Solved essential services do not load at startup

noahdfear · 2008/12/15

Both are easily removed via Add/Remove programs.

I'll have to check on the OS language. I'll do that in a few minutes (I have Chinese install disks ) and let you know.

If using linux, it would be better to go another route.

copy C:\WINDOWS\ERDNT\Hiv-backup\oldsoftware C:\WINDOWS\system32\config
copy C:\WINDOWS\ERDNT\Hiv-backup\oldsystem C:\WINDOWS\system32\config
cd C:\WINDOWS\system32\config
ren software software.bak
ren system system.bak
ren oldsoftware software
ren oldsystem system

Now reboot normally.

Now, we get you back to where you were, I have another method of getting those hives from a restore point too.

noahdfear · 2008/12/15

I have just loaded the Recovery Console on an English version of XP Home with an XP Home SP2 Simplified Chinese installation disk, and I don't read Chinese.

jharry · 2008/12/15

That helps. I'll get back with you after I've tried the several options.
Thanks.

I tried using a bootable Linux CD. It booted but complained that there was insufficient space on my hard disk to install Linux.

I could only get a Windows XP Professional installation CD. It brought up the Recovery Console, but required that I enter an Administrator password. I remember in one of the previous steps in this series of fixes, where I booted in Safe Mode, I was able to log in to both the Administrator and Owner account without any password. I tried all possible passwords I could think of, including "administrator" and "admin ", with no success.

I will try the Microsoft Diagnostics Toolkit when I get someone to burn a CD for me.

jharry · 2008/12/16

I was able to burn a Microsoft Diagnostics Toolkit CD and start my computer to bring up the ERD Commander. But I could only boot successfully with the Toolkit CD in the drive. The ERD Commander had a box showing the following:

Select the Windows installation you want to repair:
System Root Operating System
C:\Windows Microsoft Windows XP Professional Service Pack 2
(None) None - do not attach a windows installation

I don't know why the C:\Windows line points to XP professional Servce Pack 2. Maybe it remembers what I did yesterday using an XP Professional SP2 installation disc to bring up the Recovery Console.

I selected (none) and pressed the restart button. But I could not boot to normal mode when I removed the CD. It still showed the Isass error message about the wrong password.

noahdfear · 2008/12/16

Great!
Boot to the cd again and select Do Not Attach.
Once it loads, see if you can access the C:\Windows\ERDNT\Hiv-backups folder.
If successful, you should be able to copy both the oldsystem and oldsoftware files, then navigate to C:\Windows\system32\config and paste them in.
Now rename the existing SOFTWARE file to software.bak and the existing SYSTEM file to system.bak
Then rename oldsoftware to SOFTWARE and oldsystem to SYSTEM
Reboot.

jharry · 2008/12/17

I pasted the files into the config folder. Rename the files in which folder? the hiv-backup or the config folder?

noahdfear · 2008/12/17

Rename the files in config.
First the existing to .bak, then remove the old prefix from the ones copied there.

This should put you back to where we were before running erdnt upon restart.

jharry · 2008/12/17

There is already a system.bak and software.bak file in the config folder. Do I overwrite them?

noahdfear · 2008/12/17

Give them a different extension then.
software.old and system.old

jharry · 2008/12/17

I rebooted without the Toolkit CD. We're back to where the problem started a week ago.

noahdfear · 2008/12/17

Great! Download this file and move it to the computer, then run it. It will generate a log in the same folder named log.txt
Post that log here.

jharry · 2008/12/17

The log file is too long. I'm splitting it into 2 posts.

