Solved FBI warning malware straight to boot-looping

Eric Witzling · Nov 15, 2012

I have a PC (XP Pro, Windows Updates current) where a user clicked on a bad link in an email (shocking) and picked up one of the FBI Warning takeover malware. No ability to even bring up the Task Manager, and all that jazz. They attempted to reboot into Safe Mode, but it would reboot itself when trying to do so. Which also happened when trying to get back into Normal. Or using Last Known Good Configuration. Or anything else.

As such, there's no ability to run any of the tests and find anything out ahead of time. I'm wondering what the best way to try to peel apart the first layer of this onion is. Run CHKDSK off another boot disk to start, just in case the malware is running afoul of a pre-existing bad sector? Or is this something that's known from the FBI Takeover stuff at this point? I've cleaned up a few of these machines before, and from the beginning some would stop the user from going into Safe Mode... but you could always get back to Normal. Are they pulling something new now that can cause this boot-looping behavior straight off?

Thanks in advance for any advice.

Jay Pfoutz · Nov 15, 2012

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Delete.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Eric Witzling · Nov 15, 2012

Sorry if it seems like I'm skipping steps, but I want to be sure. I cannot access the system's Normal mode, or any Safe modes. Since the PC is bootable in no way as it stands, I either have to pull the drive out and run it attached to another machine, run things from a Windows installer disk's Recovery mode, or using a boot disk like Reatogo-X-PE.

What is your preferred handling method at this stage? Will any/all of the aforementioned tests run properly from Reatogo, or should I submit a different subset?

Jay Pfoutz · Nov 16, 2012

OTLPE + Farbar Recovery Scan Tool

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

Insert the flash drive with FRST on it
Locate the flash drive and run FSRT
The tool will start to run.

When the tool opens click Yes to disclaimer.
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

Eric Witzling · Nov 16, 2012

Ah yes, I believe OTLPE is the tool you pointed me at with earlier cleanup attempts. "reatogo-X-PE" is what's on the background wallpaper when I boot it up. Anything referring to "Task Scheduler" in the "mike" user profile is definitely related to the FBI scareware. And (No File) references are because I had renamed that earlier to see if it would make any difference kicking that referenced file, before starting the ticket here. (It did not. MBR fragility is likely of primary importance for this one.) The Task Scheduler renaming is the only thing I did previously to this thread.

---------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012
Ran by SYSTEM at 16-11-2012 12:08:11
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] ()
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [393216 2009-04-23] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [72256 2009-04-24] ()
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-28] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2009-07-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [77887 2003-02-25] (Novell, Inc., c/o Corel Corporation Limited)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2007-08-03] (LogMeIn, Inc.)
HKLM\...\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2007-08-29] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s [407368 2008-02-08] (CA)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Task Scheduler] "C:\Documents and Settings\mike\Application Data\Task Scheduler\Task Scheduler.exe" [x]
HKU\Administrator\...\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE [x]
HKU\administrator.CP\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-03] (Google Inc.)
HKU\mike\...\Run: [Google Update] "C:\Documents and Settings\mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-21] (Google Inc.)
HKU\mike\...\Run: [Task Scheduler] "C:\Documents and Settings\mike\Application Data\Task Scheduler\Task Scheduler.exe" [x]
HKU\mike\...\Policies\system: [DisableTaskMgr] 1
HKU\mike\...\Policies\system: [DisableRegistryTools] 1
HKU\setup\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [X]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon:
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.220 8.8.8.8
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\Task Scheduler.lnk
ShortcutTarget: Task Scheduler.lnk -> C:\Documents and Settings\Default User\Application Data\Task Scheduler\Task Scheduler.exe (No File)

==================== Services (Whitelisted) ===================

2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
2 iGateway; "C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe" [106496 2007-02-05] (CA, Inc.)
2 InoRPC; "C:\Program Files\CA\eTrustITM\InoRpc.exe" [192512 2009-12-21] (CA)
2 InoRT; "C:\Program Files\CA\eTrustITM\InoRT.exe" [208896 2009-12-21] (CA)
2 InoTask; "C:\Program Files\CA\eTrustITM\InoTask.exe" [389960 2011-02-15] (CA)
2 ITMRTSVC; "C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe" [283888 2009-12-21] (CA, Inc.)
2 NitroDriverReadSpool; "C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe" [188736 2009-09-15] (Nitro PDF Software)
2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [64064 2009-04-24] ()
4 QuickBooksDB18; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)
2 SAAZappr; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe" SAAZappr [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZapsc; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe" SAAZapsc [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZDPMACTL; "C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
4 SAAZRemoteSupport; "C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe" [78664 2010-08-09] (Zenith Infotech Ltd)
2 SAAZScheduler; "C:\PROGRA~1\SAAZOD\SAAZScheduler.exe" [77824 2010-08-09] (Zenith Infotech Ltd)
2 SAAZServerPlus; "C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe" [77824 2009-04-30] (Zenith Infotech Ltd)
2 SAAZWatchDog; "C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
2 TVT Backup Protection Service; "C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [520192 2008-11-24] ()
3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 SUService; c:\program files\lenovo\system update\suservice.exe [x]
2 ThinkVantage Registry Monitor Service; "c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [x]
2 TVT Scheduler; "c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [x]

==================== Drivers (Whitelisted) ====================

3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
0 INO_FLPY; C:\Windows\System32\Drivers\ino_flpy.sys [27536 2007-08-06] (Computer Associates)
2 INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys [184080 2007-10-18] (Computer Associates)
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
2 pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-07-23] (Microsoft Corporation)
3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [5760 2008-03-06] ()
3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
4 LMIRfsClientNP; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
1 SASDIFSV; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 12:16 - 2012-11-15 11:14 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-10-17 23:20 - 2012-10-17 23:20 - 00008320 ____A C:\Windows\KB2705219-v2.log
2012-10-17 23:20 - 2012-10-17 23:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219-v2$
2012-10-17 23:20 - 2012-07-06 08:58 - 00078336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\browser.dll
2012-10-17 23:19 - 2012-10-17 23:19 - 00007243 ____A C:\Windows\KB2712808.log
2012-10-17 23:19 - 2012-10-17 23:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$

==================== One Month Modified Files and Folders ========

2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:39 - 2011-02-10 12:02 - 00000000 ____D C:\download
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:14 - 2012-11-14 12:16 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 13:32 - 2009-09-11 14:49 - 00000762 ____A C:\Windows\System32\gotomon.log
2012-11-14 13:32 - 2009-09-09 14:32 - 00000178 __ASH C:\Documents and Settings\administrator.CP\ntuser.ini
2012-11-14 13:32 - 2009-09-09 13:36 - 00000178 __ASH C:\Documents and Settings\mike\ntuser.ini
2012-11-14 13:32 - 2008-07-21 17:50 - 00000263 __RSH C:\boot.ini
2012-11-14 13:32 - 2008-07-21 17:05 - 00032502 ____A C:\Windows\SchedLgU.Txt
2012-11-14 13:32 - 2008-07-21 17:05 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 13:32 - 2008-07-21 17:01 - 01338881 ____A C:\Windows\WindowsUpdate.log
2012-11-14 13:24 - 2010-06-06 12:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-14 13:24 - 2008-07-21 17:50 - 00002278 ____A C:\Windows\System32\wpa.dbl
2012-11-14 13:21 - 2009-09-09 13:36 - 00000062 __ASH C:\Documents and Settings\mike\Local Settings\desktop.ini
2012-11-14 13:20 - 2009-09-09 13:41 - 00000104 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-14 13:14 - 2010-08-09 14:09 - 00000000 ____D C:\Program Files\SAAZOD
2012-11-14 13:11 - 2009-09-09 14:32 - 00000062 __ASH C:\Documents and Settings\administrator.CP\Local Settings\desktop.ini
2012-11-14 13:09 - 2009-09-08 13:17 - 00000520 ____A C:\Windows\System32\ICAutoUpdate.log.bak
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-14 13:06 - 2010-06-06 12:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-14 13:02 - 2012-07-03 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-14 12:44 - 2009-09-08 13:16 - 00000254 ____A C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2012-11-14 12:35 - 2012-03-28 11:20 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118UA.job
2012-11-14 12:17 - 2009-09-09 15:53 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-11-14 12:14 - 2009-09-28 08:11 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Nitro PDF
2012-11-14 10:32 - 2011-09-15 08:18 - 00001615 ____A C:\Documents and Settings\mike\Desktop\MGP SCANS - Shortcut.lnk
2012-11-14 08:39 - 2009-09-09 15:51 - 00002341 ____A C:\Documents and Settings\mike\Desktop\WordPerfect.lnk
2012-11-14 08:35 - 2012-03-28 11:20 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118Core.job
2012-11-14 08:09 - 2009-09-09 14:11 - 00002521 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Outlook 2007.lnk
2012-11-14 06:47 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\security
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-11-12 22:34 - 2008-07-21 17:50 - 00000607 ____A C:\Windows\win.ini
2012-11-12 08:37 - 2012-03-28 11:21 - 00002284 ____A C:\Documents and Settings\mike\Desktop\Google Chrome.lnk
2012-11-12 00:02 - 2010-08-09 14:11 - 00001300 ____A C:\Windows\System32\ipstuffNew.txt
2012-11-10 20:00 - 2009-07-23 14:32 - 00000436 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-11-06 16:23 - 2010-08-09 15:26 - 00000000 ____D C:\Program Files\LogMeIn
2012-11-06 16:22 - 2009-09-09 15:53 - 00092072 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-06 16:22 - 2009-09-09 15:53 - 00031144 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-11-05 16:25 - 2008-07-21 09:55 - 00593798 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-05 16:22 - 2009-09-09 13:42 - 00000000 __SHD C:\Windows\CSC
2012-10-24 09:49 - 2009-09-09 14:11 - 00002515 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Word 2007.lnk
2012-10-17 23:20 - 2012-10-17 23:20 - 00008320 ____A C:\Windows\KB2705219-v2.log
2012-10-17 23:20 - 2012-10-17 23:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219-v2$
2012-10-17 23:20 - 2009-07-23 14:13 - 00146537 ____A C:\Windows\updspapi.log
2012-10-17 23:20 - 2009-07-23 14:12 - 00000000 ___HD C:\Windows\$hf_mig$
2012-10-17 23:20 - 2008-07-21 09:55 - 01387747 ____A C:\Windows\iis6.log
2012-10-17 23:20 - 2008-07-21 09:55 - 01266979 ____A C:\Windows\FaxSetup.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00612140 ____A C:\Windows\ocgen.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00585302 ____A C:\Windows\tsoc.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00430609 ____A C:\Windows\comsetup.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00387276 ____A C:\Windows\msmqinst.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00259350 ____A C:\Windows\ntdtcsetup.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00221556 ____A C:\Windows\netfxocm.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00087348 ____A C:\Windows\MedCtrOC.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00069969 ____A C:\Windows\ocmsn.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00064116 ____A C:\Windows\tabletoc.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00063289 ____A C:\Windows\msgsocm.log
2012-10-17 23:20 - 2008-07-21 09:55 - 00001393 ____A C:\Windows\imsins.log
2012-10-17 23:19 - 2012-10-17 23:19 - 00007243 ____A C:\Windows\KB2712808.log
2012-10-17 23:19 - 2012-10-17 23:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$
2012-10-17 23:19 - 2008-07-21 09:55 - 00001393 ____A C:\Windows\imsins.BAK

