WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] please help

Started by Joecastle , Oct 05 2007 12:21 PM

Page 6 of 9
4
5
6
7
8

This topic is locked

124 replies to this topic

#76 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 18 October 2007 - 05:37 PM

Restore back to when you still have internet connectivity

Advertisements

Register to Remove

#77 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 18 October 2007 - 06:47 PM

Ok, Computer is in process of restoring back to October 4th. The day before I posted this computer's problems. So it will have more than likely all the infections that it had since day 1 of this post.

#78 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 18 October 2007 - 07:09 PM

Once restored, disconnect the machine from the net.

Grab an updated copy of ComboFix from here > http://download.blee...ta/ComboFix.exe

Run it & then post the log it produces

#79 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 20 October 2007 - 03:00 AM

Joe, is it in the canal yet?

#80 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 22 October 2007 - 04:49 PM

Not yet.

I was away for the weekend with the family. I tried every restore point all tha way back to August & system restore kept coming up that it could not restore your computer, please restart system restore. I did it in normal mode & in safe mode & kept getting the same thing. I currently installed the combofix that you last provided at this very moment & it says attempting to create a new System Restore point. I will post back with the results & a log shortly..

#81 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 22 October 2007 - 05:05 PM

Lol ... I have been scouring canals looking for it.

#82 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 22 October 2007 - 05:08 PM

So Far combofix is working in normal mode & I yet to see a pop up of any errors at this time. Combofix is still working on stage 29 @ the moment...

#83 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 22 October 2007 - 06:00 PM

Here it is..

ComboFix 07-10-19.1 - admin 2007-10-22 18:48:51.7 - FAT32x86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kr_done1

.
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.

2007-10-20 10:37 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-16 19:34 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.sys
2007-10-16 19:34 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-09 19:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-05 17:26 <DIR> d-------- C:\Documents and Settings\admin\Application Data\TrojanHunter
2007-10-05 13:57 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-04 21:47 <DIR> d-------- C:\WINDOWS\peernet
2007-10-04 21:46 <DIR> d-------- C:\WINDOWS\provisioning
2007-10-04 21:33 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2007-10-04 21:28 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-04 21:19 <DIR> d-------- C:\WINDOWS\EHome
2007-10-04 20:53 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-10-04 17:28 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-10-04 17:28 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-10-04 17:28 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-10-04 17:28 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-10-04 17:28 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-10-04 17:08 <DIR> d--h----- C:\WINDOWS\$xpsp1hfm$
2007-10-04 17:08 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-10-04 02:56 <DIR> d-------- C:\WINDOWS\system32\bits
2007-10-04 00:09 <DIR> d-------- C:\WINDOWS\pss
2007-10-03 23:49 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Grisoft
2007-10-03 23:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-03 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 23:17 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-10-03 23:17 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-10-03 23:17 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-03 23:17 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-10-03 23:17 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-10-03 23:17 33,624 --a------ C:\WINDOWS\system32\wups.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 23:24 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-09-20 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-20 23:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-20 23:07 --------- d-----w C:\Documents and Settings\admin\Application Data\AdobeUM
2007-09-20 23:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-08 02:23 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2007-09-08 02:23 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-25 15:50 412,160 ----a-w C:\WINDOWS\installer.exe
2007-03-25 01:55 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_19.28.22.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 14:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-10-15 19:48:42 585,791 ----a-w C:\WINDOWS\gmer.dll
+ 2007-06-29 13:38:18 581,632 ----a-r C:\WINDOWS\gmer.exe
+ 2007-10-15 19:48:44 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
+ 2007-10-20 04:12:04 742,744 ----a-w C:\WINDOWS\system32\restore\rstrlog.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@=

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1155247693\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R3 TOSHIBASoftModem;Toshiba Soft Modem;C:\WINDOWS\System32\DRIVERS\LTSMT.sys
R3 trid3d;trid3d;C:\WINDOWS\System32\DRIVERS\trid3dm.sys

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 19:45:18
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-22 19:50:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-12 21:07
C:\ComboFix3.txt ... 2007-10-14 15:58
C:\ComboFix2.txt ... 2007-10-15 16:02
.
--- E O F ---