2008-10-18 10:35:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_MACHINE_SAM
2008-10-18 10:34:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_MACHINE_SECURITY
2008-10-18 10:35:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-10-18 10:35:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-10-18 10:34:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-10-18 10:34:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-10-18 10:34:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-10-18 10:34:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-10-18 10:34:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-10-18 10:34:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-10-18 10:34:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP218\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-10-18 11:44:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_MACHINE_SAM
2008-10-18 11:44:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_MACHINE_SECURITY
2008-10-18 11:44:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-10-18 11:44:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-10-18 11:44:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-10-18 11:44:15 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-10-18 11:44:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-10-18 11:44:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-10-18 11:44:15 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-10-18 11:44:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-10-18 11:44:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP219\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-10-18 12:12:53 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_MACHINE_SAM
2008-10-18 12:12:50 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_MACHINE_SECURITY
2008-10-18 12:12:52 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-10-18 12:12:53 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-10-18 12:12:50 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-10-18 12:12:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-10-18 12:12:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-10-18 12:12:49 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-10-18 12:12:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-10-18 12:12:49 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-10-18 12:12:50 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP220\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-10-27 08:31:33 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_MACHINE_SAM
2008-10-27 08:31:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_MACHINE_SECURITY
2008-10-27 08:31:32 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-10-27 08:31:33 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-10-27 08:31:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-10-27 08:31:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-10-27 08:31:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-10-27 08:31:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-10-27 08:31:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-10-27 08:31:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-10-27 08:31:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP221\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-04 06:27:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_MACHINE_SAM
2008-11-04 06:27:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-04 06:27:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-04 06:27:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-04 06:27:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-04 06:27:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-04 06:27:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-04 06:27:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-04 06:27:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-04 06:27:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-04 06:27:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP222\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-05 10:39:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_MACHINE_SAM
2008-11-05 10:38:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-05 10:39:00 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-05 10:39:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-05 10:38:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-05 10:38:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-05 10:38:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-05 10:38:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-05 10:38:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-05 10:38:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-05 10:38:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP223\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-05 13:01:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_MACHINE_SAM
2008-11-05 13:00:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-05 13:01:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-05 13:01:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-05 13:00:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-05 13:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-05 13:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-05 13:00:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-05 13:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-05 13:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-05 13:00:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP224\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-05 13:28:10 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_MACHINE_SAM
2008-11-05 13:28:07 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-05 13:28:09 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-05 13:28:10 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-05 13:28:07 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-05 13:28:05 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-05 13:28:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-05 13:28:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-05 13:28:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-05 13:28:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-05 13:28:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP225\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-06 08:33:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_MACHINE_SAM
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-06 08:33:27 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-06 08:33:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-06 08:33:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP226\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-06 12:30:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_MACHINE_SAM
2008-11-06 12:30:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-06 12:30:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-06 12:30:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-06 12:30:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-06 12:30:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-06 12:30:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-06 12:30:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-06 12:30:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-06 12:30:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-06 12:30:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP227\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-06 12:31:27 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_MACHINE_SAM
2008-11-06 12:31:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-06 12:31:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-06 12:31:27 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-06 12:31:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-06 12:31:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-06 12:31:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-06 12:31:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-06 12:31:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-06 12:31:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-06 12:31:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP228\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-06 14:06:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_MACHINE_SAM
2008-11-06 14:05:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-06 14:06:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-06 14:06:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-06 14:05:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-06 14:05:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-06 14:05:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-06 14:05:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-06 14:05:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-06 14:05:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-06 14:05:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP229\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-06 23:59:35 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 00:03:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SAM.LOG
2008-11-06 23:59:32 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 00:03:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SECURITY.LOG
2008-11-06 23:59:34 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-06 23:59:35 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 00:03:04 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_MACHINE_SYSTEM.LOG
2008-11-06 23:59:32 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-06 23:59:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-06 23:59:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-06 23:59:32 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-06 23:59:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-06 23:59:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-06 23:59:32 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP230\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:20:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:20:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:20:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:20:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:20:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:20:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:20:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:20:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:20:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:20:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:20:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP231\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:46:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:46:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:46:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:46:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:46:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:46:53 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:46:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:46:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:46:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:46:54 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:46:55 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP232\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:50:45 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:50:41 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:50:43 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:50:44 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:50:41 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:50:40 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:50:40 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:50:41 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:50:40 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:50:40 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:50:41 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP233\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:53:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:53:27 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:53:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:53:30 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:53:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:53:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:53:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:53:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:53:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:53:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:53:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:54:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:54:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:54:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:54:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:54:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:54:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:54:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:54:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:54:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:54:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:54:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP235\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:55:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:55:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:55:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:55:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:55:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:55:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:55:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:55:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:55:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:55:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:55:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP236\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:56:28 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:56:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:56:27 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:56:28 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:56:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:56:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:56:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:56:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:56:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:56:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:56:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP237\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