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-11-14 00:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9822

RP: -> 2012-11-13 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9821

RP: -> 2012-11-12 00:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9820

RP: -> 2012-11-11 00:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9819

RP: -> 2012-11-10 00:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9818

RP: -> 2012-11-09 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9817

RP: -> 2012-11-08 00:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9816

RP: -> 2012-11-07 00:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9815

RP: -> 2012-11-06 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9814

RP: -> 2012-11-06 00:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9813

RP: -> 2012-11-05 16:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9812

RP: -> 2012-10-28 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9811

RP: -> 2012-10-28 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9810

RP: -> 2012-10-27 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9809

RP: -> 2012-10-26 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9808

RP: -> 2012-10-25 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9807

RP: -> 2012-10-24 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9806

RP: -> 2012-10-23 23:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9805

RP: -> 2012-10-22 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9804

RP: -> 2012-10-21 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9803

RP: -> 2012-10-20 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9802

RP: -> 2012-10-20 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9801

RP: -> 2012-10-19 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9800

RP: -> 2012-10-18 23:17 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9799

RP: -> 2012-10-17 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9798

RP: -> 2012-10-17 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9797

RP: -> 2012-10-17 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9796

RP: -> 2012-10-16 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9795

RP: -> 2012-10-15 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9794

RP: -> 2012-10-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9793

RP: -> 2012-10-14 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9792

RP: -> 2012-10-13 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9791

RP: -> 2012-10-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9790

RP: -> 2012-10-12 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9789

RP: -> 2012-10-11 23:03 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9788

RP: -> 2012-10-10 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9787

RP: -> 2012-10-09 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9786

RP: -> 2012-10-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9785

RP: -> 2012-10-07 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9784

RP: -> 2012-10-06 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9783

RP: -> 2012-10-05 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9782

RP: -> 2012-10-05 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9781

RP: -> 2012-10-04 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9780

RP: -> 2012-10-03 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9779

RP: -> 2012-10-02 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9778

RP: -> 2012-10-02 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9777

RP: -> 2012-10-02 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9776

RP: -> 2012-10-02 20:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9775

RP: -> 2012-10-02 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9774

RP: -> 2012-10-02 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9773

RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9772

RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9771

RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9770

RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9769

RP: -> 2012-10-01 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9768

RP: -> 2012-10-01 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9767

RP: -> 2012-10-01 22:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9766

RP: -> 2012-10-01 18:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9765

RP: -> 2012-10-01 16:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9764

RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9763

RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9762

RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9761

RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9760

RP: -> 2012-09-30 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9759

RP: -> 2012-09-30 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9758

RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9757

RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9756

RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9755

RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9754

RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9753

RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9752

RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9751

RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9750

RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9749

RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9748

RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9747

RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9746

RP: -> 2012-09-29 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9745

RP: -> 2012-09-29 23:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9744

RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9743

RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9742

RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9741

RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9740

RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9739

RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9738

RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9737

RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9736

RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9735

RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9734

RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9733

RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9732

RP: -> 2012-09-28 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9731

RP: -> 2012-09-28 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9730

RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9729

RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9728

RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9727

RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9726

RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9725

RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9724

RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9723

RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9722

RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9721

RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9720

RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9719

RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9718

RP: -> 2012-09-27 23:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9717

RP: -> 2012-09-27 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9716

RP: -> 2012-09-27 22:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9715

RP: -> 2012-09-27 18:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9714

RP: -> 2012-09-27 16:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9713

RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9712

RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9711

RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9710

RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9709

RP: -> 2012-09-26 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9708

RP: -> 2012-09-26 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9707

RP: -> 2012-09-26 21:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9706

RP: -> 2012-09-26 17:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9705

RP: -> 2012-09-26 15:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9704

RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9703

RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9702

RP: -> 2012-09-25 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9701

RP: -> 2012-09-25 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9700

RP: -> 2012-09-25 22:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9699

RP: -> 2012-09-25 20:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9698

RP: -> 2012-09-25 18:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9697

RP: -> 2012-09-25 16:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9696

RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9695

RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9694

RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9693

RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9692

RP: -> 2012-09-24 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9691

RP: -> 2012-09-24 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9690

RP: -> 2012-09-24 22:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9689

RP: -> 2012-09-24 20:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9688

RP: -> 2012-09-24 18:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9687

RP: -> 2012-09-24 16:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9686

RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9685

RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9684

RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9683

RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9682

RP: -> 2012-09-23 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9681

RP: -> 2012-09-23 23:09 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9680

RP: -> 2012-09-23 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9679

RP: -> 2012-09-23 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9678

RP: -> 2012-09-23 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9677

RP: -> 2012-09-23 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9676

RP: -> 2012-09-23 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9675

RP: -> 2012-09-23 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9674

RP: -> 2012-09-22 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9673

RP: -> 2012-09-22 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9672

RP: -> 2012-09-22 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9671

RP: -> 2012-09-22 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9670

RP: -> 2012-09-22 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9669

RP: -> 2012-09-22 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9668

RP: -> 2012-09-22 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9667

RP: -> 2012-09-22 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9666

RP: -> 2012-09-21 23:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9665

RP: -> 2012-09-21 23:27 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9664

RP: -> 2012-09-21 22:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9663

RP: -> 2012-09-21 20:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9662

RP: -> 2012-09-21 18:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9661

RP: -> 2012-09-21 16:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9660

RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9659

RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9658

RP: -> 2012-09-20 23:40 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9657

RP: -> 2012-09-20 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9656

RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9655

RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9654

RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9653

RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9652

RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9651

RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9650

RP: -> 2012-09-20 16:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9649

RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9648

RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9647

RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9646

RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9645

RP: -> 2012-09-19 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9644

RP: -> 2012-09-19 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9643

RP: -> 2012-09-19 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9642

RP: -> 2012-09-19 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9641

RP: -> 2012-09-19 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9640

RP: -> 2012-09-19 16:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9639

RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9638

RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9637

RP: -> 2012-09-18 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9636

RP: -> 2012-09-18 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9635

RP: -> 2012-09-18 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9634

RP: -> 2012-09-18 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9633

RP: -> 2012-09-18 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9632

RP: -> 2012-09-18 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9631

RP: -> 2012-09-18 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9630

RP: -> 2012-09-18 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9629

RP: -> 2012-09-17 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9628

RP: -> 2012-09-17 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9627

RP: -> 2012-09-17 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9626

RP: -> 2012-09-17 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9625

RP: -> 2012-09-17 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9624

RP: -> 2012-09-17 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9623

RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9622

RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9621

RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9620

RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9619

RP: -> 2012-09-16 23:36 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9618

RP: -> 2012-09-16 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9617

RP: -> 2012-09-16 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9616

RP: -> 2012-09-16 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9615

RP: -> 2012-09-16 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9614

RP: -> 2012-09-16 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9613

RP: -> 2012-09-16 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9612

RP: -> 2012-09-16 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9611

RP: -> 2012-09-15 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9610

RP: -> 2012-09-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9609

RP: -> 2012-09-15 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9608

RP: -> 2012-09-15 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9607

RP: -> 2012-09-15 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9606

RP: -> 2012-09-15 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9605

RP: -> 2012-09-15 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9604

RP: -> 2012-09-15 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9603

RP: -> 2012-09-15 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9602

RP: -> 2012-09-14 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9601

RP: -> 2012-09-14 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9600

RP: -> 2012-09-14 22:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9599

RP: -> 2012-09-14 20:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9598

RP: -> 2012-09-14 18:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9597

RP: -> 2012-09-14 16:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9596

RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9595

RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9594

RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9593

RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9592

RP: -> 2012-09-13 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9591

RP: -> 2012-09-13 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9590

RP: -> 2012-09-13 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9589

RP: -> 2012-09-13 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9588

RP: -> 2012-09-13 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9587

RP: -> 2012-09-13 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9586

RP: -> 2012-09-13 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9585

RP: -> 2012-09-13 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9584

RP: -> 2012-09-12 23:38 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9583

RP: -> 2012-09-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9582

RP: -> 2012-09-12 22:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9581

RP: -> 2012-09-12 20:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9580

RP: -> 2012-09-12 18:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9579

RP: -> 2012-09-12 16:34 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9578

RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9577

RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9576

RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9575

RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9574

RP: -> 2012-09-11 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9573

RP: -> 2012-09-11 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9572

RP: -> 2012-09-11 22:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9571

RP: -> 2012-09-11 20:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9570

RP: -> 2012-09-11 18:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9569

RP: -> 2012-09-11 16:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9568

RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9567

RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9566

RP: -> 2012-09-11 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9565

RP: -> 2012-09-11 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9564

RP: -> 2012-09-10 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9563

RP: -> 2012-09-10 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9562

RP: -> 2012-09-10 22:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9561

RP: -> 2012-09-10 20:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9560

RP: -> 2012-09-10 18:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9559

RP: -> 2012-09-10 16:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9558

RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9557

RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9556

RP: -> 2012-09-10 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9555

RP: -> 2012-09-10 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9554

RP: -> 2012-09-09 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9553

RP: -> 2012-09-09 23:01 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9552

RP: -> 2012-09-09 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9551

RP: -> 2012-09-09 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9550

RP: -> 2012-09-09 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9549

RP: -> 2012-09-09 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9548

RP: -> 2012-09-09 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9547

RP: -> 2012-09-09 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9546

RP: -> 2012-09-08 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9545

RP: -> 2012-09-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9544

RP: -> 2012-09-08 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9543

RP: -> 2012-09-08 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9542

RP: -> 2012-09-08 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9541

RP: -> 2012-09-08 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9540

RP: -> 2012-09-08 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9539

RP: -> 2012-09-08 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9538

RP: -> 2012-09-07 23:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9537

RP: -> 2012-09-07 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9536

RP: -> 2012-09-07 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9535

RP: -> 2012-09-07 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9534

RP: -> 2012-09-07 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9533

RP: -> 2012-09-07 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9532

RP: -> 2012-09-07 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9531

RP: -> 2012-09-07 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9530

RP: -> 2012-09-07 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9529

RP: -> 2012-09-07 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9528

RP: -> 2012-09-06 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9527

RP: -> 2012-09-06 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9526

RP: -> 2012-09-06 21:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9525

RP: -> 2012-09-06 19:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9524

RP: -> 2012-09-06 17:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9523

RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9522

RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9521

RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9520

RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9519

RP: -> 2012-09-05 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9518

RP: -> 2012-09-05 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9517

RP: -> 2012-09-05 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9516

RP: -> 2012-09-05 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9515

RP: -> 2012-09-05 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9514

RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9513

RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9512

RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9511

RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9510

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3037.17 MB
Available physical RAM: 2675.26 MB
Total Pagefile: 2862.02 MB
Available Pagefile: 2726.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.02 GB) NTFS
2 Drive c: (Preload) (Fixed) (Total:229.47 GB) (Free:154.11 GB) NTFS ==>[Drive with boot components (Windows XP)]
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

=========================================================
==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 12-11-2012
Ran by SYSTEM at 2012-11-16 12:14:11
Running from B:\Documents and Settings\Default User\Desktop

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2008-07-21 17:50] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\system32\dllcache\services.exe
[2009-09-08 13:28] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 13:36] - [2008-04-14 07:00] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 13:28] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2009-09-08 13:17] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\OLD PC\WINDOWS\system32\services.exe
[2009-09-08 16:38] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de

C:\OLD PC\WINDOWS\system32\dllcache\services.exe
[2009-09-08 16:39] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de

C:\OLD PC\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009-09-08 16:40] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\OLD PC\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 16:43] - [2004-08-04 06:00] - 0108032 ____N (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 06:06] - 0110592 ____N (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-09-08 16:44] - [2009-02-06 06:11] - 0110592 ____N (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 05:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd

=== End Of Search ===

Jay Pfoutz · Nov 17, 2012

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\mike\...\Run: [Task Scheduler] "C:\Documents and Settings\mike\Application Data\Task Scheduler\Task Scheduler.exe" [x]
HKU\mike\...\Policies\system: [DisableTaskMgr] 1
HKU\mike\...\Policies\system: [DisableRegistryTools] 1
Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\Task Scheduler.lnk
ShortcutTarget: Task Scheduler.lnk -> C:\Documents and Settings\Default User\Application Data\Task Scheduler\Task Scheduler.exe (No File)
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Eric Witzling · Nov 17, 2012

Fixlog below. Will follow up with boot behavior.

--------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-11-2012
Ran by SYSTEM at 2012-11-17 19:14:09 Run:1
Running from B:\Documents and Settings\Default User\Desktop
==============================================
HKEY_USERS\mike\Software\Microsoft\Windows\CurrentVersion\Run\\Task Scheduler Value deleted successfully.
HKEY_USERS\mike\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.
HKEY_USERS\mike\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools Value deleted successfully.
C:\Documents and Settings\mike\Start Menu\Programs\Startup\Task Scheduler.lnk moved successfully.
C:\Documents and Settings\Default User\Application Data\Task Scheduler\Task Scheduler.exe not found.
==== End of Fixlog ====

Eric Witzling · Nov 17, 2012

Still rebooting when attempting any mode, Normal or Safe. Did not want to use "Last Known" and potentially undo any changes. Having it stall at the fail screen reveals a BSD with no particular information on it. (Generic stop code that is always there, but no driver or file mention.) Watching the drivers spool out, the system reboots itself after mup.sys, which is common enough.

Don't know if it will be helpful, but the stop code is the only piece of information left I can give:
0x0000007b (0xF78AA524, 0xC0000034, 0x00000000, 0x00000000)

All boot sector-virusy, I suppose.

Jay Pfoutz · Nov 18, 2012

We'll see...next FRST log please...