#84 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 23 October 2007 - 07:43 AM

LOL ...ComboFix was supposed to be used if you had successfully restored the machine. I don't suppose those normal mode freezes got fixed.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off
if exist log.txt start notepad log.txt

Save this as query.bat Choose to "Save type as - All Files"
It should look like this: Posted Image

Double click on query.bat & allow it to run

Post back to tell me what it says

#85 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 23 October 2007 - 06:18 PM

[quote name='sUΒs' date='Oct 23 2007, 09:43 AM' post='410437']
LOL ...ComboFix was supposed to be used if you had successfully restored the machine. I don't suppose those normal mode freezes got fixed.

Nope!

----a-w 262,144 2007-07-25 22:39:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-07-25 22:39:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-07-25 22:39:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-07-25 22:39:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-07-25 22:39:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 1,843,200 2007-07-25 22:39:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-07-25 22:39:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 262,144 2007-07-25 22:39:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-07-25 22:39:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,114,816 2007-07-25 22:39:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,846,720 2007-07-25 22:39:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-07-25 22:39:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP13\snapshot\_REGISTRY_MACHINE_SAM
----a-w 262,144 2007-07-26 23:25:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-07-26 23:25:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-07-26 23:25:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-07-26 23:25:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-07-26 23:25:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 1,843,200 2007-07-26 23:26:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-07-26 23:26:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 262,144 2007-07-26 23:26:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-07-26 23:26:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,114,816 2007-07-26 23:26:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,846,720 2007-07-26 23:26:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-07-26 23:26:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP14\snapshot\_REGISTRY_MACHINE_SAM
----a-w 262,144 2007-08-04 03:59:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-08-04 03:59:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-08-04 03:59:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-08-04 03:59:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-08-04 03:59:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-08-04 03:59:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-08-04 03:59:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 262,144 2007-08-04 03:59:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-08-04 03:59:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,114,816 2007-08-04 03:59:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,859,008 2007-08-04 03:59:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-08-04 03:59:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP15\snapshot\_REGISTRY_MACHINE_SAM
----a-w 262,144 2007-08-20 23:23:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-08-20 23:23:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-08-20 23:23:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-08-20 23:23:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-08-20 23:23:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-08-20 23:23:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-08-20 23:23:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 262,144 2007-08-20 23:23:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-08-20 23:23:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,114,816 2007-08-20 23:23:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,859,008 2007-08-20 23:23:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-08-20 23:23:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP16\snapshot\_REGISTRY_MACHINE_SAM
----a-w 262,144 2007-08-26 14:12:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-08-26 14:12:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-08-26 14:12:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-08-26 14:12:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-08-26 14:12:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-08-26 14:12:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-08-26 14:12:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 262,144 2007-08-26 14:12:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-08-26 14:12:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,114,816 2007-08-26 14:12:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,859,008 2007-08-26 14:12:36 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-08-26 14:12:36 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP17\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-08-30 02:41:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-08-30 02:41:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-08-30 02:41:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-08-30 02:41:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-08-30 02:41:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-08-30 02:41:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-08-30 02:41:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-08-30 02:41:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-08-30 02:41:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,360,576 2007-08-30 02:42:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,867,200 2007-08-30 02:42:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-08-30 02:42:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP18\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-04 01:47:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-04 01:47:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-04 01:47:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-04 01:47:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-04 01:47:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-04 01:47:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-04 01:47:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-04 01:47:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-04 01:47:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,360,576 2007-09-04 01:47:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,867,200 2007-09-04 01:47:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-04 01:47:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP19\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-08 16:30:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-08 16:30:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-08 16:30:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-08 16:30:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-08 16:30:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-08 16:30:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-08 16:30:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-08 16:30:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-08 16:30:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,368,768 2007-09-08 16:30:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,871,296 2007-09-08 16:30:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-08 16:30:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP20\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-08 16:58:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,364,672 2007-09-08 16:58:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,871,296 2007-09-08 16:58:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-08 16:58:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP21\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-19 10:38:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-19 10:38:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-19 10:38:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,372,864 2007-09-19 10:38:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,871,296 2007-09-19 10:38:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-19 10:38:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP22\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-20 10:54:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-20 10:54:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-20 10:54:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-20 10:54:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-20 10:54:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-20 10:54:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-20 10:54:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-20 10:54:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-20 10:54:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,372,864 2007-09-20 10:54:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,871,296 2007-09-20 10:54:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-20 10:54:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP23\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-20 23:02:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-20 23:02:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-20 23:02:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-20 23:02:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-20 23:02:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-20 