jharry · 2008/12/17

2008-11-07 06:57:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:57:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:57:27 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:57:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:57:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:57:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:57:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:57:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:57:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:57:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:57:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP238\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:58:28 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:58:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:58:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:58:28 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:58:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:58:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:58:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:58:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:58:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:58:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:58:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP239\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 06:59:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 06:59:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 06:59:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 06:59:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 06:59:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 06:59:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 06:59:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 06:59:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 06:59:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 06:59:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 06:59:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP240\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:01:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:01:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:01:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:00:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:00:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:00:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:00:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:00:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP241\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:02:08 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:02:04 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:02:07 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:02:08 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:02:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:02:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:02:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:02:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:02:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:02:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:02:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP242\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:03:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:03:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:03:05 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:03:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:03:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:03:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:03:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:03:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:03:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:03:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:03:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP243\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:04:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:04:00 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:04:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:04:03 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:03:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:03:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:03:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:03:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:03:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:03:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:03:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP244\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:05:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:05:02 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:05:04 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:05:06 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:05:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:04:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:04:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:05:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:04:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:04:59 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:05:01 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP245\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:06:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:06:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:06:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:06:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:06:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:06:10 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:06:12 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:06:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:06:11 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:06:12 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:06:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP246\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:07:15 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:07:11 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:07:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:07:15 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:07:11 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:07:09 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:07:09 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:07:11 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:07:09 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:07:09 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:07:11 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP247\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-07 07:08:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_MACHINE_SAM
2008-11-07 07:08:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-07 07:08:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-07 07:08:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-07 07:08:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-07 07:08:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-07 07:08:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-07 07:08:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-07 07:08:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-07 07:08:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-07 07:08:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP248\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-08 03:36:32 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_MACHINE_SAM
2008-11-08 03:36:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-08 03:36:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-08 03:36:31 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-08 03:36:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-08 03:36:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-08 03:36:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-08 03:36:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-08 03:36:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-08 03:36:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-08 03:36:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP249\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-22 14:43:00 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_MACHINE_SAM
2008-11-22 14:42:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-22 14:42:58 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-22 14:43:00 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-22 14:42:57 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-22 14:42:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-22 14:42:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-22 14:42:47 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-22 14:42:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-22 14:42:56 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-06 08:33:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP250\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-23 00:24:53 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_MACHINE_SAM
2008-11-23 00:24:50 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-23 00:24:51 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-23 00:24:53 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-23 00:24:49 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-23 00:24:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-23 00:24:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-23 00:24:49 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-23 00:24:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-23 00:24:49 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-23 00:24:49 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP251\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-24 13:23:29 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_MACHINE_SAM
2008-11-24 13:23:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-24 13:23:28 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-24 13:23:28 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-24 13:23:26 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-24 13:23:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-24 13:23:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-24 13:23:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-24 13:23:23 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-24 13:23:24 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-24 13:23:25 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP252\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-11-28 14:57:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_MACHINE_SAM
2008-11-28 14:57:20 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_MACHINE_SECURITY
2008-11-28 14:57:21 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-11-28 14:57:22 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-11-28 14:57:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-11-28 14:57:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-11-28 14:57:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-11-28 14:57:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-11-28 14:57:18 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-11-28 14:57:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-11-28 14:57:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP253\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-12-01 13:03:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_MACHINE_SAM
2008-12-01 13:03:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_MACHINE_SECURITY
2008-12-01 13:03:15 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-12-01 13:03:16 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-12-01 13:03:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-12-01 13:03:12 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-12-01 13:03:12 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-12-01 13:03:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-12-01 13:03:12 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-12-01 13:03:12 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-12-01 13:03:13 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP254\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