Eric Witzling · Nov 18, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2012
Ran by SYSTEM at 18-11-2012 22:28:57
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] ()
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [393216 2009-04-23] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [72256 2009-04-24] ()
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-28] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2009-07-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [77887 2003-02-25] (Novell, Inc., c/o Corel Corporation Limited)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2007-08-03] (LogMeIn, Inc.)
HKLM\...\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2007-08-29] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s [407368 2008-02-08] (CA)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Task Scheduler] "C:\Documents and Settings\mike\Application Data\Task Scheduler\Task Scheduler.exe" [x]
HKU\Administrator\...\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE [x]
HKU\administrator.CP\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-03] (Google Inc.)
HKU\mike\...\Run: [Google Update] "C:\Documents and Settings\mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-21] (Google Inc.)
HKU\setup\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [X]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon:
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.220 8.8.8.8
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
==================== Services (Whitelisted) ===================
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
2 iGateway; "C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe" [106496 2007-02-05] (CA, Inc.)
2 InoRPC; "C:\Program Files\CA\eTrustITM\InoRpc.exe" [192512 2009-12-21] (CA)
2 InoRT; "C:\Program Files\CA\eTrustITM\InoRT.exe" [208896 2009-12-21] (CA)
2 InoTask; "C:\Program Files\CA\eTrustITM\InoTask.exe" [389960 2011-02-15] (CA)
2 ITMRTSVC; "C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe" [283888 2009-12-21] (CA, Inc.)
2 NitroDriverReadSpool; "C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe" [188736 2009-09-15] (Nitro PDF Software)
2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [64064 2009-04-24] ()
4 QuickBooksDB18; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)
2 SAAZappr; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe" SAAZappr [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZapsc; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe" SAAZapsc [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZDPMACTL; "C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
4 SAAZRemoteSupport; "C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe" [78664 2010-08-09] (Zenith Infotech Ltd)
2 SAAZScheduler; "C:\PROGRA~1\SAAZOD\SAAZScheduler.exe" [77824 2010-08-09] (Zenith Infotech Ltd)
2 SAAZServerPlus; "C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe" [77824 2009-04-30] (Zenith Infotech Ltd)
2 SAAZWatchDog; "C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
2 TVT Backup Protection Service; "C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [520192 2008-11-24] ()
3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 SUService; c:\program files\lenovo\system update\suservice.exe [x]
2 ThinkVantage Registry Monitor Service; "c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [x]
2 TVT Scheduler; "c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [x]
==================== Drivers (Whitelisted) ====================
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
0 INO_FLPY; C:\Windows\System32\Drivers\ino_flpy.sys [27536 2007-08-06] (Computer Associates)
2 INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys [184080 2007-10-18] (Computer Associates)
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
2 pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-07-23] (Microsoft Corporation)
3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [5760 2008-03-06] ()
3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
4 LMIRfsClientNP; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
1 SASDIFSV; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 12:16 - 2012-11-15 11:14 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
==================== One Month Modified Files and Folders ========
2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:39 - 2011-02-10 12:02 - 00000000 ____D C:\download
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:14 - 2012-11-14 12:16 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 13:32 - 2009-09-11 14:49 - 00000762 ____A C:\Windows\System32\gotomon.log
2012-11-14 13:32 - 2009-09-09 14:32 - 00000178 __ASH C:\Documents and Settings\administrator.CP\ntuser.ini
2012-11-14 13:32 - 2009-09-09 13:36 - 00000178 __ASH C:\Documents and Settings\mike\ntuser.ini
2012-11-14 13:32 - 2008-07-21 17:50 - 00000263 __RSH C:\boot.ini
2012-11-14 13:32 - 2008-07-21 17:05 - 00032502 ____A C:\Windows\SchedLgU.Txt
2012-11-14 13:32 - 2008-07-21 17:05 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 13:32 - 2008-07-21 17:01 - 01338881 ____A C:\Windows\WindowsUpdate.log
2012-11-14 13:24 - 2010-06-06 12:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-14 13:24 - 2008-07-21 17:50 - 00002278 ____A C:\Windows\System32\wpa.dbl
2012-11-14 13:21 - 2009-09-09 13:36 - 00000062 __ASH C:\Documents and Settings\mike\Local Settings\desktop.ini
2012-11-14 13:20 - 2009-09-09 13:41 - 00000104 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-14 13:14 - 2010-08-09 14:09 - 00000000 ____D C:\Program Files\SAAZOD
2012-11-14 13:11 - 2009-09-09 14:32 - 00000062 __ASH C:\Documents and Settings\administrator.CP\Local Settings\desktop.ini
2012-11-14 13:09 - 2009-09-08 13:17 - 00000520 ____A C:\Windows\System32\ICAutoUpdate.log.bak
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-14 13:06 - 2010-06-06 12:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-14 13:02 - 2012-07-03 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-14 12:44 - 2009-09-08 13:16 - 00000254 ____A C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2012-11-14 12:35 - 2012-03-28 11:20 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118UA.job
2012-11-14 12:17 - 2009-09-09 15:53 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-11-14 12:14 - 2009-09-28 08:11 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Nitro PDF
2012-11-14 10:32 - 2011-09-15 08:18 - 00001615 ____A C:\Documents and Settings\mike\Desktop\MGP SCANS - Shortcut.lnk
2012-11-14 08:39 - 2009-09-09 15:51 - 00002341 ____A C:\Documents and Settings\mike\Desktop\WordPerfect.lnk
2012-11-14 08:35 - 2012-03-28 11:20 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118Core.job
2012-11-14 08:09 - 2009-09-09 14:11 - 00002521 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Outlook 2007.lnk
2012-11-14 06:47 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\security
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-11-12 22:34 - 2008-07-21 17:50 - 00000607 ____A C:\Windows\win.ini
2012-11-12 08:37 - 2012-03-28 11:21 - 00002284 ____A C:\Documents and Settings\mike\Desktop\Google Chrome.lnk
2012-11-12 00:02 - 2010-08-09 14:11 - 00001300 ____A C:\Windows\System32\ipstuffNew.txt
2012-11-10 20:00 - 2009-07-23 14:32 - 00000436 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-11-06 16:23 - 2010-08-09 15:26 - 00000000 ____D C:\Program Files\LogMeIn
2012-11-06 16:22 - 2009-09-09 15:53 - 00092072 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-06 16:22 - 2009-09-09 15:53 - 00031144 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-11-05 16:25 - 2008-07-21 09:55 - 00593798 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-05 16:22 - 2009-09-09 13:42 - 00000000 __SHD C:\Windows\CSC
2012-10-24 09:49 - 2009-09-09 14:11 - 00002515 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Word 2007.lnk
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-11-14 00:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9822
RP: -> 2012-11-13 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9821
RP: -> 2012-11-12 00:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9820
RP: -> 2012-11-11 00:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9819
RP: -> 2012-11-10 00:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9818
RP: -> 2012-11-09 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9817
RP: -> 2012-11-08 00:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9816
RP: -> 2012-11-07 00:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9815
RP: -> 2012-11-06 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9814
RP: -> 2012-11-06 00:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9813
RP: -> 2012-11-05 16:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9812
RP: -> 2012-10-28 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9811
RP: -> 2012-10-28 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9810
RP: -> 2012-10-27 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9809
RP: -> 2012-10-26 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9808
RP: -> 2012-10-25 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9807
RP: -> 2012-10-24 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9806
RP: -> 2012-10-23 23:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9805
RP: -> 2012-10-22 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9804
RP: -> 2012-10-21 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9803
RP: -> 2012-10-20 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9802
RP: -> 2012-10-20 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9801
RP: -> 2012-10-19 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9800
RP: -> 2012-10-18 23:17 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9799
RP: -> 2012-10-17 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9798
RP: -> 2012-10-17 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9797
RP: -> 2012-10-17 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9796
RP: -> 2012-10-16 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9795
RP: -> 2012-10-15 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9794
RP: -> 2012-10-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9793
RP: -> 2012-10-14 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9792
RP: -> 2012-10-13 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9791
RP: -> 2012-10-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9790
RP: -> 2012-10-12 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9789
RP: -> 2012-10-11 23:03 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9788
RP: -> 2012-10-10 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9787
RP: -> 2012-10-09 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9786
RP: -> 2012-10-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9785
RP: -> 2012-10-07 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9784
RP: -> 2012-10-06 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9783
RP: -> 2012-10-05 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9782
RP: -> 2012-10-05 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9781
RP: -> 2012-10-04 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9780
RP: -> 2012-10-03 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9779
RP: -> 2012-10-02 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9778
RP: -> 2012-10-02 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9777
RP: -> 2012-10-02 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9776
RP: -> 2012-10-02 20:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9775
RP: -> 2012-10-02 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9774
RP: -> 2012-10-02 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9773
RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9772
RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9771
RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9770
RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9769
RP: -> 2012-10-01 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9768
RP: -> 2012-10-01 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9767
RP: -> 2012-10-01 22:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9766
RP: -> 2012-10-01 18:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9765
RP: -> 2012-10-01 16:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9764
RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9763
RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9762
RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9761
RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9760
RP: -> 2012-09-30 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9759
RP: -> 2012-09-30 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9758
RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9757
RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9756
RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9755
RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9754
RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9753
RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9752
RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9751
RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9750
RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9749
RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9748
RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9747
RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9746
RP: -> 2012-09-29 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9745
RP: -> 2012-09-29 23:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9744
RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9743
RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9742
RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9741
RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9740
RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9739
RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9738
RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9737
RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9736
RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9735
RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9734
RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9733
RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9732
RP: -> 2012-09-28 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9731
RP: -> 2012-09-28 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9730
RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9729
RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9728
RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9727
RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9726
RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9725
RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9724
RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9723
RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9722
RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9721
RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9720
RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9719
RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9718
RP: -> 2012-09-27 23:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9717
RP: -> 2012-09-27 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9716
RP: -> 2012-09-27 22:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9715
RP: -> 2012-09-27 18:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9714
RP: -> 2012-09-27 16:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9713
RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9712
RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9711
RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9710
RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9709
RP: -> 2012-09-26 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9708
RP: -> 2012-09-26 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9707
RP: -> 2012-09-26 21:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9706
RP: -> 2012-09-26 17:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9705
RP: -> 2012-09-26 15:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9704
RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9703
RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9702
RP: -> 2012-09-25 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9701
RP: -> 2012-09-25 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9700
RP: -> 2012-09-25 22:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9699
RP: -> 2012-09-25 20:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9698
RP: -> 2012-09-25 18:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9697
RP: -> 2012-09-25 16:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9696
RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9695
RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9694
RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9693
RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9692
RP: -> 2012-09-24 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9691
RP: -> 2012-09-24 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9690
RP: -> 2012-09-24 22:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9689
RP: -> 2012-09-24 20:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9688
RP: -> 2012-09-24 18:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9687
RP: -> 2012-09-24 16:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9686
RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9685
RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9684
RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9683
RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9682
RP: -> 2012-09-23 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9681
RP: -> 2012-09-23 23:09 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9680
RP: -> 2012-09-23 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9679
RP: -> 2012-09-23 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9678
RP: -> 2012-09-23 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9677
RP: -> 2012-09-23 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9676
RP: -> 2012-09-23 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9675
RP: -> 2012-09-23 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9674
RP: -> 2012-09-22 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9673
RP: -> 2012-09-22 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9672
RP: -> 2012-09-22 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9671
RP: -> 2012-09-22 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9670
RP: -> 2012-09-22 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9669
RP: -> 2012-09-22 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9668
RP: -> 2012-09-22 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9667
RP: -> 2012-09-22 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9666
RP: -> 2012-09-21 23:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9665
RP: -> 2012-09-21 23:27 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9664
RP: -> 2012-09-21 22:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9663
RP: -> 2012-09-21 20:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9662
RP: -> 2012-09-21 18:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9661
RP: -> 2012-09-21 16:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9660
RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9659
RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9658
RP: -> 2012-09-20 23:40 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9657
RP: -> 2012-09-20 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9656
RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9655
RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9654
RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9653
RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9652
RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9651
RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9650
RP: -> 2012-09-20 16:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9649
RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9648
RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9647
RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9646
RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9645
RP: -> 2012-09-19 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9644
RP: -> 2012-09-19 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9643
RP: -> 2012-09-19 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9642
RP: -> 2012-09-19 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9641
RP: -> 2012-09-19 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9640
RP: -> 2012-09-19 16:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9639
RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9638
RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9637
RP: -> 2012-09-18 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9636
RP: -> 2012-09-18 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9635
RP: -> 2012-09-18 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9634
RP: -> 2012-09-18 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9633
RP: -> 2012-09-18 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9632
RP: -> 2012-09-18 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9631
RP: -> 2012-09-18 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9630
RP: -> 2012-09-18 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9629
RP: -> 2012-09-17 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9628
RP: -> 2012-09-17 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9627
RP: -> 2012-09-17 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9626
RP: -> 2012-09-17 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9625
RP: -> 2012-09-17 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9624
RP: -> 2012-09-17 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9623
RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9622
RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9621
RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9620
RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9619
RP: -> 2012-09-16 23:36 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9618
RP: -> 2012-09-16 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9617
RP: -> 2012-09-16 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9616
RP: -> 2012-09-16 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9615
RP: -> 2012-09-16 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9614
RP: -> 2012-09-16 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9613
RP: -> 2012-09-16 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9612
RP: -> 2012-09-16 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9611
RP: -> 2012-09-15 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9610
RP: -> 2012-09-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9609
RP: -> 2012-09-15 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9608
RP: -> 2012-09-15 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9607
RP: -> 2012-09-15 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9606
RP: -> 2012-09-15 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9605
RP: -> 2012-09-15 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9604
RP: -> 2012-09-15 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9603
RP: -> 2012-09-15 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9602
RP: -> 2012-09-14 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9601
RP: -> 2012-09-14 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9600
RP: -> 2012-09-14 22:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9599
RP: -> 2012-09-14 20:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9598
RP: -> 2012-09-14 18:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9597
RP: -> 2012-09-14 16:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9596
RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9595
RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9594
RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9593
RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9592
RP: -> 2012-09-13 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9591
RP: -> 2012-09-13 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9590
RP: -> 2012-09-13 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9589
RP: -> 2012-09-13 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9588
RP: -> 2012-09-13 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9587
RP: -> 2012-09-13 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9586
RP: -> 2012-09-13 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9585
RP: -> 2012-09-13 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9584
RP: -> 2012-09-12 23:38 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9583
RP: -> 2012-09-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9582
RP: -> 2012-09-12 22:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9581
RP: -> 2012-09-12 20:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9580
RP: -> 2012-09-12 18:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9579
RP: -> 2012-09-12 16:34 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9578
RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9577
RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9576
RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9575
RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9574
RP: -> 2012-09-11 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9573
RP: -> 2012-09-11 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9572
RP: -> 2012-09-11 22:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9571
RP: -> 2012-09-11 20:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9570
RP: -> 2012-09-11 18:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9569
RP: -> 2012-09-11 16:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9568
RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9567
RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9566
RP: -> 2012-09-11 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9565
RP: -> 2012-09-11 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9564
RP: -> 2012-09-10 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9563
RP: -> 2012-09-10 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9562
RP: -> 2012-09-10 22:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9561
RP: -> 2012-09-10 20:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9560
RP: -> 2012-09-10 18:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9559
RP: -> 2012-09-10 16:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9558
RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9557
RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9556
RP: -> 2012-09-10 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9555
RP: -> 2012-09-10 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9554
RP: -> 2012-09-09 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9553
RP: -> 2012-09-09 23:01 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9552
RP: -> 2012-09-09 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9551
RP: -> 2012-09-09 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9550
RP: -> 2012-09-09 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9549
RP: -> 2012-09-09 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9548
RP: -> 2012-09-09 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9547
RP: -> 2012-09-09 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9546
RP: -> 2012-09-08 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9545
RP: -> 2012-09-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9544
RP: -> 2012-09-08 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9543
RP: -> 2012-09-08 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9542
RP: -> 2012-09-08 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9541
RP: -> 2012-09-08 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9540
RP: -> 2012-09-08 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9539
RP: -> 2012-09-08 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9538
RP: -> 2012-09-07 23:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9537
RP: -> 2012-09-07 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9536
RP: -> 2012-09-07 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9535
RP: -> 2012-09-07 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9534
RP: -> 2012-09-07 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9533
RP: -> 2012-09-07 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9532
RP: -> 2012-09-07 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9531
RP: -> 2012-09-07 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9530
RP: -> 2012-09-07 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9529
RP: -> 2012-09-07 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9528
RP: -> 2012-09-06 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9527
RP: -> 2012-09-06 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9526
RP: -> 2012-09-06 21:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9525
RP: -> 2012-09-06 19:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9524
RP: -> 2012-09-06 17:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9523
RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9522
RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9521
RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9520
RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9519
RP: -> 2012-09-05 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9518
RP: -> 2012-09-05 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9517
RP: -> 2012-09-05 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9516
RP: -> 2012-09-05 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9515
RP: -> 2012-09-05 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9514
RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9513
RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9512
RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9511
RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9510

