Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heavily infected


  • This topic is locked This topic is locked
49 replies to this topic

#1 Prathamesh

Prathamesh

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 18 May 2010 - 07:44 AM

My computer is heavily infected. I am unable to install any antivirus. Task manager, ms config, regedit all are disabled.
Whenever i try to install an antivirus, it stops midway and rolls back action.

Please help

I've attached a DDS log and i can't run GMER

Thanks in advance

Attached Files

  • Attached File  DDS.txt   14.97KB   17 downloads


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 19 May 2010 - 04:07 PM

Hello.

My name is Extremeboy (or EB for short), and I will be helping you with your log.

You're quite heavily infected here. We need to do quite a bit of things to clear up this mess.

I want you to perform one more scan for me please.

Download and run OTL
  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.
  4. Push the button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 20 May 2010 - 05:31 AM

Thank you very much

I've attached files you said

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 21 May 2010 - 09:48 PM

Hello.

Thanks for those logs, we are going to first start off with Combofix and continue from there.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 22 May 2010 - 04:43 AM

Ok, I ran combo fix and here is the log.

But i had ended some processes by a software called "kill process" as the computer was very slow. Some of these processes may have been of viruses.

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 22 May 2010 - 09:43 AM

Hello.

There's still a lot to do.

First...

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 22 May 2010 - 10:49 AM

Well I did what you said to do.

But has the infections been completely removed from my flash drives. I've an external hard drive and 2 flash drives. I had backed up some up my data in it. So it is sure to have all the viruses in it.

Well i had inserted my flash drives while creating the otl log. So there are the extra drives which didn't appear while the previous log.

So. how can I remove the viruses from my flash drives.

And one more thing, the FlashDisinfector that i used only ran for 2 seconds and it said done and closed. Is it normal.
Thanks

Attached Files


Edited by Prathamesh, 22 May 2010 - 10:57 AM.


#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 22 May 2010 - 04:26 PM

Usually, if you have no executable then it should be fine. Any data files or document files etc... should be safe and fine.

QUOTE
And one more thing, the FlashDisinfector that i used only ran for 2 seconds and it said done and closed. Is it normal.

Yes.

QUOTE
So. how can I remove the viruses from my flash drives.

If you have your data backed up, you might just wish to format the entire drive on your flash-drives. Flash-drive infections don't infect your files directly like file infectors but they may have added certain things on the flash-drive to allow it to spread which in that case, flash-drive disinfector helps prevent that.

Can you get a GMER scan done now with the following instructions...

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 24 May 2010 - 12:43 AM

Hello, I ran Gmer.

It ran perfectly and after its scan was over, i saved the log. After some there was the blue screen of death with the technical information :-

***STOP : 0X000000F4 (0X00000003, 0X8221ADAO, 0X8221AF14, 0X80604438)

THIS HAPPENED TWICE

And the log is ( I'm posting it here because I don't have enough attachment space left)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-24 10:31:50
Windows 5.1.2600 Service Pack 2
Running: lhtw1i8c.exe; Driver: C:\DOCUME~1\Nana\LOCALS~1\Temp\axtdapog.sys


---- System - GMER 1.0.15 ----

SSDT spkl.sys ZwCreateKey [0xF84220E0]
SSDT spkl.sys ZwEnumerateKey [0xF8440CA2]
SSDT spkl.sys ZwEnumerateValueKey [0xF8441030]
SSDT spkl.sys ZwOpenKey [0xF84220C0]
SSDT spkl.sys ZwQueryKey [0xF8441108]
SSDT spkl.sys ZwQueryValueKey [0xF8440F88]
SSDT spkl.sys ZwSetValueKey [0xF844119A]

INT 0x62 ? 82385BF8
INT 0x63 ? 8238ABF8
INT 0x63 ? 821FED98
INT 0x63 ? 8238ABF8
INT 0x73 ? 82385BF8
INT 0x73 ? 82385BF8
INT 0x73 ? 821FED98
INT 0x73 ? 82385BF8
INT 0x82 ? 82385BF8
INT 0xA4 ? 821FED98
INT 0xB4 ? 821FED98

---- Kernel code sections - GMER 1.0.15 ----

? spkl.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7CBB62C 5 Bytes JMP 821FE378
.text a6qys0xe.SYS F7B95386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6qys0xe.SYS F7B953AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6qys0xe.SYS F7B953C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a6qys0xe.SYS F7B953C9 1 Byte [2E]
.text a6qys0xe.SYS F7B953C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xA9CF8000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA9CF9000, 0x1000, 0x00000000]
? C:\WINDOWS\system32\drivers\kdnrt.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8238A2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8453C4C] spkl.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8453CA0] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8423040] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842313C] spkl.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84230BE] spkl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84237FC] spkl.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84236D2] spkl.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821FE478
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8433048] spkl.sys
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a6qys0xe.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [AA57B820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [AA57B820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[TDI.SYS!TdiRegisterDeviceObject] [AA57B820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\Ip6Fw.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipfltdrv.sys[ntoskrnl.exe!IoCreateDevice] [AA57B6D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823821F8

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\NetBT \Device\NetBT_Tcpip_{78B6E95F-BFA5-40C5-9D2B-BC231B574682} 8215B500
Device \Driver\sptd \Device\3980654894 spkl.sys
Device \Driver\usbuhci \Device\USBPDO-0 821FA1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 823861F8
Device \Driver\dmio \Device\DmControl\DmConfig 823861F8
Device \Driver\dmio \Device\DmControl\DmPnP 823861F8
Device \Driver\dmio \Device\DmControl\DmInfo 823861F8
Device \Driver\usbuhci \Device\USBPDO-1 821FA1F8
Device \Driver\usbuhci \Device\USBPDO-2 821FA1F8
Device \Driver\usbuhci \Device\USBPDO-3 821FA1F8

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823871F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823871F8
Device \Driver\Cdrom \Device\CdRom0 821B11F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 823871F8
Device \Driver\Cdrom \Device\CdRom1 821B11F8
Device \Driver\atapi \Device\Ide\IdePort0 823851F8
Device \Driver\atapi \Device\Ide\IdePort1 823851F8
Device \Driver\atapi \Device\Ide\IdePort2 823851F8
Device \Driver\atapi \Device\Ide\IdePort3 823851F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 823851F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 823851F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 823871F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8215B500
Device \Driver\NetBT \Device\NetbiosSmb 8215B500
Device \Driver\PCI_PNP4894 \Device\0000004e spkl.sys

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 821FA1F8
Device \Driver\usbuhci \Device\USBFDO-1 821FA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81D73500
Device \Driver\usbuhci \Device\USBFDO-2 821FA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81D73500
Device \Driver\usbuhci \Device\USBFDO-3 821FA1F8
Device \Driver\Ftdisk \Device\FtControl 823871F8
Device \Driver\a6qys0xe \Device\Scsi\a6qys0xe1 821913A8
Device \Driver\a6qys0xe \Device\Scsi\a6qys0xe1Port5Path0Target0Lun0 821913A8
Device \Driver\iteatapi \Device\Scsi\iteatapi1 823841F8
Device \FileSystem\Cdfs \Cdfs 81DC8500

---- EOF - GMER 1.0.15 ----


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 24 May 2010 - 01:16 PM

Hello.

That BSOD error seems to be something related to hardware/memory. However, there's still some malware left on your machine that we need to deal with.

Can you run this tool for me, post the log once it's done.

Download and Run TDSSKiller
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 24 May 2010 - 11:56 PM

Hey , I forgot to tell you that I can't open any kaspersky website or anything related to it.

But I don't think I have conficker virus as I can open all other antivirus websites and Microsoft websites.

I also forgot to tell you how I got all those viruses:-

I was a happy user of Kaspersky Internet Security 2010(original and registered). But one day, my father's friend came to show my father, some of his photos in a flash drive.

When I inserted the flash drive, I scanned it using Kaspersky Internet Security 2010.
While scanning it Kaspersky suddenly closed and refused to open. I uninstalled it and tried to reinstall it but i couldn't reinstall it. It closed midway while installing.

Then i couldn't also install any antivirus and my computer became very slow and other problems came like Task manager, ms config, regedit became disabled.

So i consulted bleeping computer.

So please give me another link to TDSSKiller

And one more thing, which country are you from and what's your age. I don't think your age is 91 which you have given on your account.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 25 May 2010 - 04:36 PM

Hello again.

Yes, conficker -probably not since I don't see evidence of that in the logs either. It's the malware that's blocking it from being executed which is quite normal for infections such as these.

Regarding the experience you encounted with the flash-drive, my prediction would be probably a flash-drive/removable drive infection that caused it to spread onto the computer. Infections spreading over removable drives are quite prevalent now a days and is possible that you got it through there.

We can try something else here, but that's the direct download link to that tool.

QUOTE
And one more thing, which country are you from and what's your age. I don't think your age is 91 which you have given on your account.

That's my own personal information, and I do not think you need this information? I can tell you that I am from Canada. Yes, I am not 91 years old, infact my profile says I'm 98 years old. tongue.gif However, rest-assured that any assistance you are receiving here is done through a long process of training from known experts and instructors. However, then again BleepingComputer nor I are responsible for any information posted by others that are inaccurate and are to be followed by your own risk as stated here.




Can you try Combofix, let me know how it goes... Instructions are as followed...

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 27 May 2010 - 02:36 AM

Hey , I didn't mean to be rude. I only asked for yor age. It's no problem if don't want to tell it. I guess you may be in your 20s smile.gif But can I be your friend? My email id is prathamesh96 at gmail dot com huh.gif

By the way, it's till summer in canada, but it still would be cool. Well, I'm from India and the temperature is 44 Celsius/111.2 Farhenheit(I'm not exaggareting) wacko.gif It would be so intersesting to ski and snowmobile. And i've also heard about maple syrup, how does it tastes.


QUOTE
Regarding the experience you encounted with the flash-drive, my prediction would be probably a flash-drive/removable drive infection that caused it to spread onto the computer. Infections spreading over removable drives are quite prevalent now a days and is possible that you got it through there.


This happened months ago.


QUOTE
Then i couldn't also install any antivirus and my computer became very slow and other problems came like Task manager, ms config, regedit became disabled.


About this I wrote in the first post.

And about the combofix, i have already ran combofix once, and this problem about not being able to open any kaspersky website or anything related to it. ocurred months ago.

So why do you need another combofix log

And about tdsskiller, you download it and create an account in 4shared.com and upload it there and give me a link to it,

And presently I'm not at home so I can't post a combofix log, but are you sure that you need it.

Edited by extremeboy, 27 May 2010 - 06:40 AM.


#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 27 May 2010 - 09:16 PM

Hello.

No worries, nothing offensive was taken. I understand your intentions were not bad. I edited your post slightly since you posted your full e-mail and doing that can cause a lot of spam bots spamming mails. ;)

I know how hot India can be, Canada these days are warming up -heard to be one of the historical highest temperature in May.

You need to understand that uploading programs and softwares that are copy write protected or that does not have the original authors consent, it is forbidden. Kaspersky as a large corporation, uplading/hosting files like that are not allowed.

Yes, please run Combofix once more. Regarding, whether or not Kaspersky is related we will deal with afterwards.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Prathamesh

Prathamesh
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bhubaneswar, Orissa, India
  • Local time:04:16 AM

Posted 29 May 2010 - 12:48 AM

ComboFix 10-05-21.04 - Nana 05/28/2010 12:25:45.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.183 [GMT 5.5:30]
Running from: c:\documents and settings\Nana\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regsvr.exe
c:\windows\system32\28463
c:\windows\system32\28463\svchost.001
c:\windows\system32\28463\svchost.002
c:\windows\system32\28463\svchost.exe
c:\windows\system32\regsvr.exe
c:\windows\system32\setting.ini
c:\windows\system32\setup.ini
c:\windows\system32\svchost .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2012-08-26 05:19 . 2012-08-26 05:19 -------- d-----w- c:\documents and settings\Nana\Application Data\AdobeUM
2012-08-26 05:17 . 2012-08-26 05:17 -------- d-----w- C:\TradeAnywhere
2012-08-26 05:15 . 2012-08-26 05:14 0 ----a-w- c:\windows\system32\Secureguard.vbs
2012-08-26 05:11 . 2003-03-01 01:26 139536 ----a-w- c:\windows\system32\javaee.dll
2012-08-26 04:49 . 2012-08-26 04:49 -------- d-----w- c:\windows\Sun
2012-08-26 04:47 . 2009-10-10 22:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2012-08-26 04:47 . 2010-04-09 16:15 -------- d-----w- c:\program files\Java
2012-08-26 04:47 . 2012-08-26 04:47 152576 ----a-w- c:\documents and settings\Nana\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2012-08-26 04:36 . 2010-02-07 11:17 249856 ----a-w- c:\windows\system32\msinfhlp.exe
2012-08-26 04:36 . 2009-10-17 19:27 -------- d-----w- C:\KEAT
2012-08-26 04:36 . 1998-06-16 07:00 132224 ----a-w- c:\windows\system32\vjreg.exe
2012-08-26 04:23 . 2012-08-26 04:23 -------- d-----w- C:\Sharekhan
2012-08-26 04:15 . 2012-08-26 04:15 -------- d-----w- c:\program files\Sharekhan
2012-08-26 04:01 . 2012-08-26 04:00 3 ----a-w- c:\windows\system32\protectfile.vbs
2012-08-26 03:46 . 2012-08-26 05:18 -------- d-----w- c:\documents and settings\Nana\Local Settings\Application Data\Adobe
2012-08-26 03:33 . 2012-08-26 03:33 -------- d-----w- c:\windows\system32\Lang
2012-08-26 03:30 . 2006-03-23 04:12 139264 ----a-r- c:\windows\system32\igfxres.dll
2012-08-26 03:29 . 2006-04-11 08:32 51 ----a-w- C:\delnis.bat
2012-08-26 03:28 . 2009-10-25 20:40 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-26 03:27 . 2012-08-26 03:28 12800 -c--a-w- c:\windows\BS_DEF.sys
2012-08-26 03:27 . 2006-01-10 08:50 24576 ----a-r- c:\windows\system32\AsIO.dll
2012-08-26 03:27 . 2005-12-22 02:22 5685 ----a-r- c:\windows\system32\drivers\AsIO.sys
2012-08-26 03:27 . 2012-08-26 03:27 -------- d-----w- c:\program files\ASUS
2012-08-26 03:27 . 2004-09-07 18:41 5120 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2012-08-26 03:27 . 2004-03-10 21:31 3328 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2012-08-26 03:26 . 2005-06-23 02:59 17408 ----a-r- c:\windows\system32\EtCo32.dll
2012-08-26 03:26 . 2005-07-06 08:12 163840 ----a-r- c:\windows\system32\e1000msg.dll
2012-08-26 03:26 . 2005-06-15 05:27 126976 ----a-r- c:\windows\system32\Prounstl.exe
2012-08-26 03:26 . 2005-06-14 14:08 20480 ----a-r- c:\windows\system32\NicCo32.dll
2012-08-26 03:26 . 2005-05-18 23:28 21504 ----a-r- c:\windows\system32\NicIn32.dll
2012-08-26 03:26 . 2005-09-14 09:24 179200 ----a-r- c:\windows\system32\drivers\e1e5132.sys
2012-08-26 03:25 . 2005-10-28 08:11 27648 ----a-r- c:\windows\system32\drivers\iteatapi.sys
2012-08-26 03:23 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-08-26 03:23 . 2006-02-20 09:00 86016 ------r- c:\windows\SoundMan.exe
2012-08-26 03:23 . 2006-03-09 09:45 364544 -c----r- c:\windows\RtlUpd.exe
2012-08-26 03:23 . 2006-04-06 06:20 4258816 ------r- c:\windows\system32\drivers\RtkHDAud.Sys
2012-08-26 03:23 . 2006-03-14 07:49 9711104 -c----r- c:\windows\RTLCPL.exe
2012-08-26 03:23 . 2006-04-04 09:44 16120832 ------r- c:\windows\RTHDCPL.exe
2012-08-26 03:23 . 2006-03-10 11:32 2158592 -c----r- c:\windows\MicCal.exe
2012-08-26 03:23 . 2006-03-14 07:45 2809344 -c----r- c:\windows\alcwzrd.exe
2012-08-26 03:23 . 2012-08-26 03:23 -------- d-----w- c:\program files\Realtek
2012-08-26 03:23 . 2010-02-07 12:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-08-26 03:20 . 2012-08-26 03:26 -------- d-----w- c:\program files\Intel
2012-08-26 03:19 . 2004-08-13 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2012-08-26 03:19 . 2004-04-27 07:26 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-08-26 02:48 . 2010-05-26 05:46 69336 ----a-w- c:\documents and settings\Nana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-24 14:04 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-08-24 14:04 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-08-24 14:03 . 2012-08-24 14:03 -------- d-----w- c:\program files\Common Files\L&H
2012-08-24 14:03 . 2012-08-24 14:03 -------- d-----w- c:\program files\Microsoft.NET
2012-08-24 14:02 . 2012-08-24 14:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-08-24 14:01 . 2012-08-24 14:01 -------- d-----w- c:\program files\Microsoft Works
2012-08-24 14:01 . 2012-08-24 14:03 -------- d-----w- c:\windows\SHELLNEW
2012-08-24 13:48 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-08-24 04:36 . 2012-08-24 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-28 06:20 . 2010-05-28 06:20 160016 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-28 06:19 . 2010-05-28 06:19 -------- d-----w- c:\program files\MSBuild
2010-05-28 06:19 . 2010-05-28 06:19 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-28 06:19 . 2010-05-28 06:19 -------- d-----w- c:\program files\Reference Assemblies
2010-05-28 06:18 . 2007-03-22 14:54 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-28 06:18 . 2006-06-29 07:37 14048 ------w- c:\windows\system32\spmsg2.dll
2010-05-28 06:12 . 2010-05-28 06:12 -------- d-----w- c:\program files\MSXML 6.0
2010-05-26 07:16 . 2010-05-26 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG7
2010-05-26 05:46 . 2010-05-26 05:49 -------- d-----w- c:\program files\Total Video Converter
2010-05-26 05:18 . 2010-05-26 05:27 -------- d-----w- c:\documents and settings\Nana\Application Data\dvdcss
2010-05-24 03:41 . 2010-05-24 03:41 -------- d-s---w- c:\documents and settings\Nana\UserData
2010-05-21 17:30 . 2010-05-21 17:30 258048 ----a-w- c:\windows\system32\svcs32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 05:11 . 2012-08-26 05:11 2678 ----a-w- c:\windows\java\Packages\Data\MQ0531JJ.DAT
2012-08-26 05:11 . 2012-08-26 05:11 2678 ----a-w- c:\windows\java\Packages\Data\D731N3JV.DAT
2012-08-26 05:11 . 2012-08-26 05:11 2678 ----a-w- c:\windows\java\Packages\Data\PZBRDNTN.DAT
2012-08-26 05:11 . 2012-08-26 05:11 2678 ----a-w- c:\windows\java\Packages\Data\LN1FXZDF.DAT
2012-08-26 05:11 . 2012-08-26 05:11 2678 ----a-w- c:\windows\java\Packages\Data\G1B3RRNN.DAT
2012-08-26 05:10 . 2012-08-26 05:10 2232 ----a-w- c:\windows\java\Packages\Data\FVVD7TN9.DAT
2012-08-26 05:10 . 2012-08-26 05:10 155995 ----a-w- c:\windows\java\Packages\2AMQHJN3.ZIP
2012-08-24 04:27 . 2009-08-24 04:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-28 06:07 . 2009-09-01 23:18 -------- d-----w- c:\program files\PowerArchiver
2010-05-26 06:58 . 2009-11-07 01:36 -------- d-----w- c:\documents and settings\Nana\Application Data\vlc
2010-05-24 22:35 . 2010-01-14 17:58 -------- d-----w- c:\program files\Sunnyprofits
2010-05-24 10:07 . 2010-03-28 06:10 -------- d-----w- c:\documents and settings\Nana\Application Data\uTorrent
2010-05-22 08:35 . 2010-04-27 06:38 -------- d-----w- c:\program files\Utilities
2010-05-22 07:47 . 2010-05-20 01:25 42009 ----a-w- c:\windows\system32\drivers\hosts
2010-05-20 01:32 . 2010-03-14 16:33 5138 --sha-r- C:\ProtectFile.vbs
2010-05-20 01:30 . 2010-04-16 09:37 -------- d-----w- c:\program files\SpeedFan
2010-04-28 06:44 . 2010-04-26 06:22 -------- d-----w- c:\program files\Microsoft Student
2010-04-27 06:53 . 2010-04-25 06:01 -------- d-----w- c:\program files\MagicISO
2010-04-27 06:39 . 2010-04-27 06:39 -------- d-----w- c:\program files\USB
2010-04-26 06:21 . 2010-04-26 06:21 -------- d-----w- c:\program files\Learning Essentials
2010-04-25 06:08 . 2010-03-21 09:54 -------- d-----w- c:\program files\MKV Player
2010-04-23 11:36 . 2010-04-23 11:36 170 ----a-w- c:\program files\1bomb.ini
2010-04-22 16:03 . 2010-04-22 16:03 -------- d-----w- c:\program files\Common Files\Nokia
2010-04-22 16:03 . 2009-10-17 18:45 -------- d-----w- c:\program files\Common Files\PCSuite
2010-04-22 15:58 . 2009-10-17 18:45 -------- d-----w- c:\program files\Nokia
2010-04-15 10:29 . 2010-04-15 10:29 52224 ----a-w- c:\documents and settings\Nana\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-15 10:29 . 2010-04-15 10:29 117760 ----a-w- c:\documents and settings\Nana\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-11 08:51 . 2010-04-11 08:50 -------- d-----w- c:\program files\Pokemon PC
2010-04-11 08:38 . 2010-04-11 08:38 61440 ----a-w- c:\documents and settings\Nana\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76596a9a-n\decora-sse.dll
2010-04-11 08:38 . 2010-04-11 08:38 12800 ----a-w- c:\documents and settings\Nana\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76596a9a-n\decora-d3d.dll
2010-04-11 08:38 . 2010-04-11 08:38 503808 ----a-w- c:\documents and settings\Nana\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52240d88-n\msvcp71.dll
2010-04-11 08:38 . 2010-04-11 08:38 499712 ----a-w- c:\documents and settings\Nana\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52240d88-n\jmc.dll
2010-04-11 08:38 . 2010-04-11 08:38 348160 ----a-w- c:\documents and settings\Nana\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52240d88-n\msvcr71.dll
2010-04-11 08:14 . 2010-04-11 08:14 -------- d-----w- c:\program files\Opera
2010-04-11 07:32 . 2010-03-28 06:11 -------- d-----w- c:\program files\uTorrent
2010-04-09 16:16 . 2010-04-09 16:16 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 12:06 . 2010-04-06 12:06 -------- d-----w- c:\documents and settings\Nana\Application Data\Nero
2010-04-06 12:05 . 2010-04-06 12:05 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-06 12:05 . 2010-04-06 12:05 -------- d-----w- c:\program files\Nero
2010-03-14 16:11 . 2010-03-14 16:11 0 ----a-w- c:\documents and settings\Nana\boot.vbs
2010-03-07 14:54 . 2010-03-07 14:54 41 ----a-w- c:\documents and settings\Nana\jagex_runescape_preferences.dat
2010-03-06 06:35 . 2010-03-06 06:35 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2010-01-03 12:50 . 2009-10-08 06:53 491040 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-03 12:50 . 2009-10-08 06:53 131104 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-05-22_07.59.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-09 07:28 . 2007-10-09 07:28 16896 c:\windows\system32\tswpfwrp.exe
+ 2010-05-28 06:18 . 2007-03-22 15:24 35840 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 33304 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-04 01:07 . 2010-05-28 06:20 68404 c:\windows\system32\perfc009.dat
+ 2007-10-23 20:17 . 2007-10-23 20:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 84480 c:\windows\system32\mscories.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 88576 c:\windows\system32\infocardapi.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 11776 c:\windows\system32\icardres.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 73752 c:\windows\system32\dxva2.dll
+ 2007-03-22 14:54 . 2007-03-22 14:54 28160 c:\windows\system32\dllcache\FilterPipelinePrintProc.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 96760 c:\windows\system32\dfshim.dll