2008-12-05 08:58:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SAM
2008-12-05 08:58:46 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SECURITY
2008-12-05 08:58:47 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SOFTWARE
2008-12-05 08:58:48 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SYSTEM
2008-12-05 08:58:46 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_.DEFAULT
2005-12-08 02:38:17 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
2008-12-05 08:58:44 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
2008-12-05 08:58:44 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
2008-12-05 08:58:45 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2949690814-3967619336-3786873581-1003
2005-12-08 02:38:19 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18
2008-12-05 08:58:44 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
2008-12-05 08:58:44 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
2008-12-05 08:58:45 C:\System Volume Information\_restore{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2949690814-3967619336-3786873581-1003

noahdfear · 2008/12/17

I'm bettin that the 5th was just prior to this problem. Correct?

jharry · 2008/12/17

Yes. It happened 1 day before I started this thread at Windowsbbs, which would be aftter Dec. 5.

noahdfear · 2008/12/17

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
SCopy::
{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SOFTWARE|C:\WINDOWS\ERDNT\Hiv-backup\software
{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SYSTEM|C:\WINDOWS\ERDNT\Hiv-backup\system
Transfer it to your computer and save it next to ComboFix.exe
Close all other windows and programs. Assuming ComboFix is in the same location, run it with the following command.

c:\downloads\windowsbbs\ComboFix.exe c:\downloads\windowsbbs\cfscript.txt

Make sure to leave a space between the paths!
Post the resulting ComboFix log.

jharry · 2008/12/17

Here is the resulting combofix log.

ComboFix 08-12-09.03 - Owner 2008-12-17 14:24:16.3 - NTFSx86
执行位置: c:\downloads\windowsbbs\ComboFix.exe
Command switches used :: c:\downloads\windowsbbs\cfscript.txt

Note - This computer does not have Recovery Console installed ！！
.

((((((((((((((((((((((((((((((((((((((( Deleted Files )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- SCopy ---------------

{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SOFTWARE --> c:\windows\ERDNT\Hiv-backup\software
{99CFD0E0-DFCF-4ABD-BDE8-BF70FC68F4B7}\RP255\snapshot\_REGISTRY_MACHINE_SYSTEM --> c:\windows\ERDNT\Hiv-backup\system
.
((((((((((((((((((((((((( 2008-11-17 至 2008-12-17 New Files )))))))))))))))))))))))))))))))
.

2008-12-18 03:25 . 2008-12-18 03:25 <DIR> d-------- C:\~ErdUserProfile.$$$
2008-12-14 09:41 . 2008-12-14 09:43 <DIR> d-------- c:\documents and settings\Administrator
2008-12-14 08:55 . 2008-12-14 08:55 250 --a------ c:\windows\gmer.ini
2008-12-12 14:17 . 2008-12-12 14:18 <DIR> d-------- C:\subinacl
2008-12-12 14:16 . 2008-12-12 14:16 <DIR> d-------- C:\WINDOWSbbs
2008-12-11 11:46 . 2008-04-14 05:42 108,544 --a------ c:\windows\system32\services.exe
2008-12-11 10:12 . 2008-04-14 05:42 14,336 --a------ c:\windows\system32\svchost.exe
2008-12-11 08:53 . 2008-04-14 05:51 20,056,462 --a--c--- c:\windows\system32\dllcache\sp3.cab
2008-12-11 08:52 . 2007-04-03 00:09 11,053,008 --a--c--- c:\windows\system32\dllcache\msncli.exe
2008-12-11 08:51 . 2008-04-13 21:09 2,775,842 --a--c--- c:\windows\system32\dllcache\cimwin32.mof
2008-12-11 08:50 . 2008-04-14 05:41 1,057,760 --a--c--- c:\windows\system32\dllcache\ati3d2ag.dll
2008-11-18 16:44 . 2008-11-18 20:19 <DIR> d-------- c:\program files\数独博士

