Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton 360 blocks repeated intrusion attempts/Backdoor.Tidserv!gen5 infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 Bubumic

Bubumic

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 09 November 2010 - 05:24 PM

Hello,

This is the original post http://www.bleepingcomputer.com/forums/topic358056.html

I have done as instructed. This is the dds.txt log file:

DDS (Ver_10-11-09.01) - NTFSx86
Run by Bogdan & Silvana at 22:28:58.31 on Tue 11/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.506 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Bogdan & Silvana\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 88.98.28.60:8080
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ctfmon.exe] ctfmon.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: schannel.dll, credssp.dll, digest.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bogdan~1\applic~1\mozilla\firefox\profiles\uffaqcdr.default\
FF - prefs.js: browser.startup.homepage - www.google.ro
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\bogdan & silvana\application data\mozilla\firefox\profiles\uffaqcdr.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-31 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-11-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-31 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-31 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-10-31 126392]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-10-31 44368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-31 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101108.002\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101109.002\NAVENG.SYS [2010-11-9 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101109.002\NAVEX15.SYS [2010-11-9 1371184]

=============== Created Last 30 ================

2010-11-09 17:11:06 -------- d-----w- c:\docume~1\bogdan~1\locals~1\applic~1\SCE
2010-11-09 17:08:40 -------- d-----w- c:\program files\Sony Online Entertainment
2010-11-09 17:08:38 -------- d-----w- c:\docume~1\bogdan~1\applic~1\Sony Online Entertainment
2010-11-07 22:01:08 -------- d-----w- C:\NVIDIA
2010-11-07 19:42:33 -------- d-----w- c:\program files\Alcohol Soft
2010-11-07 12:13:22 -------- d-----w- c:\docume~1\bogdan~1\locals~1\applic~1\Yahoo
2010-11-07 11:52:46 -------- d-----w- c:\program files\Yahoo!
2010-11-06 16:17:45 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-05 23:33:23 -------- d-----w- c:\docume~1\bogdan~1\locals~1\applic~1\The Lord of the Rings Online
2010-11-05 23:31:36 -------- d-----w- c:\docume~1\bogdan~1\locals~1\applic~1\Turbine
2010-11-05 23:23:11 -------- d-----w- c:\docume~1\bogdan~1\locals~1\applic~1\ApplicationHistory
2010-11-05 23:19:35 -------- d-----w- c:\windows\system32\URTTEMP
2010-11-05 20:06:18 -------- d-----w- c:\program files\Pando Networks
2010-11-05 19:43:49 -------- d-----w- c:\windows\system32\appmgmt
2010-11-05 19:43:18 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-05 19:43:09 14048 ------w- c:\windows\system32\spmsg2.dll
2010-11-05 19:42:47 -------- d-----w- c:\windows\Logs
2010-11-05 19:35:55 -------- d-----w- c:\program files\nLite
2010-11-02 19:39:44 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-11-02 19:39:44 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2010-11-02 19:39:44 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-11-02 19:39:44 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-11-02 19:39:43 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-02 19:39:42 -------- d-----w- c:\program files\PDFCreator
2010-11-02 18:56:04 -------- d-----w- c:\docume~1\bogdan~1\locals~1\applic~1\Identities
2010-10-31 21:04:33 98816 ----a-w- c:\windows\sed.exe
2010-10-31 21:04:33 85504 ----a-w- c:\windows\MBR.exe
2010-10-31 21:04:33 256512 ----a-w- c:\windows\PEV.exe
2010-10-31 21:04:33 161792 ----a-w- c:\windows\SWREG.exe
2010-10-31 21:04:15 -------- d-s---w- C:\ComboFix

==================== Find3M ====================

2010-10-31 19:47:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-31 19:01:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 19:01:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:57:25 919552 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:57:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:57:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:48:34 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:38:48 1861888 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:05:07 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:43:28 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5001AALS-00J7B1 rev.05.00K05 -> Harddisk0\DR0 -> \Device\00000032

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866D1EC5]<<
c:\windows\system32\drivers\disk.sys
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85d51872; SUB DWORD [EBP-0x4], 0x85d5112e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86773030]
3 CLASSPNP[0xF788FFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006d[0x86764F18]
5 ACPI[0xF77E6620] -> nt!IofCallDriver[0x804E37D5] -> [0x86764030]
[0x8676DB28] -> IRP_MJ_CREATE -> 0x866D1EC5
error: Read Incorrect function.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\0000006c -> \??\IDE#DiskWDC_WD5001AALS-00J7B1___________________05.00K05#2020202057202D444D5754413456303631303131#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 22:30:39.95 ===============

I've also attached
Attached File  Attach.txt   4.88KB   2 downloads
Attached File  ark.txt   15.67KB   4 downloads

Hope I've done this right.

Thank you.

Edited by Bubumic, 10 November 2010 - 03:50 AM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 16 November 2010 - 10:00 AM

Hello Bubumic

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate.If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thank you for your patience!!

---------------------------------------------------

We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply please include the following:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Thanks!!
PW

#3 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 17 November 2010 - 12:41 PM

Hi,

Here are the log files. Unfortunately I was unable to past the content of the logs in this post. It disconnects me from the web page. Maybe they are too big. I tried to past only one of them into the reply and attach the other but this didn't work as well.