+ 2007-11-07 13:32 . 2007-11-07 13:32 71160 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2007-11-07 13:32 . 2007-11-07 13:32 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2007-11-07 13:32 . 2007-11-07 13:32 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2052.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1042.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 95736 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1041.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 90104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1028.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 83456 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2052.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 93696 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1042.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 96768 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1041.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1028.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\DeleteTemp.exe
+ 2007-11-07 13:32 . 2007-11-07 13:32 28672 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2007-11-07 13:32 . 2007-11-07 13:32 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2007-11-07 13:32 . 2007-11-07 13:32 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2007-10-09 07:28 . 2007-10-09 07:28 14848 c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2007-10-09 07:28 . 2007-10-09 07:28 36864 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 07:28 . 2007-10-09 07:28 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 76312 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2007-10-05 21:48 . 2007-10-05 21:48 16936 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2007-10-11 04:25 . 2007-10-11 04:25 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 11264 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 61440 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 20:17 . 2007-10-23 20:17 90112 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 89096 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 70144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 47104 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 66552 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 33280 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 32776 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 17928 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 59392 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 99320 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 97280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-11-07 11:58 . 2007-11-07 11:58 22016 c:\windows\Installer\4972a8.msp
+ 2007-11-07 12:02 . 2007-11-07 12:02 74240 c:\windows\Installer\4972a4.msp
+ 2007-11-07 11:51 . 2007-11-07 11:51 24576 c:\windows\Installer\4972a1.msp
+ 2010-05-28 06:16 . 2010-05-28 06:16 86528 c:\windows\Installer\43bd4b.msi
+ 2010-05-28 06:25 . 2010-05-28 06:25 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2010-05-28 06:19 . 2010-05-28 06:19 81920 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 86016 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 32768 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 10240 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 40960 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 2560 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 14:29 . 2005-09-23 14:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2012-08-26 04:10 . 2012-08-26 04:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-06 19:49 . 2007-11-06 19:49 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 19:49 . 2007-11-06 19:49 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 14:53 . 2007-11-06 14:53 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 308760 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-03-23 00:37 . 2007-03-23 00:37 583504 c:\windows\system32\XPSSHHDR.dll
+ 2006-10-24 07:00 . 2006-10-24 07:00 276992 c:\windows\system32\WMPhoto.dll
+ 2006-10-24 06:59 . 2006-10-24 06:59 352256 c:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 07:00 . 2006-10-24 07:00 716288 c:\windows\system32\WindowsCodecs.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 161304 c:\windows\system32\UIAutomationCore.dll
+ 2010-05-28 06:18 . 2007-03-22 14:54 762880 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2010-05-28 06:18 . 2007-03-22 14:54 762880 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2010-05-28 06:18 . 2007-03-22 15:23 746496 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2010-05-28 06:18 . 2007-03-22 15:23 746496 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-22 14:55 . 2007-03-22 14:55 677376 c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2007-03-22 15:33 . 2007-03-22 15:33 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-22 15:33 . 2007-03-22 15:33 749568 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2007-03-22 14:54 . 2007-03-22 14:54 376832 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2007-03-22 14:54 . 2007-03-22 14:54 131584 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2007-03-22 14:54 . 2007-03-22 14:54 762880 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 10:45 . 2006-08-24 10:45 150808 c:\windows\system32\rgb9rast_2.dll
+ 2007-03-22 14:55 . 2007-03-22 14:55 124928 c:\windows\system32\prntvpt.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 779800 c:\windows\system32\PresentationNative_v0300.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 350744 c:\windows\system32\PresentationHost.exe
+ 2007-10-09 07:33 . 2007-10-09 07:33 106520 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-24 07:00 . 2006-10-24 07:00 412160 c:\windows\system32\photometadatahandler.dll
+ 2004-08-04 01:07 . 2010-05-28 06:20 435760 c:\windows\system32\perfh009.dat
+ 2007-10-23 20:17 . 2007-10-23 20:17 158720 c:\windows\system32\mscorier.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 282112 c:\windows\system32\mscoree.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 579584 c:\windows\system32\icardagt.exe
+ 2009-08-23 20:48 . 2010-05-28 06:23 267800 c:\windows\system32\FNTCACHE.DAT
+ 2007-10-09 07:33 . 2007-10-09 07:33 493080 c:\windows\system32\evr.dll
+ 2007-03-23 00:37 . 2007-03-23 00:37 583504 c:\windows\system32\dllcache\XPSSHHDR.dll
+ 2007-03-22 14:55 . 2007-03-22 14:55 677376 c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe
+ 2007-10-18 21:28 . 2007-10-18 21:28 251920 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2007-11-07 13:32 . 2007-11-07 13:32 794624 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 982008 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapUI.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.3082.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2070.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1055.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1053.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1049.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1046.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1045.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1044.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1043.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1040.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1038.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1037.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1036.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1035.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1032.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1031.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1030.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1029.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1025.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 687104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsscenario.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 411136 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsbasereqs.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 627712 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs70uimgr.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 634368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.msi
+ 2007-11-07 10:56 . 2007-11-07 10:56 109568 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 130560 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.3082.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2070.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 119808 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1055.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 120320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1053.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1049.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1046.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 126976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1045.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 120320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1044.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 127488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1043.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 127488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1040.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1038.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1037.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1036.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 120832 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1035.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 136192 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1032.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 129536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1031.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1030.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 124416 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1029.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 112128 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1025.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
+ 2007-11-07 10:56 . 2007-11-07 10:56 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\HtmlLite.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 276472 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\dlmgr.dll
+ 2007-11-07 13:30 . 2007-11-07 13:30 210834 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\baseline.dat
+ 2007-11-07 13:32 . 2007-11-07 13:32 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2007-11-07 13:32 . 2007-11-07 13:32 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2007-10-09 07:28 . 2007-10-09 07:28 897024 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 121368 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2007-08-05 17:00 . 2007-08-05 17:00 797696 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 143360 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-11 04:25 . 2007-10-11 04:25 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 929792 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 122880 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-11 04:25 . 2007-10-11 04:25 102400 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 151552 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 864256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-11 04:25 . 2007-10-11 04:25 159744 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 434688 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 261120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 933888 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 741376 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 483840 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 14:28 . 2005-09-23 14:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 392696 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 119296 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 144896 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 101880 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 242688 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 340992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 348672 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 822280 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 671744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 14:29 . 2005-09-23 14:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 14:29 . 2005-09-23 14:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 572936 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 101896 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 14:28 . 2005-09-23 14:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2010-05-28 06:21 . 2010-05-28 06:21 630272 c:\windows\Installer\4afc70.msi
+ 2007-11-07 12:04 . 2007-11-07 12:04 273920 c:\windows\Installer\4972a5.msp
+ 2010-05-28 06:20 . 2010-05-28 06:20 348160 c:\windows\Installer\49729e.msi
+ 2007-11-07 09:37 . 2007-11-07 09:37 999936 c:\windows\Installer\43bd54.msp
+ 2007-11-07 09:26 . 2007-11-07 09:26 553472 c:\windows\Installer\43bd51.msp
+ 2007-11-07 09:28 . 2007-11-07 09:28 908800 c:\windows\Installer\43bd4d.msp
+ 2007-11-07 09:24 . 2007-11-07 09:24 507392 c:\windows\Installer\43bd4c.msp
+ 2010-05-28 06:12 . 2010-05-28 06:12 871424 c:\windows\Installer\43bc83.msi
+ 2010-05-28 06:35 . 2010-05-28 06:35 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2010-05-28 06:32 . 2010-05-28 06:32 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2010-05-28 06:32 . 2010-05-28 06:32 274432 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2010-05-28 06:32 . 2010-05-28 06:32 552960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2010-05-28 06:31 . 2010-05-28 06:31 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 372736 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 163840 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 517152 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 578592 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 327680 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 496672 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 159744 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 929792 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 139264 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 282624 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 667648 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 663552 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 159744 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 102400 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 897024 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 151552 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 376832 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 131072 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 184320 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 602112 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 794624 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 737280 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 346624 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-08-26 04:10 . 2012-08-26 04:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 151552 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-03-23 00:37 . 2007-03-23 00:37 1683280 c:\windows\system32\XpsSvcs.dll
+ 2010-05-28 06:18 . 2007-03-23 00:37 1683280 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2010-05-28 06:18 . 2007-03-23 00:37 1683280 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2010-05-28 06:18 . 2007-03-22 15:29 2932224 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2010-05-28 06:18 . 2007-03-22 15:29 2932224 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 00:37 . 2007-03-23 00:37 1683280 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2007-05-15 10:13 . 2007-05-15 10:13 1320800 c:\windows\system32\msxml6.dll
+ 2007-10-09 07:33 . 2007-10-09 07:33 1986072 c:\windows\system32\milcore.dll
+ 2007-03-23 00:37 . 2007-03-23 00:37 1683280 c:\windows\system32\dllcache\XpsSvcs.dll
+ 2007-11-07 13:32 . 2007-11-07 13:32 1710584 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2007-11-07 10:56 . 2007-11-07 10:56 1045504 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 1361920 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\SITSetup.dll
+ 2007-11-07 10:56 . 2007-11-07 10:56 1059328 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\gencomp.dll
+ 2007-11-07 13:32 . 2007-11-07 13:32 1545720 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2007-08-05 17:00 . 2007-08-05 17:00 2628608 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2007-08-05 17:00 . 2007-08-05 17:00 4874240 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2007-10-11 04:25 . 2007-10-11 04:25 5971968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 20:17 . 2007-10-23 20:17 2068480 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 5013504 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 5431296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 3076096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 5070848 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 3036160 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 5814784 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 4444160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 20:17 . 2007-10-23 20:17 1162744 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-11-07 12:00 . 2007-11-07 12:00 3962368 c:\windows\Installer\4972a7.msp
+ 2007-11-07 11:43 . 2007-11-07 11:43 6766592 c:\windows\Installer\4972a6.msp
+ 2007-11-07 11:56 . 2007-11-07 11:56 4340224 c:\windows\Installer\4972a3.msp
+ 2007-11-07 11:54 . 2007-11-07 11:54 5353472 c:\windows\Installer\4972a2.msp
+ 2007-11-07 11:48 . 2007-11-07 11:48 2059264 c:\windows\Installer\4972a0.msp
+ 2007-11-07 11:46 . 2007-11-07 11:46 1313280 c:\windows\Installer\49729f.msp
+ 2007-11-07 09:20 . 2007-11-07 09:20 6055936 c:\windows\Installer\43bd53.msp
+ 2007-11-07 09:30 . 2007-11-07 09:30 3407360 c:\windows\Installer\43bd52.msp
+ 2007-11-07 09:16 . 2007-11-07 09:16 3010560 c:\windows\Installer\43bd50.msp
+ 2007-11-07 09:32 . 2007-11-07 09:32 6473216 c:\windows\Installer\43bd4f.msp
+ 2007-11-07 09:42 . 2007-11-07 09:42 2533376 c:\windows\Installer\43bd4e.msp
+ 2010-05-28 06:26 . 2010-05-28 06:26 3395584 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll
+ 2010-05-28 06:25 . 2010-05-28 06:25 8265728 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2010-05-28 06:38 . 2010-05-28 06:38 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2010-05-28 06:35 . 2010-05-28 06:35 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2010-05-28 06:33 . 2010-05-28 06:33 7049216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2010-05-28 06:34 . 2010-05-28 06:34 2588672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b764aeb88006085c9cc4202662de94f6\System.Data.Linq.ni.dll
+ 2010-05-28 06:32 . 2010-05-28 06:32 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\11a9cf08e5bb06e0770b2b6bbe06df39\System.Core.ni.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 1204224 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 1635376 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 1152040 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-05-28 06:20 . 2010-05-28 06:20 1253376 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 5971968 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 5210112 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-05-28 06:16 . 2010-05-28 06:16 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-05-28 06:19 . 2010-05-28 06:19 4174336 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-05-28 06:15 . 2010-05-28 06:15 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-05-28 06:37 . 2010-05-28 06:37 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2010-05-28 06:35 . 2010-05-28 06:35 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2010-05-28 06:31 . 2010-05-28 06:31 15036416 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2010-05-28 06:29 . 2010-05-28 06:29 12570624 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
+ 2010-05-28 06:24 . 2010-05-28 06:24 11722752 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{04fdf3a8-3e31-4a2d-9a6c-ee2a944cdf45}"= "c:\program files\Sunnyprofits\tbSun1.dll" [2010-05-24 2515552]