.
(((((((((((((((((((((((((((((((((((((((( Files modified in last 3 months ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 08:42 --------- d-----w c:\documents and settings\Owner\Application Data\U3
2008-11-23 00:10 --------- d-----w c:\program files\McAfee
2008-11-22 14:14 --------- d-----w c:\program files\Common Files\McAfee
2008-11-10 09:06 --------- d-----w c:\program files\电子成语词典
2008-11-10 09:05 772,188 ----a-w c:\windows\GPInstall.exe
2008-11-10 08:29 --------- d-----w c:\program files\Revo Uninstaller
2008-11-10 07:38 --------- d-----w c:\program files\Nero 8
2008-11-10 07:38 --------- d-----w c:\program files\Common Files\Nero
2008-11-10 07:38 --------- d-----w c:\documents and settings\Owner\Application Data\Nero
2008-11-07 00:01 --------- d-----w c:\program files\eMule
2008-11-07 00:00 --------- d-----w c:\program files\Realtek Sound Manager
2008-11-07 00:00 --------- d-----w c:\program files\AvRack
2008-11-06 23:59 --------- d-----w c:\program files\NewTech Infosystems
2008-11-06 23:59 --------- d-----w c:\program files\Netscape
2008-11-06 23:59 --------- d-----w c:\program files\china_emap2008
2008-11-06 12:50 --------- d-----w c:\program files\Foxit Software
2008-11-06 12:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 08:14 --------- d-----w c:\program files\中国电子地图2008bin
2008-11-06 08:14 --------- d-----w c:\program files\中国电子地图2008
2008-11-05 13:31 --------- d-----w c:\documents and settings\Owner\Application Data\Ulead Systems
2008-11-05 13:31 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-05 13:03 --------- d-----w c:\program files\Ulead Systems
2008-11-05 09:33 --------- d-----w c:\program files\Kingsoft
2008-11-05 09:18 --------- d-----w c:\documents and settings\Owner\Application Data\Kingsoft
2008-11-05 09:18 --------- d-----w c:\documents and settings\All Users\Application Data\Kingsoft
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 12:13 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-10-18 11:50 --------- d-----w c:\program files\Common Files\InterVideo
2008-10-18 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-10-04 12:04 284 ----a-w c:\documents and settings\Owner\Application Data\ViewerApp.dat
2002-08-08 15:40 153,088 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-12-11_20.07.42.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 00:55:06 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 13:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2008-04-13 21:41:52 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 06:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-04-13 21:41:56 191,488 -c--a-w c:\windows\system32\dllcache\iuengine.dll
+ 2005-05-26 12:16:24 198,424 -c--a-w c:\windows\system32\dllcache\iuengine.dll
- 2008-04-13 21:42:12 430,592 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 06:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-04-13 21:42:42 111,104 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 06:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-04-13 21:42:42 165,888 -c--a-w c:\windows\system32\dllcache\wuauclt1.exe
+ 2005-05-26 12:16:30 172,312 -c--a-w c:\windows\system32\dllcache\wuauclt1.exe
- 2008-04-13 21:42:12 1,135,616 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 06:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-04-13 21:42:12 183,296 -c--a-w c:\windows\system32\dllcache\wuaueng1.dll
+ 2005-05-26 12:16:30 194,328 -c--a-w c:\windows\system32\dllcache\wuaueng1.dll
- 2008-04-13 21:42:12 112,640 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 06:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-04-13 21:42:12 32,256 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 06:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-04-13 21:42:12 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 06:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-12-14 00:55:06 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-11-08 08:28:09 311,584 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-17 05:27:02 311,584 ----a-w c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS "= "c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS11 Preload "= "c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-20 98394]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-20 688218]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-05-19 155648]
"OpwareSE4 "= "c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"NeroFilterCheck "= "c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-18 196608]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-16 385024]
"IMSCMig "= "c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-02 17248]
"EOUApp "= "c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-16 356352]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan "= "SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-07-23 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-16 02:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59fd6a01-73bf-11dc-9ccc-0012f0853aff}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1a9fd64-5fe8-11db-9bb6-0012f0853aff}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FBD561C7-3FD5-2B0E-2DD8-5F3F1C46D6E6}]
C:\WINDOWS:fwcagent.exe
.
Contents in ‘Scheduled Task’ Folder