==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3037.17 MB
Available physical RAM: 2726.43 MB
Total Pagefile: 2862.02 MB
Available Pagefile: 2762.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.05 GB) NTFS
2 Drive c: (Preload) (Fixed) (Total:229.47 GB) (Free:154.11 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
The disk management services could not complete the operation.
=========================================================
==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 18-11-2012
Ran by SYSTEM at 2012-11-18 22:31:36
Running from B:\Documents and Settings\Default User\Desktop
================== Search: "services.exe" ===================
C:\WINDOWS\system32\services.exe
[2008-07-21 17:50] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\system32\dllcache\services.exe
[2009-09-08 13:28] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 13:36] - [2008-04-14 07:00] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 13:28] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2009-09-08 13:17] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\system32\services.exe
[2009-09-08 16:38] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\system32\dllcache\services.exe
[2009-09-08 16:39] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009-09-08 16:40] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\OLD PC\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 16:43] - [2004-08-04 06:00] - 0108032 ____N (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 06:06] - 0110592 ____N (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-09-08 16:44] - [2009-02-06 06:11] - 0110592 ____N (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 05:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd
=== End Of Search ===

Jay Pfoutz · Nov 19, 2012

Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive.

Also download the attached fixlist.txt and save it to the flash drive.

Now please enter System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

Eric Witzling · Nov 19, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-11-2012
Ran by SYSTEM at 2012-11-19 17:16:54 Run:2
Running from D:\
==============================================
MBRDUMP.txt is made successfully.
==== End of Fixlog ====

Jay Pfoutz · Nov 20, 2012

MUP.sys boot hang is a typical problem. Looks like the boot sectors/MBR is clean.

The first idea I got when I first replied to this thread was that you had hard drive problems. What is the age of your hard drive/computer?

Eric Witzling · Nov 20, 2012

It's only three years. Since I had nothing else to do at the time I ran a manufacturer's hard drive test (quick test) and scanned the file-system. Since it was absolutely infected, and just infected, it seemed far too coincidental for me for it to be a hardware issue, but I suppose the malware could have forced the issue with Windows. I can certainly run the extended HDD tests and run MemTest 86+ overnight if we want to give the hardware a full look before going any further.

Eric Witzling · Nov 20, 2012

Seagate drive; passes Quick and Extended SeaTools 2.23 tests with no errors. Memtest 86+ v4.20 still running, five passes, no errors.

I had already run a perfunctory CHKDSK before starting this ticket, and it did not reveal any bad sectors or notable buildup. (I do not, however, have that log as it was run from within OTLPE.)

Jay Pfoutz · Nov 21, 2012

Kaspersky Rescue Disk:

1. Download the Kaspersky Rescue Disk iso image from the Kaspersky Lab server. (Direct download link)
Please note that this is a large downloaded, so please be patient while it downloads.

2. Record the Kaspersky Rescue Disk iso image to a CD/DVD. You can use any CD/DVD record software you like. If you don't have any, please download and install ImgBurn. Small download, great software. You won't regret it, we promise.

For demonstration purposes we will use ImgBurn.

So, open up ImgBurn and choose Write image file to disc.

Click on the small Browse for file icon as show in the image. Browse into your download folder and select kav_rescue_10.iso as your source file.

OK, so know we are ready to burn the .iso file. Simply click the Write image file to disc button below and after a few minutes you will have a bootable Kaspersky Rescue Disk 10.

3. Configure your computer to boot from CD/DVD. Use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:

Ctrl+Esc
Ctrl+Ins
Ctrl+Alt
Ctrl+Alt+Esc
Ctrl+Alt+Enter
Ctrl+Alt+Del
Ctrl+Alt+Ins
Ctrl+Alt+S

If you can enter Boot Menu directly then simply select your CD/DVD-ROM as your 1st boot device.

If you can't enter Boot Menu directly then simply use Delete key to enter BIOS menu. Select Boot from the main BIOS menu and then select Boot Device Priority.

Set CD/DVD-ROM as your 1st Boot Device. Save changes and exist BIOS menu.

4. Let's boot your computer from Kaspersky Rescue Disk.

Restart your computer. After restart, a message will appear on the screen: Press any key to enter the menu. So, press Enter or any other key to load the Kaspersky Rescue Disk.

5. Select your language and press Enter to continue.

6. Press 1 to accept the End User License Agreement.

7. Select Kaspersky Rescue Disk. Graphic Mode as your startup method. Press Enter. Once the actions described above have been performed, the operating system starts.

8. Click on the Start button located in the left bottom corner of the screen. Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Oficina Virtual de Denuncias virus. It won't take very long.

9. Click on the Start button once again and fire up the Kaspersky Rescue Disk utility. First, select My Update Center tab and press Start update to get the latest malware definitions. Don't worry if you can't download the updates. Just proceed to the next step.

10. Select Object Scan tab. Place a check mark next to your local drive C:\. If you have two or more local drives make sure to check those as well. Then click Start Objects Scan to scan your computer for malicious software.

11. Quarantine (recommended) or delete every piece of malicious code detected during the system scan.

12. You can now close the Kaspersky Rescue Disk utility. Click on the Start button and select Restart computer.

13. Please restart your computer into the normal Windows mode.

Eric Witzling · Nov 21, 2012

(Could not to the WindowsUnlocker portion of the above, because the version of the Kaspersky Rescue Disk you linked no longer has that option.)

Same boot-looping situation. The KRD pulled off about 60 Java exploit files and the remnants of that "Task Scheduler" infection, but did not detect anything boot-sector related, and I can still not boot the PC to Windows in any mode.

Jay Pfoutz · Nov 23, 2012

Next log from FRST please.

Eric Witzling · Nov 26, 2012

Did something happen to the thread? I posted logs on Saturday, but I do not see them here now.

Jay Pfoutz · Nov 26, 2012

No clue. I see nothing wrong from my end. Try to post logs again, please.

Eric Witzling · Nov 26, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012
Ran by SYSTEM at 26-11-2012 15:03:11
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe [40960 2008-09-26] ()
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [393216 2009-04-23] (Lenovo Group Limited)
HKLM\...\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe [72256 2009-04-24] ()
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-24] (Lenovo Group Limited)
HKLM\...\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [165208 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2008-06-08] (Lenovo Group Limited)
HKLM\...\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-28] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2009-07-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [77887 2003-02-25] (Novell, Inc., c/o Corel Corporation Limited)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2007-08-03] (LogMeIn, Inc.)
HKLM\...\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2007-08-29] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s [407368 2008-02-08] (CA)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Task Scheduler] "C:\Documents and Settings\mike\Application Data\Task Scheduler\Task Scheduler.exe" [x]
HKU\Administrator\...\RunOnce: [CTRLWOL] C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS ENABLE [x]
HKU\administrator.CP\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\mike\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-03] (Google Inc.)
HKU\mike\...\Run: [Google Update] "C:\Documents and Settings\mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-21] (Google Inc.)
HKU\setup\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [X]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon:
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.220 8.8.8.8
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
==================== Services (Whitelisted) ===================
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 GoToMyPC; "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service [258856 2008-09-30] (Citrix Online, a division of Citrix Systems, Inc.)
2 iGateway; "C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe" [106496 2007-02-05] (CA, Inc.)
2 InoRPC; "C:\Program Files\CA\eTrustITM\InoRpc.exe" [192512 2009-12-21] (CA)
2 InoRT; "C:\Program Files\CA\eTrustITM\InoRT.exe" [208896 2009-12-21] (CA)
2 InoTask; "C:\Program Files\CA\eTrustITM\InoTask.exe" [389960 2011-02-15] (CA)
2 ITMRTSVC; "C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe" [283888 2009-12-21] (CA, Inc.)
2 NitroDriverReadSpool; "C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe" [188736 2009-09-15] (Nitro PDF Software)
2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [64064 2009-04-24] ()
4 QuickBooksDB18; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)
2 SAAZappr; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe" SAAZappr [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZapsc; "C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe" SAAZapsc [82760 2011-07-11] (Zenith Infotech Ltd)
2 SAAZDPMACTL; "C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
4 SAAZRemoteSupport; "C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe" [78664 2010-08-09] (Zenith Infotech Ltd)
2 SAAZScheduler; "C:\PROGRA~1\SAAZOD\SAAZScheduler.exe" [77824 2010-08-09] (Zenith Infotech Ltd)
2 SAAZServerPlus; "C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe" [77824 2009-04-30] (Zenith Infotech Ltd)
2 SAAZWatchDog; "C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe" [86856 2010-08-09] (Zenith Infotech Ltd)
2 TVT Backup Protection Service; "C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [520192 2008-11-24] ()
3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
2 SUService; c:\program files\lenovo\system update\suservice.exe [x]
2 ThinkVantage Registry Monitor Service; "c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [x]
2 TVT Scheduler; "c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [x]
==================== Drivers (Whitelisted) ====================
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
0 INO_FLPY; C:\Windows\System32\Drivers\ino_flpy.sys [27536 2007-08-06] (Computer Associates)
2 INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys [184080 2007-10-18] (Computer Associates)
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16768 2006-09-14] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
2 pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-07-23] (Microsoft Corporation)
3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [5760 2008-03-06] ()
3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
1 lbrtfdc; [x]
4 LMIRfsClientNP; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
1 SASDIFSV; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\mike\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
3 WDICA; [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-11-21 08:35 - 2012-11-21 10:13 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 12:16 - 2012-11-21 10:12 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
==================== One Month Modified Files and Folders ========
2012-11-21 10:13 - 2012-11-21 08:35 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-11-21 10:12 - 2012-11-14 12:16 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Task Scheduler.bak
2012-11-16 12:07 - 2012-11-16 12:07 - 00000000 ____D C:\FRST
2012-11-15 11:39 - 2011-02-10 12:02 - 00000000 ____D C:\download
2012-11-15 11:38 - 2012-11-15 11:38 - 00000209 ____A C:\Documents and Settings\mike\Desktop\REATOGO.txt
2012-11-15 11:11 - 2012-11-15 11:11 - 00049454 ____A C:\OTL.Txt
2012-11-14 13:32 - 2009-09-11 14:49 - 00000762 ____A C:\Windows\System32\gotomon.log
2012-11-14 13:32 - 2009-09-09 14:32 - 00000178 __ASH C:\Documents and Settings\administrator.CP\ntuser.ini
2012-11-14 13:32 - 2009-09-09 13:36 - 00000178 __ASH C:\Documents and Settings\mike\ntuser.ini
2012-11-14 13:32 - 2008-07-21 17:50 - 00000263 __RSH C:\boot.ini
2012-11-14 13:32 - 2008-07-21 17:05 - 00032502 ____A C:\Windows\SchedLgU.Txt
2012-11-14 13:32 - 2008-07-21 17:05 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 13:32 - 2008-07-21 17:01 - 01338881 ____A C:\Windows\WindowsUpdate.log
2012-11-14 13:24 - 2010-06-06 12:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-14 13:24 - 2008-07-21 17:50 - 00002278 ____A C:\Windows\System32\wpa.dbl
2012-11-14 13:21 - 2009-09-09 13:36 - 00000062 __ASH C:\Documents and Settings\mike\Local Settings\desktop.ini
2012-11-14 13:20 - 2009-09-09 13:41 - 00000104 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-14 13:14 - 2010-08-09 14:09 - 00000000 ____D C:\Program Files\SAAZOD
2012-11-14 13:11 - 2009-09-09 14:32 - 00000062 __ASH C:\Documents and Settings\administrator.CP\Local Settings\desktop.ini
2012-11-14 13:09 - 2009-09-08 13:17 - 00000520 ____A C:\Windows\System32\ICAutoUpdate.log.bak
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-14 13:09 - 2008-07-21 17:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-14 13:06 - 2010-06-06 12:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-14 13:02 - 2012-07-03 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-14 12:44 - 2009-09-08 13:16 - 00000254 ____A C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2012-11-14 12:35 - 2012-03-28 11:20 - 00000974 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118UA.job
2012-11-14 12:17 - 2009-09-09 15:53 - 00000000 ___AD C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-11-14 12:14 - 2009-09-28 08:11 - 00000000 ____D C:\Documents and Settings\mike\Application Data\Nitro PDF
2012-11-14 10:32 - 2011-09-15 08:18 - 00001615 ____A C:\Documents and Settings\mike\Desktop\MGP SCANS - Shortcut.lnk
2012-11-14 08:39 - 2009-09-09 15:51 - 00002341 ____A C:\Documents and Settings\mike\Desktop\WordPerfect.lnk
2012-11-14 08:35 - 2012-03-28 11:20 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2610266335-1772602443-367391177-1118Core.job
2012-11-14 08:09 - 2009-09-09 14:11 - 00002521 ____A C:\Documents and Settings\mike\Desktop\Microsoft Office Outlook 2007.lnk
2012-11-14 06:47 - 2008-07-21 09:51 - 00000000 ____D C:\Windows\security
2012-11-13 13:09 - 2012-11-13 13:09 - 00315072 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2012-11-12 22:34 - 2008-07-21 17:50 - 00000607 ____A C:\Windows\win.ini
2012-11-12 08:37 - 2012-03-28 11:21 - 00002284 ____A C:\Documents and Settings\mike\Desktop\Google Chrome.lnk
2012-11-12 00:02 - 2010-08-09 14:11 - 00001300 ____A C:\Windows\System32\ipstuffNew.txt
2012-11-10 20:00 - 2009-07-23 14:32 - 00000436 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-11-06 16:23 - 2010-08-09 15:26 - 00000000 ____D C:\Program Files\LogMeIn
2012-11-06 16:22 - 2009-09-09 15:53 - 00092072 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-06 16:22 - 2009-09-09 15:53 - 00031144 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-11-05 16:25 - 2008-07-21 09:55 - 00593798 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-05 16:22 - 2009-09-09 13:42 - 00000000 __SHD C:\Windows\CSC
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
RP: -> 2012-11-14 00:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9822
RP: -> 2012-11-13 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9821
RP: -> 2012-11-12 00:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9820
RP: -> 2012-11-11 00:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9819
RP: -> 2012-11-10 00:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9818
RP: -> 2012-11-09 00:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9817
RP: -> 2012-11-08 00:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9816
RP: -> 2012-11-07 00:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9815
RP: -> 2012-11-06 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9814
RP: -> 2012-11-06 00:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9813
RP: -> 2012-11-05 16:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9812
RP: -> 2012-10-28 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9811
RP: -> 2012-10-28 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9810
RP: -> 2012-10-27 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9809
RP: -> 2012-10-26 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9808
RP: -> 2012-10-25 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9807
RP: -> 2012-10-24 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9806
RP: -> 2012-10-23 23:02 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9805
RP: -> 2012-10-22 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9804
RP: -> 2012-10-21 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9803
RP: -> 2012-10-20 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9802
RP: -> 2012-10-20 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9801
RP: -> 2012-10-19 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9800
RP: -> 2012-10-18 23:17 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9799
RP: -> 2012-10-17 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9798
RP: -> 2012-10-17 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9797
RP: -> 2012-10-17 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9796
RP: -> 2012-10-16 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9795
RP: -> 2012-10-15 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9794
RP: -> 2012-10-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9793
RP: -> 2012-10-14 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9792
RP: -> 2012-10-13 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9791
RP: -> 2012-10-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9790
RP: -> 2012-10-12 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9789
RP: -> 2012-10-11 23:03 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9788
RP: -> 2012-10-10 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9787
RP: -> 2012-10-09 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9786
RP: -> 2012-10-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9785
RP: -> 2012-10-07 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9784
RP: -> 2012-10-06 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9783
RP: -> 2012-10-05 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9782
RP: -> 2012-10-05 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9781
RP: -> 2012-10-04 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9780
RP: -> 2012-10-03 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9779
RP: -> 2012-10-02 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9778
RP: -> 2012-10-02 23:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9777
RP: -> 2012-10-02 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9776
RP: -> 2012-10-02 20:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9775
RP: -> 2012-10-02 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9774
RP: -> 2012-10-02 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9773
RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9772
RP: -> 2012-10-02 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9771
RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9770
RP: -> 2012-10-02 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9769
RP: -> 2012-10-01 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9768
RP: -> 2012-10-01 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9767
RP: -> 2012-10-01 22:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9766
RP: -> 2012-10-01 18:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9765
RP: -> 2012-10-01 16:13 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9764
RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9763
RP: -> 2012-10-01 13:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9762
RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9761
RP: -> 2012-10-01 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9760
RP: -> 2012-09-30 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9759
RP: -> 2012-09-30 23:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9758
RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9757
RP: -> 2012-09-30 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9756
RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9755
RP: -> 2012-09-30 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9754
RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9753
RP: -> 2012-09-30 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9752
RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9751
RP: -> 2012-09-30 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9750
RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9749
RP: -> 2012-09-30 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9748
RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9747
RP: -> 2012-09-30 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9746
RP: -> 2012-09-29 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9745
RP: -> 2012-09-29 23:06 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9744
RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9743
RP: -> 2012-09-29 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9742
RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9741
RP: -> 2012-09-29 19:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9740
RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9739
RP: -> 2012-09-29 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9738
RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9737
RP: -> 2012-09-29 15:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9736
RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9735
RP: -> 2012-09-29 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9734
RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9733
RP: -> 2012-09-29 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9732
RP: -> 2012-09-28 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9731
RP: -> 2012-09-28 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9730
RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9729
RP: -> 2012-09-28 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9728
RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9727
RP: -> 2012-09-28 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9726
RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9725
RP: -> 2012-09-28 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9724
RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9723
RP: -> 2012-09-28 16:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9722
RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9721
RP: -> 2012-09-28 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9720
RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9719
RP: -> 2012-09-28 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9718
RP: -> 2012-09-27 23:44 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9717
RP: -> 2012-09-27 23:30 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9716
RP: -> 2012-09-27 22:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9715
RP: -> 2012-09-27 18:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9714
RP: -> 2012-09-27 16:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9713
RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9712
RP: -> 2012-09-27 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9711
RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9710
RP: -> 2012-09-27 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9709
RP: -> 2012-09-26 23:21 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9708
RP: -> 2012-09-26 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9707
RP: -> 2012-09-26 21:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9706
RP: -> 2012-09-26 17:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9705
RP: -> 2012-09-26 15:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9704
RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9703
RP: -> 2012-09-26 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9702
RP: -> 2012-09-25 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9701
RP: -> 2012-09-25 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9700
RP: -> 2012-09-25 22:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9699
RP: -> 2012-09-25 20:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9698
RP: -> 2012-09-25 18:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9697
RP: -> 2012-09-25 16:57 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9696
RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9695
RP: -> 2012-09-25 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9694
RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9693
RP: -> 2012-09-25 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9692
RP: -> 2012-09-24 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9691
RP: -> 2012-09-24 23:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9690
RP: -> 2012-09-24 22:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9689
RP: -> 2012-09-24 20:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9688
RP: -> 2012-09-24 18:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9687
RP: -> 2012-09-24 16:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9686
RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9685
RP: -> 2012-09-24 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9684
RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9683
RP: -> 2012-09-24 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9682
RP: -> 2012-09-23 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9681
RP: -> 2012-09-23 23:09 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9680
RP: -> 2012-09-23 21:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9679
RP: -> 2012-09-23 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9678
RP: -> 2012-09-23 17:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9677
RP: -> 2012-09-23 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9676
RP: -> 2012-09-23 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9675
RP: -> 2012-09-23 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9674
RP: -> 2012-09-22 23:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9673
RP: -> 2012-09-22 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9672
RP: -> 2012-09-22 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9671
RP: -> 2012-09-22 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9670
RP: -> 2012-09-22 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9669
RP: -> 2012-09-22 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9668
RP: -> 2012-09-22 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9667
RP: -> 2012-09-22 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9666
RP: -> 2012-09-21 23:41 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9665
RP: -> 2012-09-21 23:27 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9664
RP: -> 2012-09-21 22:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9663
RP: -> 2012-09-21 20:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9662
RP: -> 2012-09-21 18:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9661
RP: -> 2012-09-21 16:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9660
RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9659
RP: -> 2012-09-21 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9658
RP: -> 2012-09-20 23:40 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9657
RP: -> 2012-09-20 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9656
RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9655
RP: -> 2012-09-20 22:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9654
RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9653
RP: -> 2012-09-20 20:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9652
RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9651
RP: -> 2012-09-20 18:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9650
RP: -> 2012-09-20 16:04 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9649
RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9648
RP: -> 2012-09-20 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9647
RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9646
RP: -> 2012-09-20 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9645
RP: -> 2012-09-19 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9644
RP: -> 2012-09-19 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9643
RP: -> 2012-09-19 22:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9642
RP: -> 2012-09-19 20:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9641
RP: -> 2012-09-19 18:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9640
RP: -> 2012-09-19 16:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9639
RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9638
RP: -> 2012-09-19 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9637
RP: -> 2012-09-18 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9636
RP: -> 2012-09-18 23:11 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9635
RP: -> 2012-09-18 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9634
RP: -> 2012-09-18 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9633
RP: -> 2012-09-18 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9632
RP: -> 2012-09-18 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9631
RP: -> 2012-09-18 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9630
RP: -> 2012-09-18 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9629
RP: -> 2012-09-17 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9628
RP: -> 2012-09-17 23:18 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9627
RP: -> 2012-09-17 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9626
RP: -> 2012-09-17 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9625
RP: -> 2012-09-17 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9624
RP: -> 2012-09-17 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9623
RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9622
RP: -> 2012-09-17 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9621
RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9620
RP: -> 2012-09-17 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9619
RP: -> 2012-09-16 23:36 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9618
RP: -> 2012-09-16 23:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9617
RP: -> 2012-09-16 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9616
RP: -> 2012-09-16 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9615
RP: -> 2012-09-16 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9614
RP: -> 2012-09-16 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9613
RP: -> 2012-09-16 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9612
RP: -> 2012-09-16 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9611
RP: -> 2012-09-15 23:08 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9610
RP: -> 2012-09-15 23:07 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9609
RP: -> 2012-09-15 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9608
RP: -> 2012-09-15 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9607
RP: -> 2012-09-15 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9606
RP: -> 2012-09-15 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9605
RP: -> 2012-09-15 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9604
RP: -> 2012-09-15 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9603
RP: -> 2012-09-15 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9602
RP: -> 2012-09-14 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9601
RP: -> 2012-09-14 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9600
RP: -> 2012-09-14 22:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9599
RP: -> 2012-09-14 20:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9598
RP: -> 2012-09-14 18:25 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9597
RP: -> 2012-09-14 16:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9596
RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9595
RP: -> 2012-09-14 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9594
RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9593
RP: -> 2012-09-14 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9592
RP: -> 2012-09-13 23:39 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9591
RP: -> 2012-09-13 23:26 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9590
RP: -> 2012-09-13 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9589
RP: -> 2012-09-13 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9588
RP: -> 2012-09-13 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9587
RP: -> 2012-09-13 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9586
RP: -> 2012-09-13 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9585
RP: -> 2012-09-13 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9584
RP: -> 2012-09-12 23:38 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9583
RP: -> 2012-09-12 23:24 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9582
RP: -> 2012-09-12 22:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9581
RP: -> 2012-09-12 20:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9580
RP: -> 2012-09-12 18:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9579
RP: -> 2012-09-12 16:34 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9578
RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9577
RP: -> 2012-09-12 13:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9576
RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9575
RP: -> 2012-09-12 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9574
RP: -> 2012-09-11 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9573
RP: -> 2012-09-11 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9572
RP: -> 2012-09-11 22:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9571
RP: -> 2012-09-11 20:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9570
RP: -> 2012-09-11 18:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9569
RP: -> 2012-09-11 16:49 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9568
RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9567
RP: -> 2012-09-11 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9566
RP: -> 2012-09-11 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9565
RP: -> 2012-09-11 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9564
RP: -> 2012-09-10 23:28 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9563
RP: -> 2012-09-10 23:16 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9562
RP: -> 2012-09-10 22:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9561
RP: -> 2012-09-10 20:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9560
RP: -> 2012-09-10 18:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9559
RP: -> 2012-09-10 16:55 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9558
RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9557
RP: -> 2012-09-10 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9556
RP: -> 2012-09-10 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9555
RP: -> 2012-09-10 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9554
RP: -> 2012-09-09 23:14 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9553
RP: -> 2012-09-09 23:01 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9552
RP: -> 2012-09-09 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9551
RP: -> 2012-09-09 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9550
RP: -> 2012-09-09 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9549
RP: -> 2012-09-09 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9548
RP: -> 2012-09-09 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9547
RP: -> 2012-09-09 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9546
RP: -> 2012-09-08 23:22 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9545
RP: -> 2012-09-08 23:10 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9544
RP: -> 2012-09-08 21:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9543
RP: -> 2012-09-08 19:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9542
RP: -> 2012-09-08 17:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9541
RP: -> 2012-09-08 15:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9540
RP: -> 2012-09-08 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9539
RP: -> 2012-09-08 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9538
RP: -> 2012-09-07 23:33 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9537
RP: -> 2012-09-07 23:20 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9536
RP: -> 2012-09-07 22:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9535
RP: -> 2012-09-07 20:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9534
RP: -> 2012-09-07 18:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9533
RP: -> 2012-09-07 16:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9532
RP: -> 2012-09-07 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9531
RP: -> 2012-09-07 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9530
RP: -> 2012-09-07 11:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9529
RP: -> 2012-09-07 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9528
RP: -> 2012-09-06 23:19 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9527
RP: -> 2012-09-06 23:05 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9526
RP: -> 2012-09-06 21:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9525
RP: -> 2012-09-06 19:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9524
RP: -> 2012-09-06 17:12 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9523
RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9522
RP: -> 2012-09-06 13:32 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9521
RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9520
RP: -> 2012-09-06 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9519
RP: -> 2012-09-05 23:29 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9518
RP: -> 2012-09-05 23:15 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9517
RP: -> 2012-09-05 22:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9516
RP: -> 2012-09-05 18:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9515
RP: -> 2012-09-05 16:23 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9514
RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9513
RP: -> 2012-09-05 13:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9512
RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9511
RP: -> 2012-09-05 11:31 - 032768 _restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP9510

==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 3037.17 MB
Available physical RAM: 2716.4 MB
Total Pagefile: 2862.02 MB
Available Pagefile: 2751.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.54 MB
==================== Partitions =============================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.05 GB) NTFS
2 Drive c: (Preload) (Fixed) (Total:229.47 GB) (Free:153.95 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 229 GB 1024 KB
Partition 2 OEM 3496 MB 229 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Preload NTFS Partition 229 GB Healthy
=========================================================
Disk: 0
Partition 2
Type : 12
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 SERVICEV001 FAT32 Partition 3496 MB Healthy
=========================================================
==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 23-11-2012
Ran by SYSTEM at 2012-11-26 15:05:24
Running from B:\Documents and Settings\Default User\Desktop
================== Search: "services.exe" ===================
C:\WINDOWS\system32\services.exe
[2008-07-21 17:50] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\system32\dllcache\services.exe
[2009-09-08 13:28] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 13:36] - [2008-04-14 07:00] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 13:28] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2009-09-08 13:17] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\system32\services.exe
[2009-09-08 16:38] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\system32\dllcache\services.exe
[2009-09-08 16:39] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de
C:\OLD PC\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009-09-08 16:40] - [2008-04-13 19:12] - 0108544 ____N (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\OLD PC\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-09-08 16:43] - [2004-08-04 06:00] - 0108032 ____N (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 06:06] - 0110592 ____N (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-09-08 16:44] - [2009-02-06 06:11] - 0110592 ____N (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315
C:\OLD PC\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-09-08 16:44] - [2009-02-06 05:22] - 0110592 ____N (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd
=== End Of Search ===

Eric Witzling · Nov 26, 2012

Sorry about that. Showing up now. I guess the Preview pane didn't completely post from the last time.

I don't think anything has really changed from earlier reports. This is usually the point at which I cross my fingers and run a Windows Repair and hope it gets the system bootable again.

Jay Pfoutz · Nov 27, 2012

That's about the best thing to try at this point. Let me know what happens with that.

If you need help backing up your files, let me know.

Eric Witzling · Dec 2, 2012

Wow, so... what a crazy journey it's been. Slowed down a bit as my time turned to server migrating, but I was able to get back and see if Windows Update could take care of things.
It did. Slowly, and eventually, after some issues and having to go default the boot.ini, and get around some apparently corruption of a ui.dll process that a program was using that crashes in Normal mode but not in Safe...
Performed some normal cleanup (COmbofix, MBAM, Spybot, SAS...), but if you'd like to see the condition it's in now, running the initial five steps you ask...!

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.29.09
Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
mike :: PAF-TC7269-001 [administrator]
11/29/2012 1:31:35 PM
mbam-log-2012-11-29 (13-31-35).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424651
Time elapsed: 51 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\TDSSKiller_Quarantine\23.05.2012_15.55.37\rtkt0000\zafs0000\tsk0001.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by mike at 14:29:49 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2365 [GMT -5:00]
.
AV: eTrust ITM *Enabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
============== Running Processes ================
.
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtdrHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\windows\System32\alg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354220771578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354475141109
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 192.168.42.1
TCP: Interfaces\{4E8B27A3-4AE7-4BDF-809B-F9750F9836BA} : DHCPNameServer = 192.168.42.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-7-11 82760]
R2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-7-11 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2010-8-9 86856]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2010-8-9 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2010-8-9 86856]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2008-3-6 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-11-19 37184]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mike\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mike\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mike\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mike\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-7-23 64064]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2010-8-9 78664]
S4 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
.
=============== Created Last 30 ================
.
2012-12-02 19:05:29 -------- d-sh--w- c:\documents and settings\mike\IECompatCache
2012-12-02 19:05:05 -------- d-sh--w- c:\documents and settings\mike\PrivacIE
2012-11-29 22:41:37 -------- d-----w- c:\documents and settings\mike\local settings\application data\PCHealth
2012-11-29 22:37:29 -------- d-sh--w- c:\documents and settings\mike\IETldCache
2012-11-29 22:34:09 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-29 22:33:38 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-29 22:33:17 -------- d-----w- c:\windows\ie8updates
2012-11-29 22:33:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-29 22:33:12 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-11-29 22:33:12 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-11-29 22:33:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-29 22:33:12 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-11-29 22:33:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-29 22:33:12 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-11-29 22:31:43 -------- dc-h--w- c:\windows\ie8
2012-11-29 21:45:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-11-29 21:45:27 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-29 21:45:04 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-29 21:44:51 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-29 21:44:37 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-11-29 21:44:02 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-29 21:43:41 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-29 21:43:16 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-11-29 21:43:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-11-29 21:42:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-11-29 21:42:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-11-29 21:42:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-11-29 21:42:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-11-29 21:42:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-11-29 21:42:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-11-29 21:42:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-11-29 21:42:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-11-29 21:41:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-11-29 21:41:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-11-29 21:41:23 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-11-29 21:39:07 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-11-29 21:38:38 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-11-29 21:38:11 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-11-29 21:38:03 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-11-29 21:37:56 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-11-29 21:37:56 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-11-29 21:37:56 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-29 21:37:56 2069632 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-11-29 21:37:56 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-11-29 21:37:51 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-11-29 21:37:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-29 21:31:03 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-11-29 21:30:53 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-29 21:26:43 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-11-29 21:03:03 -------- d-----w- c:\windows\ServicePackFiles
2012-11-29 21:00:56 19569 ----a-w- c:\windows\003358_.tmp
2012-11-29 18:00:45 98816 ----a-w- c:\windows\sed.exe
2012-11-29 18:00:45 256000 ----a-w- c:\windows\PEV.exe
2012-11-29 18:00:45 208896 ----a-w- c:\windows\MBR.exe
2012-11-29 17:29:13 -------- d-----w- C:\df37febdd5368d193e66dcbd9fa8c14a
2012-11-29 17:24:58 16896 -c--a-w- c:\windows\system32\dllcache\status.dll
2012-11-29 17:23:59 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2012-11-29 17:21:52 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-11-29 17:21:52 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-11-29 17:20:09 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2012-11-29 17:20:09 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2012-11-29 17:10:14 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-11-29 17:10:14 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-11-29 17:10:14 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-11-29 17:10:14 13312 ----a-w- c:\windows\system32\irclass.dll
2012-11-29 17:10:01 13753 ----a-r- c:\windows\SET11D.tmp
2012-11-29 17:09:59 1086058 ----a-r- c:\windows\SET111.tmp
2012-11-29 17:09:58 1042903 ----a-r- c:\windows\SET110.tmp
2012-11-21 13:35:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-11-16 17:07:46 -------- d-----w- C:\FRST
2012-11-14 17:16:56 -------- d-----w- c:\documents and settings\mike\application data\Task Scheduler.bak
.
==================== Find3M ====================
.
2012-11-06 21:22:43 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-06 21:22:43 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 21:22:43 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 12:02:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 12:02:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:02:22 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:30:52.50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2012 12:25:22 PM
System Uptime: 12/2/2012 2:19:39 PM (0 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel Pentium III Xeon processor | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 157.425 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/29/2012 3:21:50 PM - System Checkpoint
RP2: 11/29/2012 3:24:23 PM - _29-Nov-2012 03:24:19 PM
RP3: 11/29/2012 3:25:53 PM - After malware cleanup, and no more ui.dll BSDs
RP4: 11/29/2012 5:04:47 PM - Software Distribution Service 3.0
RP5: 11/29/2012 5:46:23 PM - Software Distribution Service 3.0
RP6: 11/30/2012 6:19:29 PM - System Checkpoint
RP7: 12/2/2012 2:03:22 PM - Software Distribution Service 3.0
RP8: 12/2/2012 2:06:21 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2
Business Contact Manager for Outlook 2007 SP2
CA eTrustITM Agent
CA iTechnology iGateway
Cisco WebEx Meetings
DirectXInstallService
Drag-to-Disc
FanSpeedControl
FileMaker Pro 8.5
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Books Uploader (Java Edition)
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMyPC
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Color LaserJet CP1210 Series
HP Color LaserJet CP1210 Series Toolbox
HP LaserJet Toolbox
HP Software Update
HPCarePackCore
HPCarePackProducts
hppusgCP1215
HPSSupply
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
ITSupport247-DPMA
Java(TM) 6 Update 15
Lenovo System Toolbox
LiveUpdate 2.6 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Marvell Miniport Driver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mouse Suite
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nitro PDF Professional
OGA Notifier 2.0.0048.0
Online Data Backup
Productivity Center Supplement for ThinkCentre
QuickBooks Pro 2008
Realtek High Definition Audio Driver
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
System Update
ThinkVantage Power Manager
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
12/2/2012 2:05:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
12/2/2012 2:03:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
12/2/2012 2:01:34 PM, error: Dhcp [1002] - The IP address lease 192.168.2.120 for the Network Card with network address 00016C490F39 has been denied by the DHCP server 192.168.42.1 (The DHCP Server sent a DHCPNACK message).
11/29/2012 8:06:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
11/29/2012 5:26:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
11/29/2012 5:25:41 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).
11/29/2012 4:19:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
11/29/2012 4:19:44 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
11/29/2012 4:18:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/29/2012 3:33:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL tvtumon
11/29/2012 3:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2012 3:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
11/29/2012 3:07:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC Pcmcia
11/29/2012 3:07:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVT Backup Service service to connect.
11/29/2012 3:07:15 PM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
11/29/2012 12:56:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
11/29/2012 12:47:04 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/29/2012 12:26:54 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
11/29/2012 12:22:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
.
==== End Of File ===========================

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 14:18:33
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mike - PAF-TC7269-001
# Boot Mode : Normal
# Running from : C:\download\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [900 octets] - [02/12/2012 14:18:33]
########## EOF - C:\AdwCleaner[S1].txt - [959 octets] ##########

Jay Pfoutz · Dec 2, 2012

Hitman Pro

Please download Hitman Pro

After the download completes please double click the program to run it.
Accept the terms of the license agreement and click Next
Let the scan run. It will not take long
When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
Upload log.xml here for review please

Solved FBI warning malware straight to boot-looping

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 4,279 +49

Attachments

Posts: 120 +2

Attachments

Posts: 4,279 +49

Posts: 120 +2

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 120 +2

Posts: 4,279 +49

Posts: 120 +2

Posts: 4,279 +49

Similar threads