23:02:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-20 23:02:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-20 23:02:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-20 23:02:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,372,864 2007-09-20 23:02:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,871,296 2007-09-20 23:02:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-20 23:02:22 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP24\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-20 23:20:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-20 23:20:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-20 23:20:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-20 23:20:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-20 23:20:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-20 23:20:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-20 23:20:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-20 23:20:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 40,960 2007-09-20 23:20:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,536,704 2007-09-20 23:20:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,875,392 2007-09-20 23:20:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-20 23:20:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP25\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-20 23:23:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-20 23:23:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-20 23:23:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-20 23:23:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-20 23:23:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-20 23:24:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-20 23:24:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-20 23:24:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 40,960 2007-09-20 23:24:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,536,704 2007-09-20 23:24:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,875,392 2007-09-20 23:24:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-20 23:24:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP26\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-09-28 01:29:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-09-28 01:29:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-09-28 01:29:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-09-28 01:29:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-09-28 01:29:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-09-28 01:29:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-09-28 01:29:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-09-28 01:29:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-09-28 01:29:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,553,088 2007-09-28 01:29:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,899,968 2007-09-28 01:29:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-09-28 01:29:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP27\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 06:55:36 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 06:55:36 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 06:55:36 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 06:55:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 06:55:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 06:55:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 06:55:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 06:55:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 06:55:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 06:55:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,916,352 2007-10-04 06:55:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 06:55:44 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP28\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 06:56:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 06:56:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,916,352 2007-10-04 06:56:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 06:56:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP29\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:07:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:07:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:07:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-04 21:07:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:07:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP30\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:14:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:14:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:15:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-04 21:15:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:15:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP31\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:19:40 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:19:42 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:19:42 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:19:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:19:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:19:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:19:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:19:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:19:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:20:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-04 21:20:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:20:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP32\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:23:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:23:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:23:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:23:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:23:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:23:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:23:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:23:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:23:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:23:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-04 21:23:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:23:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP33\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:26:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:26:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:26:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:26:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:26:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:26:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:26:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:26:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:26:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:27:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-04 21:27:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:27:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP34\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:36:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:36:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:36:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:36:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:36:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:36:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:36:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:36:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:36:58 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:37:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-04 21:37:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:37:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP35\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:39:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:39:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:39:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:39:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:39:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:39:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:39:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:39:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:39:54 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:40:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,928,640 2007-10-04 21:40:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:40:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP36\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:44:26 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:44:28 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:44:28 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:44:28 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:44:28 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:44:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:44:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:44:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:44:30 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:44:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,940,928 2007-10-04 21:44:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:44:38 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP37\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:46:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:46:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:46:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:46:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:46:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:46:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:46:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:46:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:46:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:46:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,949,120 2007-10-04 21:46:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:46:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP38\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:47:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:47:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:47:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:47:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:47:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:47:26 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:47:26 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:47:26 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:47:26 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:47:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,949,120 2007-10-04 21:47:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:47:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP39\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-04 21:50:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-04 21:50:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-04 21:50:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-04 21:50:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-04 21:50:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-04 21:50:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-04 21:50:08 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-04 21:50:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-04 21:50:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-04 21:50:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,949,120 2007-10-04 21:50:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-04 21:50:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP40\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-05 00:13:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-05 00:13:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-05 00:13:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-05 00:13:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-05 00:13:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-05 00:13:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-05 00:13:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-05 00:13:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-05 00:13:52 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-05 00:13:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-05 00:13:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-05 00:13:56 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP41\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-05 01:14:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-05 01:14:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-05 01:14:06 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-05 01:14:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,924,544 2007-10-05 01:14:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-05 01:14:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP42\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-05 01:30:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-05 01:30:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-05 01:30:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-05 01:30:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-05 01:30:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-05 01:30:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-05 01:30:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-05 01:30:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-05 01:30:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 14,745,600 2007-10-05 01:30:22 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 2,998,272 2007-10-05 01:30:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-05 01:30:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP43\snapshot\_REGISTRY_MACHINE_SAM
----a-w 266,240 2007-10-07 18:19:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-07 18:19:22 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-07 18:19:22 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
----a-w 237,568 2007-10-07 18:19:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
----a-w 8,192 2007-10-07 18:19:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 2,895,872 2007-10-07 18:19:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-07 18:19:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 266,240 2007-10-07 18:19:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-07 18:19:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 15,089,664 2007-10-07 18:20:50 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 5,865,472 2007-10-07 18:21:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-07 18:21:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP44\snapshot\_REGISTRY_MACHINE_SAM
----a-w 270,336 2007-10-19 00:49:18 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-19 00:49:20 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-19 00:49:22 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
---ha-w 237,568 2007-10-15 22:29:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
---ha-w 262,144 2007-10-15 22:29:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 1,806,336 2007-10-19 00:49:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-19 00:49:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 270,336 2007-10-19 00:49:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-19 00:49:34 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 15,089,664 2007-10-19 00:50:24 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 5,865,472 2007-10-19 00:50:40 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-19 00:50:40 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP46\snapshot\_REGISTRY_MACHINE_SAM
----a-w 270,336 2007-10-20 03:05:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-20 03:05:46 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-20 03:05:48 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
---ha-w 237,568 2007-10-15 22:29:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
---ha-w 262,144 2007-10-15 22:29:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 1,806,336 2007-10-20 03:06:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-20 03:06:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 270,336 2007-10-20 03:06:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-20 03:06:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 15,089,664 2007-10-20 03:07:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 5,935,104 2007-10-20 03:08:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-20 03:08:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP55\snapshot\_REGISTRY_MACHINE_SAM
----a-w 270,336 2007-10-22 22:42:00 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
----a-w 237,568 2007-10-22 22:42:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
----a-w 8,192 2007-10-22 22:42:02 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
---ha-w 237,568 2007-10-15 22:29:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
---ha-w 262,144 2007-10-15 22:29:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
----a-w 1,806,336 2007-10-22 22:42:10 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-1003
----a-w 8,192 2007-10-22 22:42:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-1003
---ha-w 524,288 2007-10-20 14:22:04 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-789336058-1060284298-500
---ha-w 262,144 2007-10-20 03:52:48 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-789336058-1060284298-500
----a-w 270,336 2007-10-22 22:42:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_USER_.DEFAULT
----a-w 36,864 2007-10-22 22:42:12 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_MACHINE_SECURITY
----a-w 15,089,664 2007-10-22 22:43:32 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_MACHINE_SOFTWARE
----a-w 5,939,200 2007-10-22 22:44:14 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_MACHINE_SYSTEM
----a-w 24,576 2007-10-22 22:44:16 C:\System Volume Information\_restore{9E586DC4-442E-4A1A-8977-1272C213B675}\RP61\snapshot\_REGISTRY_MACHINE_SAM

Advertisements

Register to Remove

#86 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 23 October 2007 - 07:15 PM

Joe,

Please download & run this --> http://download.blee.../hardcastle.exe

It shall reboot the machine.

After it has rebooted, please tell me if your internet connection got restored.

#87 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 23 October 2007 - 07:48 PM

Negative on the connection. After reboot I went into control panel then to network connections and after it opens the is nothing in the folder. No Local Area connection Icon..

#88 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 23 October 2007 - 07:49 PM

Did you get any error messages when you ran hardcastle.exe ?

#89 Joecastle

Authentic Member

Authentic Member
215 posts

Posted 23 October 2007 - 07:51 PM

No..

#90 sUΒs

Authentic Member

Malware Expert
189 posts

Posted 23 October 2007 - 07:58 PM

Negative on the connection. After reboot I went into control panel then to network connections and after it opens the is nothing in the folder. No Local Area connection Icon..

HeHe ... I don't suppose you were in Safe Mode when you did that.

Refering to post #59, please run fix.bat again. I want to see which of your processes aren't running.
This must be performed from normal Mode.

Body Background

skin color theme