2007-10-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2007-10-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- 而外的扫描 -------
.
uStart Page = about:blank
mWindow Title = -
uInternet Settings,ProxyOverride = local
IE: 上传到QQ网络硬盘 - c:\program files\Tencent\QQ\AddToNetDisk.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: 添加到QQ自定义面板 - c:\program files\Tencent\QQ\AddPanel.htm
IE: 添加到QQ表情 - c:\program files\Tencent\QQ\AddEmotion.htm
IE: 用QQ彩信发送该图片 - c:\program files\Tencent\QQ\SendMMS.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE -
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9xvx9re7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - c:\program files\Java\j2re1.4.1_02\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_02\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_02\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_02\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF -: plugin - c:\program files\Java\j2re1.4.1_02\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava131_07.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJPI141_02.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPOJI610.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 14:26:56
Windows 5.1.2600 Service Pack 3 NTFS

Scanning hidden processes。。。 ...

Scanning hidden startup groups。。。

Scanning hidden files。。。

Scaning completed
hiden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Alerter]
"ServiceDll "= "%SystemRoot%\system32\alrsvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioSrv]
"ServiceDll "= "%SystemRoot%\System32\audiosrv.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bgsvcgen]
"ImagePath "= "c:\windows\system32\bgsvcgen.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ClipSrv]
"ImagePath "= "%SystemRoot%\system32\clipsrv.exe "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CMB8100]
"ImagePath "= "\??\c:\windows\system32\Drivers\CertClient.dat "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CMBProtector]
"ImagePath "= "\??\c:\windows\system32\Drivers\CMBProtector.dat "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
"ImagePath "= "c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
"ServiceDll "= "%SystemRoot%\System32\cryptsvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
"ServiceDll "= "%SystemRoot%\system32\rpcss.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
"ServiceDll "= "%SystemRoot%\System32\dhcpcsvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmadmin]
"ImagePath "= "%SystemRoot%\System32\dmadmin.exe /com "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
"ServiceDll "= "%SystemRoot%\System32\dnsrslvr.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot3svc]
"ServiceDll "= "%SystemRoot%\System32\dot3svc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
"ServiceDll "= "%SystemRoot%\System32\eapsvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll "= "c:\windows\system32\es.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll "= "%SystemRoot%\System32\shsvcs.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fax]
"ImagePath "= "%systemroot%\system32\fxssvc.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ]
"ServiceDll "= "%SystemRoot%\System32\hidserv.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
"ServiceDll "= "%SystemRoot%\System32\kmsvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTPFilter]
"ServiceDll "= "%SystemRoot%\System32\w3ssl.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
"ImagePath "= "\??\c:\windows\System32\DRIVERS\ipfltdrv.sys "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Irmon]
"ServiceDll "= "%SystemRoot%\System32\irmon.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmanworkstation]
"ServiceDll "= "%SystemRoot%\System32\wkssvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LPDSVC]
"ImagePath "= "%SystemRoot%\system32\tcpsvcs.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mnmsrvc]
"ImagePath "= "c:\windows\system32\mnmsrvc.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
"ImagePath "= "c:\windows\system32\msdtc.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]
"ServiceDll "= "%SystemRoot%\System32\qagentrt.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDE]
"ImagePath "= "%SystemRoot%\system32\netdde.exe "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDEdsdm]
"ImagePath "= "%SystemRoot%\system32\netdde.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
"ServiceDll "= "%SystemRoot%\System32\netman.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nla]