[HKEY_CLASSES_ROOT\clsid\{04fdf3a8-3e31-4a2d-9a6c-ee2a944cdf45}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04fdf3a8-3e31-4a2d-9a6c-ee2a944cdf45}]
2010-05-24 22:35 2515552 ----a-w- c:\program files\Sunnyprofits\tbSun1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{04fdf3a8-3e31-4a2d-9a6c-ee2a944cdf45}"= "c:\program files\Sunnyprofits\tbSun1.dll" [2010-05-24 2515552]

[HKEY_CLASSES_ROOT\clsid\{04fdf3a8-3e31-4a2d-9a6c-ee2a944cdf45}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{04FDF3A8-3E31-4A2D-9A6C-EE2A944CDF45}"= "c:\program files\Sunnyprofits\tbSun1.dll" [2010-05-24 2515552]

[HKEY_CLASSES_ROOT\clsid\{04fdf3a8-3e31-4a2d-9a6c-ee2a944cdf45}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2010-01-03 91432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled\systemexplorerdisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google]
http: [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:07 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"d:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\KEATPro\\KEATPro.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\Nana\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\System Explorer\\SystemExplorer.exe"=
"c:\\Documents and Settings\\Nana\\Application Data\\Transcend\\SJelite3\\SJelite3Launch.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sup_SmartRAM.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\liton final\\liton final .exe"=
"c:\\Documents and Settings\\Nana\\My Documents\\pokemon\\1No$GBA with Extras\\No$gba\\NO$GBA.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Sharekhan\\TradeTiger\\TradeTiger.exe"=
"c:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\OneTouchAccess.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\WINDOWS\\system32\\svcs32.exe"=
"c:\\Program Files\\KEATPro\\KEATProV.exe"=
"c:\\Program Files\\Utilities\\KILLPROCESS.EXE"=
"c:\\Documents and Settings\\Nana\\Desktop\\lhtw1i8c.exe"=
"c:\\Program Files\\Cyberlink\\Shared Files\\brs.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\daemon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/8/2009 6:24 PM 717296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 32272]
S2 gupdate;Google Update Service (gupdate); [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://in.yahoo.com
uSearchURL,(Default) = hxxp://in.rd.yahoo.com/customize/ycomp/defaults/su/*http://in.yahoo.com
IE: Add to Anti-Banner
IE: Add to Banner Ad Blocker
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {78B6E95F-BFA5-40C5-9D2B-BC231B574682} = 218.248.240.181,218.248.240.134
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nana\Application Data\Mozilla\Firefox\Profiles\i5omd86s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://in.yahoo.com
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Nana\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Nana\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 12:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8236E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8596fc3
\Driver\ACPI -> ACPI.sys @ 0xf83e1cb8
\Driver\atapi -> 0x8236e1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Intel® PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8280ba0
PacketIndicateHandler -> NDIS.sys @ 0xf826fa0b
SendHandler -> NDIS.sys @ 0xf8283b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Completion time: 2010-05-28 12:35:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 07:05
ComboFix2.txt 2010-05-22 08:05

Pre-Run: 4,594,143,232 bytes free
Post-Run: 4,702,896,128 bytes free

- - End Of File - - 6C210384C5F42565855ED64BC53F00E0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users