Attached File  Extras.Txt   22.59KB   3 downloads
Attached File  OTL.Txt   194.19KB   6 downloads

Thanks

Edited by Bubumic, 17 November 2010 - 12:47 PM.


#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 18 November 2010 - 09:29 AM

Hello Bubumic,

Please note that you are infected with a trojan (horse) or a Backdoor / Backdoor Server.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately:
  • Disconnect the infected computer from the internet until the computer can be cleaned.
  • From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... (Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information).
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc).

Should you have any questions, please feel free to ask. Let me know what your decision is.

If you still wish to proceed with the cleaning process please do the following

======================

Step 1.

I see you have Alcohol Soft installed. Defogger should be on your desktop. Please ensure that you still have emulation drivers disabled and do not re-enable these drivers until otherwise instructed.

Step 2.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3.

I see you have ComboFix installed. You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I would like to see the ComboFix log.

Please go to Start -> Run.
Copy and paste the following bold line in the run-box and click OK:

C:\ComboFix.txt

If a text file opens up, copy and paste the content to your reply. If there is no log please let me know.

In your next reply let me know if you wish to continue with cleaning or would rather reformat and reinstall.

If you decide to continue please include the following.

TDSSKiller log
ComboFix.txt <-- If available


Thanks!!
PW

#5 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 18 November 2010 - 01:49 PM

Hello
I have changed all my passwords. Also, I have blocked my credit card and requested my bank to issue a new one.
I have decided to try to clean this PC, if this doesn't work I'll do a complete format and reinstall all. Below is the tdsskiller log file (it found something). There is no combofix log file.

2010/11/18 20:33:43.0312 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/18 20:33:43.0312 ================================================================================
2010/11/18 20:33:43.0312 SystemInfo:
2010/11/18 20:33:43.0312
2010/11/18 20:33:43.0312 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/18 20:33:43.0312 Product type: Workstation
2010/11/18 20:33:43.0312 ComputerName: BUBII-B2EC88514
2010/11/18 20:33:43.0312 UserName: Bogdan & Silvana
2010/11/18 20:33:43.0312 Windows directory: C:\WINDOWS
2010/11/18 20:33:43.0312 System windows directory: C:\WINDOWS
2010/11/18 20:33:43.0312 Processor architecture: Intel x86
2010/11/18 20:33:43.0312 Number of processors: 1
2010/11/18 20:33:43.0312 Page size: 0x1000
2010/11/18 20:33:43.0312 Boot type: Normal boot
2010/11/18 20:33:43.0312 ================================================================================
2010/11/18 20:33:43.0546 Initialize success
2010/11/18 20:33:55.0562 ================================================================================
2010/11/18 20:33:55.0562 Scan started
2010/11/18 20:33:55.0562 Mode: Manual;
2010/11/18 20:33:55.0562 ================================================================================
2010/11/18 20:33:56.0296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/18 20:33:56.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/18 20:33:56.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/18 20:33:56.0531 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
2010/11/18 20:33:56.0703 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2010/11/18 20:33:56.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/18 20:33:57.0031 Aspi32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/11/18 20:33:57.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/18 20:33:57.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/18 20:33:57.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/18 20:33:57.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/18 20:33:57.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/18 20:33:57.0484 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/18 20:33:57.0562 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/18 20:33:57.0656 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
2010/11/18 20:33:57.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/18 20:33:57.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/18 20:33:57.0843 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/18 20:33:58.0109 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/11/18 20:33:58.0265 Disk (f171cea2cc0953d1a484a2ab726cab9d) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/18 20:33:58.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: f171cea2cc0953d1a484a2ab726cab9d, Fake md5: 03adfcac9530bb23b77b3b0a0dc7c59a
2010/11/18 20:33:58.0281 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/18 20:33:58.0328 DKRtWrt (42823617433f6f9463e627644e716358) C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
2010/11/18 20:33:58.0406 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/18 20:33:58.0468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/18 20:33:58.0515 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/18 20:33:58.0562 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/18 20:33:58.0687 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/18 20:33:58.0781 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/18 20:33:58.0828 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/11/18 20:33:58.0890 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/11/18 20:33:58.0921 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/18 20:33:59.0000 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
2010/11/18 20:33:59.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/18 20:33:59.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/18 20:33:59.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/18 20:33:59.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/18 20:33:59.0250 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/18 20:33:59.0312 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/18 20:33:59.0359 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/18 20:33:59.0421 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/18 20:33:59.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/18 20:33:59.0546 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/18 20:33:59.0671 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/18 20:33:59.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/18 20:33:59.0953 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101116.002\IDSxpx86.sys
2010/11/18 20:34:00.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/18 20:34:00.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/18 20:34:00.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/18 20:34:00.0265 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/18 20:34:00.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/18 20:34:00.0375 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/18 20:34:00.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/18 20:34:00.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/18 20:34:00.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/18 20:34:00.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/18 20:34:00.0671 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/18 20:34:00.0843 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/18 20:34:00.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/18 20:34:00.0953 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/18 20:34:01.0000 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/18 20:34:01.0078 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/18 20:34:01.0140 MRxSmb (0af15a971f120246c9eef2c46e290539) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/18 20:34:01.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/18 20:34:01.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/18 20:34:01.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/18 20:34:01.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/18 20:34:01.0406 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/18 20:34:01.0437 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/18 20:34:01.0500 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/18 20:34:01.0609 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101118.002\NAVENG.SYS
2010/11/18 20:34:01.0703 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101118.002\NAVEX15.SYS
2010/11/18 20:34:01.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/18 20:34:01.0828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/18 20:34:01.0875 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/18 20:34:01.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/18 20:34:01.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/18 20:34:02.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/18 20:34:02.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/18 20:34:02.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/18 20:34:02.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/18 20:34:02.0312 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/18 20:34:02.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/18 20:34:02.0625 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/18 20:34:02.0812 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2010/11/18 20:34:02.0859 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/18 20:34:02.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/18 20:34:02.0968 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/18 20:34:03.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/18 20:34:03.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/18 20:34:03.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/18 20:34:03.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/18 20:34:03.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/18 20:34:03.0312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/18 20:34:03.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/18 20:34:03.0750 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/18 20:34:03.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/18 20:34:04.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/18 20:34:04.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/18 20:34:04.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/18 20:34:04.0203 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/18 20:34:04.0281 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/18 20:34:04.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/18 20:34:04.0375 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/18 20:34:04.0453 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/18 20:34:04.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/18 20:34:04.0640 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/18 20:34:04.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/18 20:34:04.0781 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/18 20:34:04.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/18 20:34:04.0921 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/18 20:34:04.0984 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/11/18 20:34:05.0046 Si3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\drivers\Si3112.sys
2010/11/18 20:34:05.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/18 20:34:05.0281 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\System32\Drivers\sptd.sys
2010/11/18 20:34:05.0500 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/18 20:34:05.0593 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
2010/11/18 20:34:05.0656 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
2010/11/18 20:34:05.0718 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/18 20:34:05.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/18 20:34:05.0843 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/18 20:34:05.0984 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
2010/11/18 20:34:06.0046 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
2010/11/18 20:34:06.0109 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/18 20:34:06.0156 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
2010/11/18 20:34:06.0218 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
2010/11/18 20:34:06.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/18 20:34:06.0437 Tcpip (5ae1c2695f6523ad98b948f2887d8c5e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/18 20:34:06.0500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/18 20:34:06.0546 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/18 20:34:06.0609 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/18 20:34:06.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/18 20:34:06.0859 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2010/11/18 20:34:06.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/18 20:34:06.0984 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/18 20:34:07.0046 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/18 20:34:07.0093 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/18 20:34:07.0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/18 20:34:07.0234 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/18 20:34:07.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/18 20:34:07.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/18 20:34:07.0609 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/18 20:34:07.0656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/18 20:34:07.0859 ================================================================================
2010/11/18 20:34:07.0859 Scan finished
2010/11/18 20:34:07.0859 ================================================================================
2010/11/18 20:34:07.0906 Detected object count: 1
2010/11/18 20:35:12.0015 Disk (f171cea2cc0953d1a484a2ab726cab9d) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/18 20:35:12.0015 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: f171cea2cc0953d1a484a2ab726cab9d, Fake md5: 03adfcac9530bb23b77b3b0a0dc7c59a
2010/11/18 20:35:13.0859 Backup copy found, using it..
2010/11/18 20:35:13.0921 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured after reboot
2010/11/18 20:35:13.0921 Rootkit.Win32.TDSS.tdl3(Disk) - User select action: Cure
2010/11/18 20:35:26.0625 Deinitialize success

Thanks.

#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 18 November 2010 - 07:02 PM

Hello Bubumic,

Is your ISP in Romania?

Step 1.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-1715567821-963894560-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1715567821-963894560-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 88.98.28.60:8080
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify"=-
    "AntiVirusDisableNotify"=-
    "FirewallDisableNotify"=-
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    UpdatesDisableNotify"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DoNotAllowExceptions"=-
    
    :commands
    [EmptyTemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Step 2.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 3.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. <----Important
    Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


In your next reply please include the following:


OTLFix report
MBAM log
ComboFix.txt


Thanks!!!

Edited by pwgib, 18 November 2010 - 07:12 PM.
kitty cat on the keyboard

PW

#7 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 18 November 2010 - 08:31 PM

Hello,

Yes my ISP is in Romania. I did as instructed, these are the log files:

OTL

All processes killed
========== OTL ==========
HKU\S-1-5-21-1715567821-963894560-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1715567821-963894560-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bogdan & Silvana
->Temp folder emptied: 31744 bytes
->Temporary Internet Files folder emptied: 983174 bytes
->FireFox cache emptied: 47634730 bytes
->Flash cache emptied: 45185 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 47986 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402797 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1587936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11192010_025636

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_758.dat not found!

Registry entries deleted on Reboot...

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5148

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/19/2010 3:09:11 AM
mbam-log-2010-11-19 (03-09-11).txt

Scan type: Quick scan
Objects scanned: 133446
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

COMBOFIX

ComboFix 10-11-18.03 - Bogdan & Silvana 11/19/2010 3:18.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.753 [GMT 2:00]
Running from: c:\documents and settings\Bogdan & Silvana\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Toolbar
c:\windows\system\VB40032.DLL

.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 01:13 . 2010-11-19 01:14 -------- d-----w- C:\32788R22FWJFW
2010-11-19 00:56 . 2010-11-19 00:56 -------- d-----w- C:\_OTL
2010-11-07 22:01 . 2010-11-07 22:01 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:35 . 2008-05-07 11:12 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:57 . 2010-05-06 10:36 919552 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:57 . 2009-03-07 20:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:48 . 2010-04-20 05:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:38 . 2010-05-02 16:04 1861888 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2009-10-15 16:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:05 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:37 . 2010-01-01 07:58 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-18 12:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

------- Sigcheck -------

[-] 2010-07-17 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Games\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/31/2010 10:07 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/31/2010 10:07 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/10/2010 10:55 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/31/2010 10:07 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/31/2010 10:07 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [10/31/2010 10:07 PM 126392]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [10/31/2010 9:38 PM 44368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/31/2010 9:59 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101118.005\IDSXpx86.sys [11/19/2010 1:32 AM 341880]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/31/2010 9:01 PM 436792]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Bogdan & Silvana\Application Data\Mozilla\Firefox\Profiles\uffaqcdr.default\
FF - prefs.js: browser.startup.homepage - www.google.ro
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Bogdan & Silvana\Application Data\Mozilla\Firefox\Profiles\uffaqcdr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-19 03:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-19 03:24:13
ComboFix-quarantined-files.txt 2010-11-19 01:24

Pre-Run: 46,185,078,784 bytes free
Post-Run: 46,151,446,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

- - End Of File - - 77B78771104B31C6352A09A1F4BBC375

Thanks

Edited by Bubumic, 18 November 2010 - 08:33 PM.


#8 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 19 November 2010 - 12:24 PM

Hi Bubumic,

Step 1.

We need to check a file.
  • Click on this link--> virustotal

    Click the browse button. Copy and paste the lines in bold in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

    c:\windows\system32\drivers\tcpip.sys


    If the file has been analyzed before, click the Reanalyse File Now button.
    Please copy and paste the results of the scan in your next post.

    Step 2.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      :filefind
      *wscntfy.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Step 3.

    We need to run a Combofix Script

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
    3. Open notepad and copy/paste the text in the codebox below into it:

    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"
    
    

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    If Combofix prompts you to update the program please allow it to do so.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 4.

    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
<<Note: If ESET finds nothing there will be no log produced

In your next reply please include the following:

VirusTotal scan results
SystemLook results
ComboFix.txt
ESET scan results


How is your computer running? Any redirections/popups?

Thanks!!
PW

#9 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 19 November 2010 - 04:17 PM

Hello,

Here are:

VirusTotal results

Antivirus Version Last Update Result
AhnLab-V3 2010.11.19.00 2010.11.18 -
AntiVir 7.10.14.55 2010.11.19 -
Antiy-AVL 2.0.3.7 2010.11.19 -
Avast 4.8.1351.0 2010.11.19 -
Avast5 5.0.594.0 2010.11.19 -
AVG 9.0.0.851 2010.11.19 -
BitDefender 7.2 2010.11.19 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.19 -
Command 5.2.11.5 2010.11.19 -
Comodo 6772 2010.11.19 -
DrWeb 5.0.2.03300 2010.11.19 -
Emsisoft 5.0.0.50 2010.11.19 -
eSafe 7.0.17.0 2010.11.18 -
eTrust-Vet 36.1.7986 2010.11.19 -
F-Prot 4.6.2.117 2010.11.19 -
F-Secure 9.0.16160.0 2010.11.19 -
Fortinet 4.2.254.0 2010.11.18 -
GData 21 2010.11.19 -
Ikarus T3.1.1.90.0 2010.11.19 -
Jiangmin 13.0.900 2010.11.19 -
K7AntiVirus 9.68.3030 2010.11.19 -
Kaspersky 7.0.0.125 2010.11.19 -
McAfee 5.400.0.1158 2010.11.19 -
McAfee-GW-Edition 2010.1C 2010.11.19 -
Microsoft 1.6402 2010.11.19 -
NOD32 5634 2010.11.19 -
Norman 6.06.10 2010.11.19 -
nProtect 2010-11-19.02 2010.11.19 -
Panda 10.0.2.7 2010.11.19 -
PCTools 7.0.3.5 2010.11.19 -
Prevx 3.0 2010.11.19 -
Rising 22.74.03.08 2010.11.19 -
Sophos 4.59.0 2010.11.19 -
SUPERAntiSpyware 4.40.0.1006 2010.11.19 -
Symantec 20101.2.0.161 2010.11.19 -
TheHacker 6.7.0.1.086 2010.11.18 -
TrendMicro 9.120.0.1004 2010.11.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.19 -
VBA32 3.12.14.2 2010.11.19 -
VIPRE 7352 2010.11.19 -
ViRobot 2010.10.30.4121 2010.11.19 -
VirusBuster 13.6.50.0 2010.11.19 -
Additional information
Show all
MD5 : 5ae1c2695f6523ad98b948f2887d8c5e
SHA1 : 23bea135503911b7d570a45eb6ca51a4796e8315
SHA256: c430ae723e3988e29a7eb3ae70fbf3dae0e3a21bc041b2d12f81b85f385f5501

SystemLook

SystemLook 04.09.10 by jpshortstuff
Log created at 20:29 on 19/11/2010 by Bogdan & Silvana
Administrator - Elevation successful

========== filefind ==========

Searching for "*wscntfy.exe"
No files found.

-= EOF =-

ComboFix

I got this error: CFScript Name Error: "Were you trying to run CFScript? The name CFScript appears to be incorrectly spelt"

ESETScan

D:\Kituri\Norton 360 v4.1.0.32 Final Incl Patch\ N360_2010_OEM90_Microsoft.exe a variant of Win32/Olmarik.AFR trojan deleted - quarantined

PC works fine, in fact I did not encounter any difficulties in running programs after all this happened. No redirections or popups.

Thanks.

#10 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 20 November 2010 - 06:23 AM

Hello Bubumic,

Do you have your Microsoft Windows XP Professional sp2 installation disk or access to one you might borrow?

Let's try SystemLook again. I got in a hurry and made a mistake. I don't think there are any copies of the file on your system or ComboFix should have found them. We will look anyway.

Step 1.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind 
wscntfy.exe*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 2.

Please delete the copy of ComboFix from your desktop.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2

We need to run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\
"SfcDisable"=-



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


In your next reply please include the following:

SystemLook.txt
ComboFix.txt


Thanks!!

Edited by pwgib, 20 November 2010 - 06:35 AM.

PW

#11 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 20 November 2010 - 07:53 AM

Hello,

Yes, I do have a Microsoft Windows XP Professional SP2 installation disk.

This is SystemLook

SystemLook 04.09.10 by jpshortstuff
Log created at 14:43 on 20/11/2010 by Bogdan & Silvana
Administrator - Elevation successful

========== filefind ==========

Searching for "wscntfy.exe*"
No files found.

-= EOF =-

The ComboFix gives me the same error as before.

Would it be easier to repartition and reformat entire HDD?

Thanks.

Edited by Bubumic, 21 November 2010 - 04:37 AM.


#12 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 20 November 2010 - 09:14 AM

Hello Bubumic ,

Let's take care of one issue then we will take care of the others this evening or tomorrow. :)

Step 1.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

For Windows Vista /Windows 7 you will need to turn off User Account Control

http://www.howtogeek.com/howto/windows-vista/disable-user-account-control-uac-the-easy-way-on-windows-vista/


Step 2.

Copy the entire contents inside the code box, and Paste it into Notepad ( this will only work with Notepad ).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
"SFCDisable"=dword:00000000
Name the file Regfix.reg and in the drop down box, save it as All Files.
Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Thanks!!
PW

#13 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 21 November 2010 - 04:35 AM

Hello mate,

I did everything as instructed. All went well.

Thanks!

#14 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:12:22 AM

Posted 21 November 2010 - 12:39 PM

Hello Bubumic,

Would it be easier to repartition and reformat entire HDD?

This is entirely up to you. A good format and reinstall can fix a lot of issues especially when a rootkit has been on your system. Note that because of the vulnerabilities exploited by the rootkit that after we have taken care of all your issues the security of your computer can not be guaranteed. :wink:

Let me know what you decide. If you wish to continue please perform the following operation.

We need to replace a file from your Windows CD and use the Recovery Console to install it.

Before we start, print these instructions.

  • Insert the Windows XP CD into your CD drive (D:\)
  • Reboot.
  • On the way back up, select Recovery Console from the startup options menu (if your computer asks you to press any key to boot from CD, ignore it and do nothing).
  • If you need to select the installation, select '1'.
  • If prompted for an Admin password, type it in, or press Enter if there is none.
When the Recovery Console is up-
  • Key in the following command lines and press enter after each line -

    set allowallpaths = true
    set allowremovablemedia = true

    If you get a mesage about the set command being disabled after those two lines, just continue

    Type map and press enter. Note down what the drive letter of your CD drive is.

    Now type the following lines and press enter after each one. If your CD drive letter is not D:\, replace the D in the lines below with the correct letter.
    expand d:\i386\wscntfy.ex_ c:\windows\system32 <-- you should see: 1 file(s) expanded
    exit

  • Reboot into Normal mode

Let's try ComboFix again.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. http://www.bleepingcomputer.com/forums/topic114351.html

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your next reply please include the following:

ComboFix.txt


Any problems? Is your computer running OK?


Thanks!!
PW

#15 Bubumic

Bubumic
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 21 November 2010 - 04:03 PM

Hello,

This is ComboFix log:

ComboFix 10-11-21.01 - Bogdan & Silvana 11/21/2010 22:47:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.743 [GMT 2:00]
Running from: c:\documents and settings\Bogdan & Silvana\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-19 00:56 . 2010-11-19 00:56 -------- d-----w- C:\_OTL
2010-11-07 22:01 . 2010-11-07 22:01 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:35 . 2008-05-07 11:12 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:57 . 2010-05-06 10:36 919552 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:57 . 2009-03-07 20:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:48 . 2010-04-20 05:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:38 . 2010-05-02 16:04 1861888 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2009-10-15 16:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:05 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:37 . 2010-01-01 07:58 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-18 12:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

------- Sigcheck -------

[-] 2010-07-17 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-19_01.22.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-11-21 20:47 . 2010-11-21 20:47 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
+ 2010-11-21 20:46 . 2010-11-21 20:46 16384 c:\windows\Temp\Perflib_Perfdata_14c.dat
+ 2008-07-29 19:10 . 2008-07-29 19:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2010-10-31 19:35 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
- 2010-10-31 19:35 . 2007-07-27 21:11 26488 c:\windows\system32\spupdsvc.exe
+ 2010-11-05 19:43 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
- 2010-10-31 19:32 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-10-31 19:32 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2010-11-21 09:53 . 2010-11-21 09:53 14624 c:\windows\system32\RW_FileType.dat
+ 2010-11-21 09:53 . 2010-11-21 09:53 31704 c:\windows\system32\RW_AppData.dat
+ 2010-03-24 22:08 . 2010-03-24 22:08 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2008-04-14 12:00 . 2010-11-21 09:52 71002 c:\windows\system32\perfc009.dat
+ 2009-11-06 23:07 . 2009-11-06 23:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-05 20:17 . 2009-11-05 20:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 83968 c:\windows\system32\mscories.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 11264 c:\windows\system32\icardres.dll
- 2010-10-31 20:51 . 2010-11-07 07:28 98256 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-31 20:51 . 2010-11-20 12:34 98256 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 19:10 . 2008-07-29 19:10 73720 c:\windows\system32\dxva2.dll
+ 2006-10-14 14:43 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
- 2010-10-31 19:00 . 2010-10-31 19:13 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2010-10-31 19:00 . 2010-11-20 11:03 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2008-07-29 21:40 . 2008-07-29 21:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 19:10 . 2008-07-29 19:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-20 19:21 . 2006-10-20 19:21 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 17:59 . 2008-07-29 17:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 19:10 . 2008-07-29 19:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 17:32 . 2008-07-29 17:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2010-04-07 21:57 . 2010-04-07 21:57 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2010-04-07 21:57 . 2010-04-07 21:57 17256 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 09:17 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2010-09-22 07:43 . 2010-09-22 07:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 05:28 . 2005-09-23 05:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2010-09-23 13:55 . 2010-09-23 13:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 00:26 . 2010-09-23 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 17:09 . 2003-02-20 17:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 00:26 . 2010-09-23 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:32 . 2004-07-14 22:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 00:26 . 2010-09-23 00:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 01:17 . 2010-09-23 01:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 17:19 . 2003-02-20 17:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-09-23 01:17 . 2010-09-23 01:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-06 23:07 . 2009-11-06 23:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-29 19:07 . 2008-07-29 19:07 23040 c:\windows\Installer\d1b160.msp
+ 2010-11-20 11:57 . 2010-11-20 11:57 88576 c:\windows\Installer\cf4f9b.msi
+ 2006-10-20 19:29 . 2006-10-20 19:29 20768 c:\windows\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PresentationHostProxy_X86.dll
+ 2006-10-20 19:29 . 2006-10-20 19:29 72992 c:\windows\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PenIMC_X86.dll
+ 2010-11-20 11:58 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2010-11-19 01:28 . 2010-11-19 01:28 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2d80c16f\System.Drawing.Design.dll
+ 2010-11-19 01:28 . 2010-11-19 01:28 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4358185c\CustomMarshalers.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a7885577f5243fb411af0e34bc948ed5\UIAutomationProvider.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\a91d8d6948c47badcc938b37cb4b51d8\PresentationFontCache.ni.exe
+ 2010-11-21 16:56 . 2010-11-21 16:56 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b9236504e0b2137b8e511f3e85909856\PresentationCFFRasterizer.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-11-21 09:45 . 2010-11-21 09:45 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2010-11-20 11:58 . 2010-11-20 11:58 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2010-11-06 16:17 . 2010-11-06 16:17 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-19 01:27 . 2010-11-19 01:27 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-31 19:00 . 2010-10-31 19:13 2850 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2010-10-31 19:00 . 2010-11-20 11:03 2850 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-07-29 21:40 . 2008-07-29 21:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 05:29 . 2005-09-23 05:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2010-11-20 11:59 . 2010-11-20 11:59 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-29 19:26 . 2008-07-29 19:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-10-14 18:21 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2009-09-14 17:05 . 2009-09-14 17:05 374064 c:\windows\system32\twnlib4.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2006-10-14 14:44 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2006-10-14 14:40 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-14 14:42 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2006-10-14 14:42 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2006-10-14 14:42 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2006-10-14 14:43 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-10-14 14:43 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-29 17:59 . 2008-07-29 17:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2010-03-24 22:04 . 2010-03-24 22:04 295264 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 17:59 . 2008-07-29 17:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2008-04-14 12:00 . 2010-11-21 09:52 440684 c:\windows\system32\perfh009.dat
+ 2008-07-25 09:16 . 2008-07-25 09:16 158720 c:\windows\system32\mscorier.dll
+ 2009-11-05 20:17 . 2009-11-05 20:17 297808 c:\windows\system32\mscoree.dll
+ 2009-09-14 17:05 . 2009-09-14 17:05 808240 c:\windows\system32\imagxra7.dll
+ 2009-09-14 17:05 . 2009-09-14 17:05 263472 c:\windows\system32\imagxr7.dll
+ 2009-09-14 17:04 . 2009-09-14 17:04 497296 c:\windows\system32\imagxpr7.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 622080 c:\windows\system32\icardagt.exe
+ 2008-07-29 19:10 . 2008-07-29 19:10 493048 c:\windows\system32\evr.dll
+ 2006-10-14 18:21 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2006-10-14 14:44 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 21:40 . 2008-07-29 21:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 16:47 . 2008-07-29 16:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 16:47 . 2008-07-29 16:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 21:15 . 2008-07-29 21:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 21:40 . 2008-07-29 21:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 18:35 . 2008-07-29 18:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2010-03-24 22:08 . 2010-03-24 22:08 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2010-04-07 21:57 . 2010-04-07 21:57 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2010-04-07 21:57 . 2010-04-07 21:57 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 17:16 . 2008-07-29 17:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 17:16 . 2008-07-29 17:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 17:24 . 2008-07-29 17:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 17:16 . 2008-07-29 17:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2010-09-22 07:43 . 2010-09-22 07:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2010-02-09 10:22 . 2010-02-09 10:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 02:59 . 2008-11-25 02:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 02:59 . 2008-11-25 02:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 05:29 . 2005-09-23 05:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 05:29 . 2005-09-23 05:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 05:28 . 2005-09-23 05:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 09:16 . 2008-07-25 09:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 09:17 . 2008-07-25 09:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2004-07-14 22:33 . 2004-07-14 22:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 00:26 . 2010-09-23 00:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 00:25 . 2010-09-23 00:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:25 . 2004-07-14 22:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 01:17 . 2010-09-23 01:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49 . 2004-07-14 23:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\d2a97f.msp
+ 2010-11-20 11:59 . 2010-11-20 11:59 648192 c:\windows\Installer\d2a959.msi
+ 2008-07-29 19:23 . 2008-07-29 19:23 250880 c:\windows\Installer\d1b169.msp
+ 2008-07-29 19:28 . 2008-07-29 19:28 278016 c:\windows\Installer\d1b167.msp
+ 2008-07-29 17:40 . 2008-07-29 17:40 291840 c:\windows\Installer\d1b165.msp
+ 2010-11-20 11:59 . 2010-11-20 11:59 137728 c:\windows\Installer\d1b15f.msi
+ 2008-07-29 15:35 . 2008-07-29 15:35 553472 c:\windows\Installer\cf4fa0.msp
+ 2008-07-29 15:33 . 2008-07-29 15:33 506368 c:\windows\Installer\cf4f9e.msp
+ 2008-07-29 15:37 . 2008-07-29 15:37 911360 c:\windows\Installer\cf4f9d.msp
+ 2010-09-23 19:02 . 2010-09-23 19:02 798208 c:\windows\Installer\ccd01.msp
+ 2009-03-20 09:48 . 2009-03-20 09:48 183808 c:\windows\Installer\ccce0.msp
+ 2010-02-24 22:14 . 2010-02-24 22:14 543232 c:\windows\Installer\ccca2.msp
+ 2010-11-20 14:20 . 2010-11-20 14:20 228352 c:\windows\Installer\61ceb7.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 312616 c:\windows\Installer\{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}\ARPPRODUCTICON.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 300328 c:\windows\Installer\{C3580AC4-C827-4332-B935-9A282ED5BB97}\ARPPRODUCTICON.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 587048 c:\windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_FF88F478D1E748AC86035D457D563142.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 587048 c:\windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 587048 c:\windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ARPPRODUCTICON.exe
+ 2010-11-20 14:25 . 2010-11-20 14:25 587048 c:\windows\Installer\{70550193-1C22-445C-8FA4-564E155DB1A7}\NeroExpress.exe_81A8FD91A6494AD5B4998149EAAC7E7C.exe
+ 2010-11-20 14:25 . 2010-11-20 14:25 587048 c:\windows\Installer\{70550193-1C22-445C-8FA4-564E155DB1A7}\ARPPRODUCTICON.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ARPPRODUCTICON.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 312616 c:\windows\Installer\{63AA3EAB-23BB-48B2-9AD0-44F878075604}\ARPPRODUCTICON.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 300328 c:\windows\Installer\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}\ARPPRODUCTICON.exe
+ 2010-11-20 14:24 . 2010-11-20 14:24 300328 c:\windows\Installer\{237CCB62-8454-43E3-B158-3ACD0134852E}\ARPPRODUCTICON.exe
+ 2006-10-20 19:29 . 2006-10-20 19:29 304928 c:\windows\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\XPSViewer_X86.exe