"ServiceDll "= "%SystemRoot%\System32\mswsock.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtLmSsp]
"ImagePath "= "%SystemRoot%\system32\lsass.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ImagePath "= "%SystemRoot%\system32\services.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
"ServiceDll "= "%SystemRoot%\System32\rasauto.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
"ServiceDll "= "%SystemRoot%\System32\rasmans.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDSessMgr]
"ImagePath "= "c:\windows\system32\sessmgr.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
"ServiceDll "= "%SystemRoot%\System32\mprdim.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
"ImagePath "= "%SystemRoot%\system32\locator.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RSVP]
"ImagePath "= "%SystemRoot%\system32\rsvp.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
"ImagePath "= "%SystemRoot%\system32\lsass.exe "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
"ImagePath "= "%SystemRoot%\System32\SCardSvr.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
"ServiceDll "= "%SystemRoot%\System32\seclogon.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
"ServiceDll "= "%SystemRoot%\System32\shsvcs.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMP]
"ImagePath "= "%SystemRoot%\System32\snmp.exe "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
"ImagePath "= "%SystemRoot%\System32\snmptrap.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
"ImagePath "= "%SystemRoot%\system32\spoolsv.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srservice]
"ServiceDll "= "c:\windows\system32\srsvc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
"ServiceDll "= "%SystemRoot%\System32\ssdpsrv.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
"ServiceDll "= "%SystemRoot%\system32\wiaservc.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SwPrv]
"ImagePath "= "c:\windows\system32\dllhost.exe /Processid:{DA91B4D8-BBC2-4F83-BBC8-27448A881400} "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysmonLog]
"ImagePath "= "%SystemRoot%\system32\smlogsvc.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
"ServiceDll "= "%SystemRoot%\System32\termsrv.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
"ServiceDll "= "%SystemRoot%\System32\shsvcs.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
"ServiceDll "= "%SystemRoot%\System32\upnphost.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
"ImagePath "= "%SystemRoot%\System32\vssvc.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
"ServiceDll "= "%SystemRoot%\System32\webclnt.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmdmPmSN]
"ServiceDll "= "c:\windows\system32\mspmsnsv.dll "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApSrv]
"ImagePath "= "c:\windows\system32\wbem\wmiapsrv.exe "
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WZCSVC]
"ServiceDll "= "%SystemRoot%\System32\wzcsvc.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
"ServiceDll "= "%SystemRoot%\System32\xmlprov.dll "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CMB8100]
"ImagePath "= "\??\c:\windows\system32\Drivers\CertClient.dat "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CMBProtector]
"ImagePath "= "\??\c:\windows\system32\Drivers\CMBProtector.dat "
.
--------------------- 运行进程下的dynamic link libraries ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
完成时间: 2008-12-17 14:28:15
ComboFix-quarantined-files.txt 2008-12-17 06:27:51
ComboFix2.txt 2008-12-12 05:09:18
ComboFix3.txt 2008-12-12 04:03:57
ComboFix4.txt 2008-12-11 12:08:30

Pre-Run: 12,991,799,296 bytes free
Post-Run: 12,949,004,288 bytes free

377 --- E O F --- 2008-11-24 13:24:45

noahdfear · 2008/12/17

Now, run ERDNT.exe in the C:\WINDOWS\ERDNT\Hiv-backup folder.
Restore the System hives only.
Reboot when prompted.

Post back and let me know the result.

jharry · 2008/12/17

Under the System check box in ERDNT.exe, there is another sub-item, "current user registry" check box. Do I leave it checked, or should I uncheck it?

noahdfear · 2008/12/17

Uncheck it.

Log in or Sign up

Solved essential services do not load at startup

noahdfear Inactive

noahdfear Inactive

jharry Inactive Thread Starter

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved essential services do not load at startup

noahdfear Inactive

noahdfear Inactive

jharry Inactive Thread Starter

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

jharry Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches