KB896358\update\KB896358.CAT C:\WINDOWS\$hf_mig$\KB896422\update\KB896422.CAT C:\WINDOWS\$hf_mig$\KB896423\update\KB896423.CAT C:\WINDOWS\$hf_mig$\KB896424\update\KB896424.CAT C:\WINDOWS\$hf_mig$\KB896428\update\KB896428.CAT C:\WINDOWS\$hf_mig$\KB896688\update\KB896688.CAT C:\WINDOWS\$hf_mig$\KB896727\update\KB896727.CAT C:\WINDOWS\$hf_mig$\KB898461\update\KB898461.CAT C:\WINDOWS\$hf_mig$\KB899587\update\KB899587.CAT C:\WINDOWS\$hf_mig$\KB899588\update\KB899588.CAT C:\WINDOWS\$hf_mig$\KB899591\update\KB899591.CAT C:\WINDOWS\$hf_mig$\KB900485\update\KB900485.CAT C:\WINDOWS\$hf_mig$\KB900725\update\KB900725.CAT C:\WINDOWS\$hf_mig$\KB901017\update\KB901017.CAT C:\WINDOWS\$hf_mig$\KB901214\update\KB901214.CAT C:\WINDOWS\$hf_mig$\KB902400\update\KB902400.CAT C:\WINDOWS\$hf_mig$\KB904706\update\KB904706.CAT C:\WINDOWS\$hf_mig$\KB905414\update\KB905414.CAT C:\WINDOWS\$hf_mig$\KB905749\update\KB905749.CAT C:\WINDOWS\$hf_mig$\KB905915\update\KB905915.CAT C:\WINDOWS\$hf_mig$\KB908519\update\KB908519.CAT C:\WINDOWS\$hf_mig$\KB908531\update\KB908531.CAT C:\WINDOWS\$hf_mig$\KB910437\update\KB910437.CAT C:\WINDOWS\$hf_mig$\KB911280\update\KB911280.CAT C:\WINDOWS\$hf_mig$\KB911562\update\KB911562.CAT C:\WINDOWS\$hf_mig$\KB911567\update\KB911567.CAT C:\WINDOWS\$hf_mig$\KB911927\update\KB911927.CAT C:\WINDOWS\$hf_mig$\KB912812\update\KB912812.CAT C:\WINDOWS\$hf_mig$\KB912919\update\KB912919.CAT C:\WINDOWS\$hf_mig$\KB913446\update\KB913446.CAT C:\WINDOWS\$hf_mig$\KB913580\update\KB913580.CAT C:\WINDOWS\$hf_mig$\KB914388\update\KB914388.CAT C:\WINDOWS\$hf_mig$\KB914389\update\KB914389.CAT C:\WINDOWS\$hf_mig$\KB916281\update\KB916281.CAT C:\WINDOWS\$hf_mig$\KB916595\update\KB916595.CAT C:\WINDOWS\$hf_mig$\KB917159\update\KB917159.CAT C:\WINDOWS\$hf_mig$\KB917344\update\KB917344.CAT C:\WINDOWS\$hf_mig$\KB917422\update\KB917422.CAT C:\WINDOWS\$hf_mig$\KB917953\update\KB917953.CAT C:\WINDOWS\$hf_mig$\KB918118\update\KB918118.CAT C:\WINDOWS\$hf_mig$\KB918439\update\KB918439.CAT C:\WINDOWS\$hf_mig$\KB918899\update\KB918899.CAT C:\WINDOWS\$hf_mig$\KB919007\update\KB919007.CAT C:\WINDOWS\$hf_mig$\KB920213\update\KB920213.CAT C:\WINDOWS\$hf_mig$\KB920214\update\KB920214.CAT C:\WINDOWS\$hf_mig$\KB920670\update\KB920670.CAT C:\WINDOWS\$hf_mig$\KB920683\update\KB920683.CAT C:\WINDOWS\$hf_mig$\KB920685\update\KB920685.CAT C:\WINDOWS\$hf_mig$\KB920872\update\KB920872.CAT C:\WINDOWS\$hf_mig$\KB921398\update\KB921398.CAT C:\WINDOWS\$hf_mig$\KB921503\update\KB921503.CAT C:\WINDOWS\$hf_mig$\KB921883\update\KB921883.CAT C:\WINDOWS\$hf_mig$\KB922582\update\KB922582.CAT C:\WINDOWS\$hf_mig$\KB922616\update\KB922616.CAT C:\WINDOWS\$hf_mig$\KB922760\update\KB922760.CAT C:\WINDOWS\$hf_mig$\KB922819\update\KB922819.CAT C:\WINDOWS\$hf_mig$\KB923414\update\KB923414.CAT C:\WINDOWS\$hf_mig$\KB923694\update\KB923694.CAT C:\WINDOWS\$hf_mig$\KB923980\update\KB923980.CAT C:\WINDOWS\$hf_mig$\KB924191\update\KB924191.CAT C:\WINDOWS\$hf_mig$\KB924270\update\KB924270.CAT C:\WINDOWS\$hf_mig$\KB924496\update\KB924496.CAT C:\WINDOWS\$hf_mig$\KB925454\update\KB925454.CAT C:\WINDOWS\$hf_mig$\KB925486\update\KB925486.CAT C:\WINDOWS\$hf_mig$\KB925902\update\KB925902.CAT C:\WINDOWS\$hf_mig$\KB926255\update\KB926255.CAT C:\WINDOWS\$hf_mig$\KB926436\update\KB926436.CAT C:\WINDOWS\$hf_mig$\KB927779\update\KB927779.CAT C:\WINDOWS\$hf_mig$\KB927802\update\KB927802.CAT C:\WINDOWS\$hf_mig$\KB927891\update\KB927891.CAT C:\WINDOWS\$hf_mig$\KB928090\update\KB928090.CAT C:\WINDOWS\$hf_mig$\KB928255\update\KB928255.CAT C:\WINDOWS\$hf_mig$\KB928843\update\KB928843.CAT C:\WINDOWS\$hf_mig$\KB929123\update\KB929123.CAT C:\WINDOWS\$hf_mig$\KB929338\update\KB929338.CAT C:\WINDOWS\$hf_mig$\KB929969\update\KB929969.CAT C:\WINDOWS\$hf_mig$\KB930178\update\KB930178.CAT C:\WINDOWS\$hf_mig$\KB930916\update\KB930916.CAT C:\WINDOWS\$hf_mig$\KB931261\update\KB931261.CAT C:\WINDOWS\$hf_mig$\KB931768\update\KB931768.CAT C:\WINDOWS\$hf_mig$\KB931784\update\KB931784.CAT C:\WINDOWS\$hf_mig$\KB931836\update\KB931836.CAT C:\WINDOWS\$hf_mig$\KB932168\update\KB932168.CAT C:\WINDOWS\$hf_mig$\KB932823-v3\update\KB932823-v3.CAT C:\WINDOWS\$hf_mig$\KB933360\update\KB933360.CAT C:\WINDOWS\$hf_mig$\KB933566\update\KB933566.CAT C:\WINDOWS\$hf_mig$\KB933729\update\KB933729.CAT C:\WINDOWS\$hf_mig$\KB935448\update\KB935448.CAT C:\WINDOWS\$hf_mig$\KB935839\update\KB935839.CAT C:\WINDOWS\$hf_mig$\KB935840\update\KB935840.CAT C:\WINDOWS\$hf_mig$\KB936021\update\KB936021.CAT C:\WINDOWS\$hf_mig$\KB936357\update\KB936357.CAT C:\WINDOWS\$hf_mig$\KB937143\update\KB937143.CAT C:\WINDOWS\$hf_mig$\KB938127\update\KB938127.CAT C:\WINDOWS\$hf_mig$\KB938127-IE7\update\KB938127-IE7.CAT C:\WINDOWS\$hf_mig$\KB938828\update\KB938828.CAT C:\WINDOWS\$hf_mig$\KB938829\update\KB938829.CAT C:\WINDOWS\$hf_mig$\KB939653\update\KB939653.CAT C:\WINDOWS\$hf_mig$\KB941202\update\KB941202.CAT C:\WINDOWS\$hf_mig$\KB941568\update\KB941568.CAT C:\WINDOWS\$hf_mig$\KB941644\update\KB941644.CAT C:\WINDOWS\$hf_mig$\KB941693\update\KB941693.CAT C:\WINDOWS\$hf_mig$\KB942615\update\KB942615.CAT C:\WINDOWS\$hf_mig$\KB942763\update\KB942763.CAT C:\WINDOWS\$hf_mig$\KB942840\update\KB942840.CAT C:\WINDOWS\$hf_mig$\KB943055\update\KB943055.CAT C:\WINDOWS\$hf_mig$\KB943460\update\KB943460.CAT C:\WINDOWS\$hf_mig$\KB943485\update\KB943485.CAT C:\WINDOWS\$hf_mig$\KB944338\update\KB944338.CAT C:\WINDOWS\$hf_mig$\KB944533\update\KB944533.CAT C:\WINDOWS\$hf_mig$\KB944653\update\KB944653.CAT C:\WINDOWS\$hf_mig$\KB945553\update\KB945553.CAT C:\WINDOWS\$hf_mig$\KB946026\update\KB946026.CAT C:\WINDOWS\$hf_mig$\KB946627\update\KB946627.CAT C:\WINDOWS\$hf_mig$\KB947864\update\KB947864.CAT C:\WINDOWS\$hf_mig$\KB948590\update\KB948590.CAT C:\WINDOWS\$hf_mig$\KB948881\update\KB948881.CAT C:\WINDOWS\$hf_mig$\KB950749\update\KB950749.CAT C:\WINDOWS\$hf_mig$\KB950759-IE7\update\KB950759-IE7.CAT C:\WINDOWS\$hf_mig$\KB950760\update\KB950760.CAT C:\WINDOWS\$hf_mig$\KB950762\update\KB950762.CAT C:\WINDOWS\$hf_mig$\KB951376\update\KB951376.CAT C:\WINDOWS\$hf_mig$\KB951376-v2\update\KB951376-v2.CAT C:\WINDOWS\$hf_mig$\KB951698\update\KB951698.CAT C:\WINDOWS\$NtUninstallKB873339$\kb873339.cat C:\WINDOWS\$NtUninstallKB885835$\kb885835.cat C:\WINDOWS\$NtUninstallKB885836$\kb885836.cat C:\WINDOWS\$NtUninstallKB886185$\kb886185.cat C:\WINDOWS\$NtUninstallKB887472$\kb887472.cat C:\WINDOWS\$NtUninstallKB888302$\kb888302.cat C:\WINDOWS\$NtUninstallKB890046$\kb890046.cat C:\WINDOWS\$NtUninstallKB890859$\kb890859.cat C:\WINDOWS\$NtUninstallKB891781$\kb891781.cat C:\WINDOWS\$NtUninstallKB893756$\kb893756.cat C:\WINDOWS\$NtUninstallKB894391$\kb894391.cat C:\WINDOWS\$NtUninstallKB896358$\kb896358.cat C:\WINDOWS\$NtUninstallKB896423$\kb896423.cat C:\WINDOWS\$NtUninstallKB896428$\kb896428.cat C:\WINDOWS\$NtUninstallKB898461$\kb898461.cat C:\WINDOWS\$NtUninstallKB899587$\kb899587.cat C:\WINDOWS\$NtUninstallKB899591$\kb899591.cat C:\WINDOWS\$NtUninstallKB900725$\kb900725.cat C:\WINDOWS\$NtUninstallKB901017$\kb901017.cat C:\WINDOWS\$NtUninstallKB901214$\kb901214.cat C:\WINDOWS\$NtUninstallKB902400$\kb902400.cat C:\WINDOWS\$NtUninstallKB904706$\kb904706.cat C:\WINDOWS\$NtUninstallKB905414$\kb905414.cat C:\WINDOWS\$NtUninstallKB905749$\kb905749.cat C:\WINDOWS\$NtUninstallKB908519$\kb908519.cat C:\WINDOWS\$NtUninstallKB908531$\kb908531.cat C:\WINDOWS\$NtUninstallKB910437$\kb910437.cat C:\WINDOWS\$NtUninstallKB911280$\kb911280.cat C:\WINDOWS\$NtUninstallKB911562$\kb911562.cat C:\WINDOWS\$NtUninstallKB911927$\kb911927.cat C:\WINDOWS\$NtUninstallKB913580$\kb913580.cat C:\WINDOWS\$NtUninstallKB914388$\kb914388.cat C:\WINDOWS\$NtUninstallKB914389$\kb914389.cat C:\WINDOWS\$NtUninstallKB916595$\kb916595.cat C:\WINDOWS\$NtUninstallKB917344$\kb917344.cat C:\WINDOWS\$NtUninstallKB917953$\kb917953.cat C:\WINDOWS\$NtUninstallKB918118$\kb918118.cat C:\WINDOWS\$NtUninstallKB918439$\kb918439.cat C:\WINDOWS\$NtUninstallKB919007$\kb919007.cat C:\WINDOWS\$NtUninstallKB920213$\kb920213.cat C:\WINDOWS\$NtUninstallKB920670$\kb920670.cat C:\WINDOWS\$NtUninstallKB920683$\kb920683.cat C:\WINDOWS\$NtUninstallKB920685$\kb920685.cat C:\WINDOWS\$NtUninstallKB922582$\kb922582.cat C:\WINDOWS\$NtUninstallKB922819$\kb922819.cat C:\WINDOWS\$NtUninstallKB923414$\kb923414.cat C:\WINDOWS\$NtUninstallKB923980$\kb923980.cat C:\WINDOWS\$NtUninstallKB924191$\kb924191.cat C:\WINDOWS\$NtUninstallKB924270$\kb924270.cat C:\WINDOWS\$NtUninstallKB924496$\kb924496.cat C:\WINDOWS\$NtUninstallKB925902$\kb925902.cat C:\WINDOWS\$NtUninstallKB926255$\kb926255.cat C:\WINDOWS\$NtUninstallKB926436$\kb926436.cat C:\WINDOWS\$NtUninstallKB927779$\kb927779.cat C:\WINDOWS\$NtUninstallKB927802$\kb927802.cat C:\WINDOWS\$NtUninstallKB928255$\kb928255.cat C:\WINDOWS\$NtUninstallKB928843$\kb928843.cat C:\WINDOWS\$NtUninstallKB929969$\kb929969.cat C:\WINDOWS\$NtUninstallKB930178$\kb930178.cat C:\WINDOWS\$NtUninstallKB930916$\kb930916.cat C:\WINDOWS\$NtUninstallKB931261$\kb931261.cat C:\WINDOWS\$NtUninstallKB931836$\kb931836.cat C:\WINDOWS\$NtUninstallKB932168$\kb932168.cat C:\WINDOWS\$NtUninstallKB935448$\kb935448.cat C:\WINDOWS\CtDrvInstall\{70303633-30646576-0000000000000000}\P0630Dev.cat C:\WINDOWS\I386\IMS.CAT C:\WINDOWS\I386\NTPRINT.CAT C:\WINDOWS\I386\SP2.CAT C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CAT C:\WINDOWS\I386\ASMS\5100\MSFT\WINDOWS\SYSTEM\DEFAULT\DEFAULT.CAT C:\WINDOWS\I386\ASMS\6000\MSFT\VCRTL\VCRTL.CAT C:\WINDOWS\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.CAT C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSWINCRT.CAT C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\KB914440.CAT C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\KB938127-IE7.cat C:\WINDOWS\SoftwareDistribution\Download\1ece269e23f4ef02dbea7dfa6a74a7d0\update\KB950762.CAT C:\WINDOWS\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\update\KB947864-IE7.CAT C:\WINDOWS\SoftwareDistribution\Download\7215cdd2a5992ff3eb59bc846f07eb4e\update\KB951376.CAT C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\KB950760.CAT C:\WINDOWS\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\update\KB950759-IE7.CAT C:\WINDOWS\SoftwareDistribution\Download\c268348752498f57ff1128ae6a23c4f1\update\wganotify.cat C:\WINDOWS\SoftwareDistribution\Download\c286b650f35378bdc0c45de56f787772\update\KB932823-v3.cat C:\WINDOWS\SoftwareDistribution\Download\e1b768948601bcabeb1406e8eeccf365\update\KB951376-v2.CAT C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\update\KB944533-IE7.CAT C:\WINDOWS\SoftwareDistribution\Download\f1570947f8ce451e47060cfdc13f1bf1\update\KB951698.cat C:\WINDOWS\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\update\KB950759-IE7.CAT C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cat C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cat C:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\gearaspiwdmx86.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IDNMitigationAPIs.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB932823-v3.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB938127-IE7.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950759-IE7.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950760.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950762.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951376-v2.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951376.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951698.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NLSDownlevelMapping.cat C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem220.CAT C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem221.CAT C:\WINDOWS\system32\dllcache\FP4.CAT C:\WINDOWS\system32\dllcache\HPCRDP.CAT C:\WINDOWS\system32\dllcache\IASNT4.CAT C:\WINDOWS\system32\dllcache\IMS.CAT C:\WINDOWS\system32\dllcache\MAPIMIG.CAT C:\WINDOWS\system32\dllcache\MSMSGS.CAT C:\WINDOWS\system32\dllcache\msn7.cat C:\WINDOWS\system32\dllcache\msn9.cat C:\WINDOWS\system32\dllcache\MSTSWEB.CAT C:\WINDOWS\system32\dllcache\MW770.CAT C:\WINDOWS\system32\dllcache\NT5.CAT C:\WINDOWS\system32\dllcache\NT5IIS.CAT C:\WINDOWS\system32\dllcache\NT5INF.CAT C:\WINDOWS\system32\dllcache\NTPRINT.CAT C:\WINDOWS\system32\dllcache\OEMBIOS.CAT C:\WINDOWS\system32\dllcache\SP2.CAT C:\WINDOWS\system32\dllcache\startoc.cat C:\WINDOWS\system32\dllcache\wmerrenu.cat C:\WINDOWS\system32\drivers\coh_mon.cat C:\WINDOWS\system32\drivers\co_mon.cat C:\WINDOWS\system32\drivers\srtsp.cat C:\WINDOWS\system32\drivers\srtspl.cat C:\WINDOWS\system32\drivers\srtspx.cat C:\WINDOWS\system32\drivers\SYMEVENT.CAT C:\WINDOWS\system32\drivers\SymRedir.cat C:\WINDOWS\system32\DRVSTORE\k510bus_592164d5f16e51e4c644fcd48917085cbb6c223c\k510bus.cat C:\WINDOWS\system32\DRVSTORE\k510mdm2_29f37670bf5839e457b807d5fe931f9681e5e5b7\k510mdm.cat C:\WINDOWS\system32\DRVSTORE\k510mdmv_29f37670bf5839e457b807d5fe931f9681e5e5b7\k510mdm.cat C:\WINDOWS\system32\DRVSTORE\k510mdmw_29f37670bf5839e457b807d5fe931f9681e5e5b7\k510mdm.cat C:\WINDOWS\system32\DRVSTORE\k510obx2_4290c8169fd5f3f64a2aec2b8bd140f90144791f\k510obex.cat C:\WINDOWS\system32\DRVSTORE\k510obxv_4290c8169fd5f3f64a2aec2b8bd140f90144791f\k510obex.cat C:\WINDOWS\system32\DRVSTORE\k510obxw_4290c8169fd5f3f64a2aec2b8bd140f90144791f\k510obex.cat C:\WINDOWS\system32\DRVSTORE\k510sdm2_dfcde6d624a21cca1b1fe424267b306d87ec5280\k510mgmt.cat C:\WINDOWS\system32\DRVSTORE\k510sdmv_dfcde6d624a21cca1b1fe424267b306d87ec5280\k510mgmt.cat C:\WINDOWS\system32\DRVSTORE\k510sdmw_dfcde6d624a21cca1b1fe424267b306d87ec5280\k510mgmt.cat C:\WINDOWS\system32\DRVSTORE\k600bus_6781026c271771cb74a43aa206185bfd42cabcab\k600bus.cat C:\WINDOWS\system32\DRVSTORE\k600mdm2_e19dbf1c141e9f53d336190c0bac2017d09527cc\k600mdm.cat C:\WINDOWS\system32\DRVSTORE\k600mdmv_e19dbf1c141e9f53d336190c0bac2017d09527cc\k600mdm.cat C:\WINDOWS\system32\DRVSTORE\k600mdmw_e19dbf1c141e9f53d336190c0bac2017d09527cc\k600mdm.cat C:\WINDOWS\system32\DRVSTORE\k600obx2_544957cea92ffabd68a9120a8c0accf37e342ab0\k600obex.cat C:\WINDOWS\system32\DRVSTORE\k600obxv_544957cea92ffabd68a9120a8c0accf37e342ab0\k600obex.cat C:\WINDOWS\system32\DRVSTORE\k600obxw_544957cea92ffabd68a9120a8c0accf37e342ab0\k600obex.cat C:\WINDOWS\system32\DRVSTORE\k600sdm2_675fcd620f5c308ecad6c1b697d236c2fa9b79d2\k600mgmt.cat C:\WINDOWS\system32\DRVSTORE\k600sdmv_675fcd620f5c308ecad6c1b697d236c2fa9b79d2\k600mgmt.cat C:\WINDOWS\system32\DRVSTORE\k600sdmw_675fcd620f5c308ecad6c1b697d236c2fa9b79d2\k600mgmt.cat C:\WINDOWS\system32\DRVSTORE\k750bus_3d28d8af3b052a3c8ef7b37a8d13dc7635619447\k750bus.cat C:\WINDOWS\system32\DRVSTORE\k750mdm2_a686f4b37cc7e33af27a91972f84f609ba2b1c73\k750mdm.cat C:\WINDOWS\system32\DRVSTORE\k750mdmv_a686f4b37cc7e33af27a91972f84f609ba2b1c73\k750mdm.cat C:\WINDOWS\system32\DRVSTORE\k750mdmw_a686f4b37cc7e33af27a91972f84f609ba2b1c73\k750mdm.cat C:\WINDOWS\system32\DRVSTORE\k750obx2_b6529b5b8f8b3d0b523c1b59f562515bcc9a301a\k750obex.cat C:\WINDOWS\system32\DRVSTORE\k750obxv_b6529b5b8f8b3d0b523c1b59f562515bcc9a301a\k750obex.cat C:\WINDOWS\system32\DRVSTORE\k750obxw_b6529b5b8f8b3d0b523c1b59f562515bcc9a301a\k750obex.cat C:\WINDOWS\system32\DRVSTORE\k750sdm2_4956777425e371d02e5bb7f92e7041dc2afa371c\k750mgmt.cat C:\WINDOWS\system32\DRVSTORE\k750sdmv_4956777425e371d02e5bb7f92e7041dc2afa371c\k750mgmt.cat C:\WINDOWS\system32\DRVSTORE\k750sdmw_4956777425e371d02e5bb7f92e7041dc2afa371c\k750mgmt.cat C:\WINDOWS\system32\DRVSTORE\Sem600i_Ir_546d3ba4cc7eb36c331fc119d38b3fd30c825291\sem600i.cat C:\WINDOWS\system32\DRVSTORE\Sem750_IrD_50799bbe11f88974139d554049516ada2d4038c7\sem750.cat C:\WINDOWS\system32\DRVSTORE\SemK510_Ir_1e3d86293c91a0bed3422b683bdfa44bc8a68cf2\semK510.cat C:\WINDOWS\system32\DRVSTORE\SemW550_Ir_9625490cbd2be55cb3ac1503901a1b3783d35ee6\semW550.cat C:\WINDOWS\system32\DRVSTORE\SemW600_Ir_4b49c11fef76751440ab14809ff11d8a1654871e\semW600.cat C:\WINDOWS\system32\DRVSTORE\SemW700_Ir_cb7648a9a35e0d91bbd92d4607b0d9a533398580\semW700.cat C:\WINDOWS\system32\DRVSTORE\SemW800_Ir_68ec6df95dca07028dfdaf2f747f81ce95e368b2\semW800.cat C:\WINDOWS\system32\DRVSTORE\SemW810_Ir_ca996d23ebe3a560c73d54bd1c64555428845572\semW810.cat C:\WINDOWS\system32\DRVSTORE\SemW900_Ir_afbf64fb4ce24ad05fd98a430f802690395e607e\semW900.cat C:\WINDOWS\system32\DRVSTORE\SemZ520_Ir_e0d11cee56d6ecebeb0a9f4aa741bd36f175334b\semZ520.cat C:\WINDOWS\system32\DRVSTORE\SemZ525_Ir_4ce1f15b2f9d83d17e7ba41904a00b1fcc0c7fe3\semZ525.cat C:\WINDOWS\system32\DRVSTORE\SemZ530_Ir_b28e2586f1c3c0d646ae5d27b53d132a91190f06\semZ530.cat C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\USBAAPL.CAT C:\WINDOWS\system32\DRVSTORE\v800bus_33b03b0aa7fefb0f117ae2032fb4f746ecd1c031\v800bus.cat C:\WINDOWS\system32\DRVSTORE\v800mdm2_52a3e02f2481f993b94a72741e829d1504831fcd\v800mdm.cat C:\WINDOWS\system32\DRVSTORE\v800mdmv_52a3e02f2481f993b94a72741e829d1504831fcd\v800mdm.cat C:\WINDOWS\system32\DRVSTORE\v800mdmw_52a3e02f2481f993b94a72741e829d1504831fcd\v800mdm.cat C:\WINDOWS\system32\DRVSTORE\v800obx2_b386c4d0894f0d6a3516a67ada767b8ba223ac67\v800obex.cat C:\WINDOWS\system32\DRVSTORE\v800obxv_b386c4d0894f0d6a3516a67ada767b8ba223ac67\v800obex.cat C:\WINDOWS\system32\DRVSTORE\v800obxw_b386c4d0894f0d6a3516a67ada767b8ba223ac67\v800obex.cat C:\WINDOWS\system32\DRVSTORE\v800sdm2_8cb6e7b15043fb4a8976b61de7881df27517ef24\v800mgmt.cat C:\WINDOWS\system32\DRVSTORE\v800sdmv_8cb6e7b15043fb4a8976b61de7881df27517ef24\v800mgmt.cat C:\WINDOWS\system32\DRVSTORE\v800sdmw_8cb6e7b15043fb4a8976b61de7881df27517ef24\v800mgmt.cat C:\WINDOWS\system32\DRVSTORE\w550bus_82010ee0cea5c27e6905dc671bf25cb399d33f7c\w550bus.cat C:\WINDOWS\system32\DRVSTORE\w550mdm2_155482e7e55df597206a7d0b4bd43bd62684e5dd\w550mdm.cat C:\WINDOWS\system32\DRVSTORE\w550mdmv_155482e7e55df597206a7d0b4bd43bd62684e5dd\w550mdm.cat C:\WINDOWS\system32\DRVSTORE\w550mdmw_155482e7e55df597206a7d0b4bd43bd62684e5dd\w550mdm.cat C:\WINDOWS\system32\DRVSTORE\w550obx2_3d569d1c1c374205ca2571ad99ca641f5dfc06e1\w550obex.cat C:\WINDOWS\system32\DRVSTORE\w550obxv_3d569d1c1c374205ca2571ad99ca641f5dfc06e1\w550obex.cat C:\WINDOWS\system32\DRVSTORE\w550obxw_3d569d1c1c374205ca2571ad99ca641f5dfc06e1\w550obex.cat C:\WINDOWS\system32\DRVSTORE\w550sdm2_de27ae400ce18e280257e9c601d025775bc38881\w550mgmt.cat C:\WINDOWS\system32\DRVSTORE\w550sdmv_de27ae400ce18e280257e9c601d025775bc38881\w550mgmt.cat C:\WINDOWS\system32\DRVSTORE\w550sdmw_de27ae400ce18e280257e9c601d025775bc38881\w550mgmt.cat C:\WINDOWS\system32\DRVSTORE\w600bus_851aaf9cdc14a20edd3877074ed40bf8671686f2\w600bus.cat C:\WINDOWS\system32\DRVSTORE\w600mdm2_1c3c30107df53eae54b74686a6e8f4e5aed3e443\w600mdm.cat C:\WINDOWS\system32\DRVSTORE\w600mdmv_1c3c30107df53eae54b74686a6e8f4e5aed3e443\w600mdm.cat C:\WINDOWS\system32\DRVSTORE\w600mdmw_1c3c30107df53eae54b74686a6e8f4e5aed3e443\w600mdm.cat C:\WINDOWS\system32\DRVSTORE\w600obx2_dae8b60384b37320c14d6f72f1238de037a97039\w600obex.cat C:\WINDOWS\system32\DRVSTORE\w600obxv_dae8b60384b37320c14d6f72f1238de037a97039\w600obex.cat C:\WINDOWS\system32\DRVSTORE\w600obxw_dae8b60384b37320c14d6f72f1238de037a97039\w600obex.cat C:\WINDOWS\system32\DRVSTORE\w600sdm2_51a9b9f3944c484e42554af86c82ccd03d9a7f56\w600mgmt.cat C:\WINDOWS\system32\DRVSTORE\w600sdmv_51a9b9f3944c484e42554af86c82ccd03d9a7f56\w600mgmt.cat C:\WINDOWS\system32\DRVSTORE\w600sdmw_51a9b9f3944c484e42554af86c82ccd03d9a7f56\w600mgmt.cat C:\WINDOWS\system32\DRVSTORE\w700bus_9b69defa54ad9b8dec9e960ba187e92a254fb265\W700bus.cat C:\WINDOWS\system32\DRVSTORE\w700mdm2_4fbee709cda3dc6ae7e6ee25a896ae6975137264\W700mdm.cat C:\WINDOWS\system32\DRVSTORE\w700mdmv_4fbee709cda3dc6ae7e6ee25a896ae6975137264\W700mdm.cat C:\WINDOWS\system32\DRVSTORE\w700mdmw_4fbee709cda3dc6ae7e6ee25a896ae6975137264\W700mdm.cat C:\WINDOWS\system32\DRVSTORE\w700obx2_d39d6e0d0896387b611933687df988f0e0e96358\W700obex.cat C:\WINDOWS\system32\DRVSTORE\w700obxv_d39d6e0d0896387b611933687df988f0e0e96358\W700obex.cat C:\WINDOWS\system32\DRVSTORE\w700obxw_d39d6e0d0896387b611933687df988f0e0e96358\W700obex.cat C:\WINDOWS\system32\DRVSTORE\w700sdm2_fc685b295aa7ca47ef46a4a08c077a96ae0fe91b\W700mgmt.cat C:\WINDOWS\system32\DRVSTORE\w700sdmv_fc685b295aa7ca47ef46a4a08c077a96ae0fe91b\W700mgmt.cat C:\WINDOWS\system32\DRVSTORE\w700sdmw_fc685b295aa7ca47ef46a4a08c077a96ae0fe91b\W700mgmt.cat C:\WINDOWS\system32\DRVSTORE\w800bus_69b11fc87b31548ba1b6f6df548027a745fb48c7\w800bus.cat C:\WINDOWS\system32\DRVSTORE\w800mdm2_0da26fc493941513a4c768eac92aa00b306e2590\w800mdm.cat C:\WINDOWS\system32\DRVSTORE\w800mdmv_0da26fc493941513a4c768eac92aa00b306e2590\w800mdm.cat C:\WINDOWS\system32\DRVSTORE\w800mdmw_0da26fc493941513a4c768eac92aa00b306e2590\w800mdm.cat C:\WINDOWS\system32\DRVSTORE\w800obx2_014d3a30070f317df47d02cdef6732bfe11c2247\w800obex.cat C:\WINDOWS\system32\DRVSTORE\w800obxv_014d3a30070f317df47d02cdef6732bfe11c2247\w800obex.cat C:\WINDOWS\system32\DRVSTORE\w800obxw_014d3a30070f317df47d02cdef6732bfe11c2247\w800obex.cat C:\WINDOWS\system32\DRVSTORE\w800sdm2_52acc6d2c254f74020549727bf34bb7941e0c0b6\w800mgmt.cat C:\WINDOWS\system32\DRVSTORE\w800sdmv_52acc6d2c254f74020549727bf34bb7941e0c0b6\w800mgmt.cat C:\WINDOWS\system32\DRVSTORE\w800sdmw_52acc6d2c254f74020549727bf34bb7941e0c0b6\w800mgmt.cat C:\WINDOWS\system32\DRVSTORE\w810bus_19818ad353804a5bd8813328571e90c7c25f3308\w810bus.cat C:\WINDOWS\system32\DRVSTORE\w810mdm2_0bfd58f44be28989a9fb32bf6b064ced549d04b5\w810mdm.cat C:\WINDOWS\system32\DRVSTORE\w810mdmv_0bfd58f44be28989a9fb32bf6b064ced549d04b5\w810mdm.cat C:\WINDOWS\system32\DRVSTORE\w810mdmw_0bfd58f44be28989a9fb32bf6b064ced549d04b5\w810mdm.cat C:\WINDOWS\system32\DRVSTORE\w810obx2_d045ec4f539af2bd3ac1262b67e2ff4d18a63d99\w810obex.cat C:\WINDOWS\system32\DRVSTORE\w810obxv_d045ec4f539af2bd3ac1262b67e2ff4d18a63d99\w810obex.cat C:\WINDOWS\system32\DRVSTORE\w810obxw_d045ec4f539af2bd3ac1262b67e2ff4d18a63d99\w810obex.cat C:\WINDOWS\system32\DRVSTORE\w810sdm2_4fbd832a66fa44975e6a1999a17f07e15ca668bb\w810mgmt.cat C:\WINDOWS\system32\DRVSTORE\w810sdmv_4fbd832a66fa44975e6a1999a17f07e15ca668bb\w810mgmt.cat C:\WINDOWS\system32\DRVSTORE\w810sdmw_4fbd832a66fa44975e6a1999a17f07e15ca668bb\w810mgmt.cat C:\WINDOWS\system32\DRVSTORE\w900bus_a13d909859c3dd3a4d2024e90c5667a0715a2654\w900bus.cat C:\WINDOWS\system32\DRVSTORE\w900mdm2_90932cb2543b32cbed4e0bc2c3770ed450157bf7\w900mdm.cat C:\WINDOWS\system32\DRVSTORE\w900mdmv_90932cb2543b32cbed4e0bc2c3770ed450157bf7\w900mdm.cat C:\WINDOWS\system32\DRVSTORE\w900mdmw_90932cb2543b32cbed4e0bc2c3770ed450157bf7\w900mdm.cat C:\WINDOWS\system32\DRVSTORE\w900obx2_0e4c0e31d6475770edfd1870908b5c4c7a27f6cd\w900obex.cat C:\WINDOWS\system32\DRVSTORE\w900obxv_0e4c0e31d6475770edfd1870908b5c4c7a27f6cd\w900obex.cat C:\WINDOWS\system32\DRVSTORE\w900obxw_0e4c0e31d6475770edfd1870908b5c4c7a27f6cd\w900obex.cat C:\WINDOWS\system32\DRVSTORE\w900sdm2_29a2e5b331f007667257bc3a492448aa5412b7fe\w900mgmt.cat C:\WINDOWS\system32\DRVSTORE\w900sdmv_29a2e5b331f007667257bc3a492448aa5412b7fe\w900mgmt.cat C:\WINDOWS\system32\DRVSTORE\w900sdmw_29a2e5b331f007667257bc3a492448aa5412b7fe\w900mgmt.cat C:\WINDOWS\system32\DRVSTORE\wlphonecv_8800C151E3BB9442F62327FF05F053BF5567B318\WLPhoneCV.cat C:\WINDOWS\system32\DRVSTORE\wlphonecv_B88DA7978559975500983DADC0107CF3AA89C14C\WLPhoneCV.cat C:\WINDOWS\system32\DRVSTORE\z520bus_9a02e2c69777d5fe8b0afed25a3954b87e40b176\z520bus.cat C:\WINDOWS\system32\DRVSTORE\z520mdm2_e7c347162e16943ccb9fd999dd13c9386bfac43d\z520mdm.cat C:\WINDOWS\system32\DRVSTORE\z520mdmv_e7c347162e16943ccb9fd999dd13c9386bfac43d\z520mdm.cat C:\WINDOWS\system32\DRVSTORE\z520mdmw_e7c347162e16943ccb9fd999dd13c9386bfac43d\z520mdm.cat C:\WINDOWS\system32\DRVSTORE\z520obx2_1775df8ab6f50291db10a5e8971e87950ba0eb0c\z520obex.cat C:\WINDOWS\system32\DRVSTORE\z520obxv_1775df8ab6f50291db10a5e8971e87950ba0eb0c\z520obex.cat C:\WINDOWS\system32\DRVSTORE\z520obxw_1775df8ab6f50291db10a5e8971e87950ba0eb0c\z520obex.cat C:\WINDOWS\system32\DRVSTORE\z520sdm2_00d3f40169de920ac43d88aa6ef98245dbb4f4a1\z520mgmt.cat C:\WINDOWS\system32\DRVSTORE\z520sdmv_00d3f40169de920ac43d88aa6ef98245dbb4f4a1\z520mgmt.cat C:\WINDOWS\system32\DRVSTORE\z520sdmw_00d3f40169de920ac43d88aa6ef98245dbb4f4a1\z520mgmt.cat C:\WINDOWS\system32\DRVSTORE\z525bus_3c7f5f79e689172b34a461ec0a6f4bfc389b600f\z525bus.cat C:\WINDOWS\system32\DRVSTORE\z525mdm2_bcf80df43817a6e2ff54119c6253b27fe7dcad13\z525mdm.cat C:\WINDOWS\system32\DRVSTORE\z525mdmv_bcf80df43817a6e2ff54119c6253b27fe7dcad13\z525mdm.cat C:\WINDOWS\system32\DRVSTORE\z525mdmw_bcf80df43817a6e2ff54119c6253b27fe7dcad13\z525mdm.cat C:\WINDOWS\system32\DRVSTORE\z525obx2_28beeef3e5e976d190c8b7611e2a302af561302e\z525obex.cat C:\WINDOWS\system32\DRVSTORE\z525obxv_28beeef3e5e976d190c8b7611e2a302af561302e\z525obex.cat C:\WINDOWS\system32\DRVSTORE\z525obxw_28beeef3e5e976d190c8b7611e2a302af561302e\z525obex.cat C:\WINDOWS\system32\DRVSTORE\z525sdm2_4739e4159e316047f5f452cb07b092efe246ceea\z525mgmt.cat C:\WINDOWS\system32\DRVSTORE\z525sdmv_4739e4159e316047f5f452cb07b092efe246ceea\z525mgmt.cat C:\WINDOWS\system32\DRVSTORE\z525sdmw_4739e4159e316047f5f452cb07b092efe246ceea\z525mgmt.cat C:\WINDOWS\system32\DRVSTORE\z530bus_711f5b1543e0e2e75095437aad113ba7ec90c151\z530bus.cat C:\WINDOWS\system32\DRVSTORE\z530mdm2_ed2cd1341cd36120ce066d4ca433d5d6e86bd7cf\z530mdm.cat C:\WINDOWS\system32\DRVSTORE\z530mdmv_ed2cd1341cd36120ce066d4ca433d5d6e86bd7cf\z530mdm.cat C:\WINDOWS\system32\DRVSTORE\z530mdmw_ed2cd1341cd36120ce066d4ca433d5d6e86bd7cf\z530mdm.cat C:\WINDOWS\system32\DRVSTORE\z530obx2_fd421c2424ae65a119abc16012ca2153897d4825\z530obex.cat C:\WINDOWS\system32\DRVSTORE\z530obxv_fd421c2424ae65a119abc16012ca2153897d4825\z530obex.cat C:\WINDOWS\system32\DRVSTORE\z530obxw_fd421c2424ae65a119abc16012ca2153897d4825\z530obex.cat C:\WINDOWS\system32\DRVSTORE\z530sdm2_7ce664b8b6f578872dc59e086511b18a66b49ca3\z530mgmt.cat C:\WINDOWS\system32\DRVSTORE\z530sdmv_7ce664b8b6f578872dc59e086511b18a66b49ca3\z530mgmt.cat C:\WINDOWS\system32\DRVSTORE\z530sdmw_7ce664b8b6f578872dc59e086511b18a66b49ca3\z530mgmt.cat C:\WINDOWS\system32\DRVSTORE\z800bus_e33a4370f20b35a0e769d6a0c506521060ce196e\z800bus.cat C:\WINDOWS\system32\DRVSTORE\z800mdm2_ee30ac0900ed0ba0341d8c8cbf48308c879e73f4\z800mdm.cat C:\WINDOWS\system32\DRVSTORE\z800mdmv_ee30ac0900ed0ba0341d8c8cbf48308c879e73f4\z800mdm.cat C:\WINDOWS\system32\DRVSTORE\z800mdmw_ee30ac0900ed0ba0341d8c8cbf48308c879e73f4\z800mdm.cat C:\WINDOWS\system32\DRVSTORE\z800obx2_2998c412471a915ca1e2dcfdc9608f2f40454caf\z800obex.cat C:\WINDOWS\system32\DRVSTORE\z800obxv_2998c412471a915ca1e2dcfdc9608f2f40454caf\z800obex.cat C:\WINDOWS\system32\DRVSTORE\z800obxw_2998c412471a915ca1e2dcfdc9608f2f40454caf\z800obex.cat C:\WINDOWS\system32\DRVSTORE\z800sdm2_86d3cfb34d4dbd0843c8bcb4e05bb71b9a4fc200\z800mgmt.cat C:\WINDOWS\system32\DRVSTORE\z800sdmv_86d3cfb34d4dbd0843c8bcb4e05bb71b9a4fc200\z800mgmt.cat C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\CX_35409.CAT C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i830mnt5.cat C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_35409.CAT C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\H1c10210.cat C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\RtkAzAud.cat C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\USBAAPL.CAT C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\WmVirHid.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.DebugOpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_66b81908.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.cat C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9848.0.cat C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.cat C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.cat C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.163.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_x-ww_09e017b4\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_x-ww_a193936f\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.DebugOpenMP_1fc8b3b9a1e18e3b_x-ww_6afafa78\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.163.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.42.cat C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.cat C:\WINDOWS\I386\FP4.CA_ C:\WINDOWS\I386\HPCRDP.CA_ C:\WINDOWS\I386\HSCSP_P3.CA_ C:\WINDOWS\I386\IASNT4.CA_ C:\WINDOWS\I386\MAPIMIG.CA_ C:\WINDOWS\I386\MSMSGS.CA_ C:\WINDOWS\I386\MSN7.CA_ C:\WINDOWS\I386\MSN9.CA_ C:\WINDOWS\I386\MSRDP.CA_ C:\WINDOWS\I386\MSTSWEB.CA_ C:\WINDOWS\I386\MW770.CA_ C:\WINDOWS\I386\NT5.CA_ C:\WINDOWS\I386\NT5IIS.CA_ C:\WINDOWS\I386\NT5INF.CA_ C:\WINDOWS\I386\OEMBIOS.CA_ C:\WINDOWS\I386\OSCCAB.CA_ C:\WINDOWS\I386\PCHDT_P3.CA_ C:\WINDOWS\I386\STARTOC.CA_ C:\WINDOWS\I386\TSHOOT.CA_ C:\WINDOWS\I386\WMERRENU.CA_ C:\WINDOWS\I386\ASMS\1\DEFAULT\DEFAULT.CA_ C:\WINDOWS\I386\ASMS\10\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CA_ C:\WINDOWS\I386\ASMS\10\POLICY\MSFT\WINDOWS\GDIPLUS\GDIPLUS.CA_ C:\WINDOWS\I386\ASMS\2\DEFAULT\DEFAULT.CA_ C:\WINDOWS\I386\ASMS\52\MSFT\WINDOWS\NET\DXMRTP\DXMRTP.CA_ C:\WINDOWS\I386\ASMS\52\MSFT\WINDOWS\NET\RTCDLL\RTCDLL.CA_ C:\WINDOWS\I386\ASMS\52\MSFT\WINDOWS\NET\RTCRES\RTCRES.CA_ C:\WINDOWS\I386\ASMS\52\POLICY\MSFT\WINDOWS\NETWORKING\DXMRTP\DXMRTP.CA_ C:\WINDOWS\I386\ASMS\52\POLICY\MSFT\WINDOWS\NETWORKING\RTCDLL\RTCDLL.CA_ C:\WINDOWS\I386\ASMS\60\MSFT\WINDOWS\COMMON\CONTROLS\CONTROLS.CA_ C:\WINDOWS\I386\ASMS\60\POLICY\60\COMCTL\COMCTL.CA_ C:\WINDOWS\I386\ASMS\70\MSFT\WINDOWS\MSWINCRT\MSWINCRT.CA_ C:\WINDOWS\I386\ASMS\70\POLICY\MSFT\MSWINCRT\MSWINCRT.CA_ |
|
|
|
|
06-20-2008, 07:37 PM
|
#31 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
It's gonna take a while to go through this. So, please be patient.
Quick question - Did you perform a disk check prior to your troubles ?
__________________
Question - what have you done for the community today? |
|
|
|
|
06-20-2008, 09:39 PM
|
#32 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:
Code:
@echo off
Attrib -h -r -s -a C:\found.000\dir0000.chk\*.CAT >nul 2>&1
Move /y C:\found.000\dir0000.chk\*.CAT C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ >nul 2>&1
start ComboFix /F3m
del %0
It should look like this:  Double click on fix.bat & allow it to run It shall trigger combofix to run. We shall need to see the log's that produced
__________________
Question - what have you done for the community today? |
|
|
|
|
06-20-2008, 11:20 PM
|
#33 (permalink) | |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
Quote:
I can wait it out. I'll stick with it for as long as you decide to. Thanks again. ((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))) . 2008-06-20 19:10 . 2008-06-20 19:10 27,136 --a------ C:\WINDOWS\CYK49.tmp 2008-06-20 16:14 . 2008-06-20 16:14 27,136 --a------ C:\WINDOWS\CYK3D.tmp 2008-06-20 16:01 . 2008-06-20 16:01 27,136 --a------ C:\WINDOWS\CYK40.tmp 2008-06-19 19:04 . 2008-06-19 19:04 27,136 --a------ C:\WINDOWS\CYK3F.tmp 2008-06-19 12:05 . 2008-06-19 12:05 27,136 --a------ C:\WINDOWS\CYK6A.tmp 2008-06-19 11:45 . 2008-06-19 11:46 27,136 --a------ C:\WINDOWS\CYK68.tmp 2008-06-19 11:42 . 2008-06-19 11:42 27,136 --a------ C:\WINDOWS\CYK65.tmp 2008-06-19 11:37 . 2008-06-19 11:37 27,136 --a------ C:\WINDOWS\CYK5E.tmp 2008-06-18 23:43 . 2008-06-18 23:43 27,136 --a------ C:\WINDOWS\CYK3E.tmp 2008-06-16 19:09 . 2008-06-20 16:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2008-06-16 18:36 . 2008-06-16 18:40 63,971,328 --a------ C:\WINDOWS\sectest.db 2008-06-14 23:24 . 2008-04-22 22:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-14 23:24 . 2007-04-17 03:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-14 23:24 . 2007-03-07 23:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-14 23:24 . 2008-04-22 22:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-14 23:24 . 2008-04-22 22:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-14 23:24 . 2008-04-22 22:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-14 23:24 . 2008-04-22 22:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-14 23:24 . 2008-04-22 22:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-14 23:24 . 2008-04-22 01:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-13 15:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-13 15:08 . 2008-06-13 15:09 <DIR> d-------- C:\Program Files\Java 2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll 2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll 2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys 2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat 2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf 2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys 2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys 2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2008-06-12 00:37 . 2008-06-12 00:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-11 15:44 . 2008-06-17 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-11 15:44 . 2008-06-17 17:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-10 17:14 . 2008-06-13 07:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 17:14 . 2008-06-13 07:10 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 16:34 . 2008-06-10 16:34 <DIR> d-------- C:\audio 2008-06-09 20:16 . 2008-06-09 20:16 <DIR> d-------- C:\Program Files\AC3Filter 2008-06-09 20:16 . 2007-06-07 13:11 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-06-09 17:36 . 2008-06-09 17:36 <DIR> d-------- C:\Program Files\MP3Parse 2008-06-09 17:22 . 2008-06-09 17:22 <DIR> d-------- C:\Program Files\Xvid 2008-06-09 17:22 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-06-09 17:22 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-06-09 17:22 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-06-09 17:20 . 1999-05-28 15:13 301,568 --a------ C:\WINDOWS\system32\L3CODECP.ACM 2008-06-09 17:20 . 1998-04-30 14:56 129,024 --a------ C:\WINDOWS\UNWISE.EXE 2008-06-09 17:11 . 2008-06-09 17:11 0 --a------ C:\WINDOWS\GraphEdt.INI 2008-06-09 16:50 . 2008-06-09 16:50 <DIR> d-------- C:\Program Files\SHOUTcast Source 2008-06-09 16:50 . 2008-06-09 16:50 <DIR> d-------- C:\Program Files\DSP-worx 2008-06-09 16:49 . 2008-06-09 16:49 <DIR> d-------- C:\Program Files\OpenSource OGG Splitter 2008-06-09 16:49 . 2008-06-09 16:49 <DIR> d-------- C:\Program Files\CDXA Image Reader Filter (SVCDXCD) 2008-06-09 16:49 . 2008-06-09 16:49 49,604 --a------ C:\WINDOWS\system32\RadLightOFRUninstall.exe 2008-06-09 16:36 . 2008-06-09 16:36 <DIR> d-------- C:\Program Files\CD Audio Reader Filter 2008-06-09 16:35 . 2008-06-09 16:51 <DIR> d-------- C:\Program Files\ffdshow 2008-06-09 16:33 . 2008-06-09 16:33 <DIR> d-------- C:\Program Files\DirectVobSub 2008-06-09 16:33 . 2008-06-09 16:33 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2008-06-07 22:09 . 2008-06-07 22:10 <DIR> d-------- C:\Program Files\Panda Security 2008-06-07 13:02 . 2008-06-07 15:00 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-07 13:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-06-06 08:27 . 2008-06-06 08:27 <DIR> d-------- C:\WINDOWS\system32\com 2008-06-06 08:27 . 2008-06-16 19:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2008-06-06 08:23 . 2008-06-06 08:23 <DIR> d--hs---- C:\found.000 2008-06-06 07:58 . 2008-06-06 07:58 27,136 --a------ C:\WINDOWS\CYK36.tmp 2008-06-03 19:48 . 2008-06-03 19:48 27,136 --a------ C:\WINDOWS\CYK3B.tmp 2008-06-01 17:23 . 2008-06-03 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Common Files\Canon 2008-05-31 12:18 . 2008-05-31 12:18 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-28 22:32 . 2008-05-28 22:32 27,136 --a------ C:\WINDOWS\CYK139.tmp 2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-05-25 17:02 . 2008-05-25 17:02 66,336 --ah----- C:\BBACADEM 2008-05-22 19:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-05-22 19:54 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-05-22 17:24 . 2008-05-22 17:24 142 --a------ C:\WINDOWS\7thLevel.ini 2008-05-22 17:01 . 1995-01-30 01:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 05:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-19 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-19 05:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-19 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-19 00:31 --------- d-----w C:\Program Files\Winamp 2008-06-18 00:09 --------- d-----w C:\Program Files\iTunes 2008-06-18 00:09 --------- d-----w C:\Program Files\iPod 2008-06-18 00:07 --------- d-----w C:\Program Files\QuickTime 2008-06-18 00:07 --------- d-----w C:\Program Files\Bonjour 2008-06-17 01:53 --------- d-----w C:\Program Files\Incomplete 2008-06-16 21:15 --------- d-----w C:\Program Files\LimeWire 2008-06-14 21:32 --------- d-----w C:\Program Files\Windows Live 2008-06-14 21:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-09 21:28 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter 2008-06-09 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-09 02:27 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-06-09 02:21 --------- d-----w C:\Program Files\LucasArts 2008-06-07 19:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-07 06:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-07 06:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-06-07 06:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-07 06:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-06-07 06:39 --------- d-----w C:\Program Files\Symantec 2008-06-01 23:26 --------- d-----w C:\Program Files\Canon 2008-05-16 02:16 27,136 ----a-w C:\WINDOWS\CYK51.tmp 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-30 22:52 --------- d-----w C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\LimeWire 2008-04-25 21:08 --------- d-----w C:\Program Files\Apple Software Update 2008-04-24 05:53 27,136 ----a-w C:\WINDOWS\CYK97F.tmp 2008-04-24 05:40 27,136 ----a-w C:\WINDOWS\CYK97D.tmp 2008-04-24 05:35 --------- d-----w C:\Program Files\DVDVideoSoft 2008-04-24 05:35 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-09 13:17 27,136 ----a-w C:\WINDOWS\CYK3A.tmp 2008-04-05 02:12 27,136 ----a-w C:\WINDOWS\CYK3C.tmp 2008-04-01 04:34 27,136 ----a-w C:\WINDOWS\CYK39.tmp 2008-03-30 20:09 27,136 ----a-w C:\WINDOWS\CYK125.tmp 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2005-01-09 22:46 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys . ------- Sigcheck ------- 2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe 2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe 2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll 2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll 2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll 2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll 2005-05-25 13:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-13 11:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-25 13:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe 2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys 2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys 2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2005-03-01 18:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 10:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 03:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2005-03-01 18:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 06:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 02:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 02:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 13:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe 2005-03-01 19:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 10:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 03:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2005-03-01 18:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 08:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 03:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 03:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\ntoskrnl.exe 2004-08-04 13:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe 2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe 2007-06-13 05:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe 2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe 2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe 2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe 2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-18_23.47.06.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-19 05:20:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-20 22:14:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-04-14 11:01:02 272,128 ----a-w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-06-13 13:10:50 272,128 ----a-w C:\WINDOWS\Driver Cache\i386\bthport.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-03-20 20:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cyrillic Keyboard"="C:\CYRSTART\CYRKBD32.EXE" [2004-01-30 06:01 124928] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SymLnch"="C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.AE066C3A9B^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\HP_Owner.AE066C3A9B\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2004-07-03 03:49 57344 C:\WINDOWS\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a------ 2004-07-06 02:05 2550272 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-14 11:01 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-03 16:29 165784 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] --a------ 2004-06-07 19:42 659456 C:\WINDOWS\system32\hphmon06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --ahs---- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2002-10-16 17:57 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-07-01 19:58 73728 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2004-08-07 15:03 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "MDM"=2 (0x2) "ISPwdSvc"=3 (0x3) "UleadBurningHelper"=2 (0x2) "Capture Device Service"=2 (0x2) "usnjsvc"=3 (0x3) "ose"=3 (0x3) "Adobe LM Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "LiveUpdate Notice"=2 (0x2) "LiveUpdate"=3 (0x3) "Automatic LiveUpdate Scheduler"=2 (0x2) "Bonjour Service"=2 (0x2) "Adobe Version Cue CS3"=3 (0x3) "WLSetupSvc"=3 (0x3) "comHost"=3 (0x3) "rpcapd"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S4 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2c5d1d8-0a48-11dc-a032-00112f7afb51}] \Shell\AutoRun\command - K:\autorun.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-18 14:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-17 02:00:07 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-20 23:22:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-20 23:25:20 ComboFix-quarantined-files.txt 2008-06-21 05:25:13 Post-Run: 122,875,441,152 bytes free 361 --- E O F --- 2008-06-20 09:01:36 Last edited by kiranaus; 06-20-2008 at 11:27 PM. |
|
|
|
|
|
06-20-2008, 11:46 PM
|
#34 (permalink) | |||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Quote:
* Quote:
* Quote:
Please tell me how long you have had this hard disk
__________________
Question - what have you done for the community today? |
|||
|
|
|
|
06-21-2008, 12:18 AM
|
#35 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
Was it the disk checks themselves that caused the issue, or did they just signal that something was up ( I thought that was the point of it)
The hard disk came with the computer, when I bought it (approximately 6 years ago). |
|
|
|
|
06-21-2008, 12:37 AM
|
#36 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
When a disk develops bad sectors, the OS wont be able to read data from those exact sectors. This triggers Windows disk check which in turns attempts to scavenge/recover data from those sectors. Sometimes data is not 100% recovered. Thus, you end up with bits & pieces. If you analyse the data from our log:
2008-06-06 08:27:33 0 d-------- C:\WINDOWS\system32\CatRoot 2008-06-06 08:27:14 0 d-------- C:\WINDOWS\system32\com 2008-06-06 08:23:40 0 d--hs---- C:\found.000 The folders CatRoot + Com were re-created on 2008-06-06. This means bad sectors affected them & the Operating System found them to be missing after the reboot & tried to re-create them. Unfortunately, only the container folders gets recreated; the contents of those folders aren't recreated. You would also see that another folder named C:\Found.000 got created around the approximate same time. These are the files 'recovered' by Disck Check. I recommend that you purchase a new disk. This one is failing. There's no telling when it will totally fail. When it does, you will lose any/all personal data/documents. Best backup while you still can.
__________________
Question - what have you done for the community today? |
|
|
|
|
06-21-2008, 12:55 AM
|
#38 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Here, I found you an article that explains it well > http://en.wikipedia.org/wiki/Hard_disk_failure
__________________
Question - what have you done for the community today? |
|
|
|
|
06-21-2008, 01:02 AM
|
#39 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 26
OS: xp sp2
|
Re: Possible Malware Issue
Alright.
Your help (and chemist's) was greatly appreciated nonetheless. I'll gladly follow any final advice/procedures you may have. Just a quick question: What's the effect of improperly shutting down/rebooting a computer, that I'm always reading about. I never find a straight answer. |
|
|
|
|
06-21-2008, 01:17 AM
|
#40 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,338
OS: N/A
|
Re: Possible Malware Issue
Quote:
Depends on what type of file system the machine has. If it's FAT32, you should get ChkDsk after each bad shutdown. NTFS on the other hand is much more forgiving. Still, it's never advisable to yank the cord. * Shut down processes must be given the opportunity to be written to the hard disk. * Data in memory must be offloaded to the hard disk * Hard disks needs to spin down. I recommend that you give some priority to backing the data. With luck, you should be able to clone the contents of this disk to a new one.
__________________
Question - what have you done for the community today? Last edited by sUBs; 06-21-2008 at 01:20 AM. |
|
|
|
|
| Thread Tools | |
|
|