+ 2006-10-20 19:29 . 2006-10-20 19:29 106272 c:\windows\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PresentationHostDLL_X86.dll
+ 2006-10-20 19:29 . 2006-10-20 19:29 344352 c:\windows\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\PresentationHost_X86.exe
+ 2010-11-20 11:58 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2010-11-20 11:58 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2010-11-20 11:58 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2010-11-20 11:58 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2010-11-20 11:58 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f0c5ae67\System.Drawing.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_34f665ae\System.Drawing.Design.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_aafa886c\CustomMarshalers.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f14143a5dd231c2157a92e0a948a8cb3\WindowsFormsIntegration.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\657bb134051fad00b8a123a738167f78\UIAutomationClient.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-11-21 19:08 . 2010-11-21 19:08 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7590cef249cbced892e5ae88a460ee7e\System.IO.Log.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 226816 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\93474c13286981f7aa002aa92edcc771\PresentationFramework.Classic.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\491c71bb5686e1ccefa6fd694c0478b8\PresentationFramework.Luna.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\25e463a6e69afa1a027b361cad12f8b9\PresentationFramework.Royale.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\11232e6f1be07051680169bcba605dcc\PresentationFramework.Aero.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-11-20 12:02 . 2010-11-20 12:02 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-11-20 12:02 . 2010-11-20 12:02 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2010-11-06 16:17 . 2010-11-06 16:17 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-21 09:45 . 2010-11-21 09:45 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2010-11-06 16:17 . 2010-11-06 16:17 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-11-21 09:45 . 2010-11-21 09:45 442368 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2010-11-06 16:17 . 2010-11-06 16:17 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-20 12:02 . 2010-11-20 12:02 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-11-20 12:02 . 2010-11-20 12:02 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-21 09:45 . 2010-11-21 09:45 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2010-11-06 16:17 . 2010-11-06 16:17 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-11-05 19:33 . 2010-11-05 19:33 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2006-10-14 18:22 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2010-11-05 19:43 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2010-11-05 19:43 . 2008-07-06 15:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2010-11-05 19:43 . 2008-07-06 15:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2006-10-14 18:22 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2009-09-14 17:05 . 2009-09-14 17:05 1762608 c:\windows\system32\imagx7.dll
+ 2006-10-14 18:22 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2009-11-06 23:06 . 2009-11-06 23:06 1130824 c:\windows\system32\dfshim.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 16:47 . 2008-07-29 16:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 16:47 . 2008-07-29 16:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 21:40 . 2008-07-29 21:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 17:35 . 2008-12-05 17:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2010-04-07 21:57 . 2010-04-07 21:57 5988352 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 02:59 . 2008-11-25 02:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2010-09-22 07:44 . 2010-09-22 07:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 09:17 . 2008-07-25 09:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 04:40 . 2010-05-11 04:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 09:16 . 2008-07-25 09:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2010-09-23 13:55 . 2010-09-23 13:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 13:55 . 2010-09-23 13:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 00:26 . 2010-09-23 00:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 00:25 . 2010-09-23 00:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 13:55 . 2010-09-23 13:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-12-13 07:57 . 2008-12-13 07:57 8397824 c:\windows\Installer\d2a968.msp
+ 2008-07-29 17:26 . 2008-07-29 17:26 1043456 c:\windows\Installer\d1b168.msp
+ 2008-07-29 18:37 . 2008-07-29 18:37 2679808 c:\windows\Installer\d1b166.msp
+ 2008-07-29 19:15 . 2008-07-29 19:15 3697664 c:\windows\Installer\d1b164.msp
+ 2008-07-29 17:34 . 2008-07-29 17:34 1448448 c:\windows\Installer\d1b163.msp
+ 2008-07-29 18:22 . 2008-07-29 18:22 4137984 c:\windows\Installer\d1b162.msp
+ 2008-07-29 17:18 . 2008-07-29 17:18 3376640 c:\windows\Installer\d1b161.msp
+ 2008-07-29 15:45 . 2008-07-29 15:45 2543616 c:\windows\Installer\cf4fa4.msp
+ 2008-07-29 15:29 . 2008-07-29 15:29 2926080 c:\windows\Installer\cf4fa3.msp
+ 2008-07-29 15:41 . 2008-07-29 15:41 6487040 c:\windows\Installer\cf4fa2.msp
+ 2008-07-29 15:39 . 2008-07-29 15:39 3403264 c:\windows\Installer\cf4fa1.msp
+ 2008-07-29 15:43 . 2008-07-29 15:43 1013248 c:\windows\Installer\cf4f9f.msp
+ 2008-07-29 15:31 . 2008-07-29 15:31 6083072 c:\windows\Installer\cf4f9c.msp
+ 2009-11-08 22:25 . 2009-11-08 22:25 1935360 c:\windows\Installer\cccf9.msp
+ 2010-09-23 05:39 . 2010-09-23 05:39 4265472 c:\windows\Installer\cccca.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\cccaf.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\cccae.msp
+ 2010-11-20 14:25 . 2010-11-20 14:25 8776704 c:\windows\Installer\61cf0a.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 1246720 c:\windows\Installer\61cefa.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 1228800 c:\windows\Installer\61cef2.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 1095168 c:\windows\Installer\61ceea.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 1083392 c:\windows\Installer\61cee2.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 7264768 c:\windows\Installer\61ceda.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 2051072 c:\windows\Installer\61ced2.msi
+ 2010-11-20 14:24 . 2010-11-20 14:24 9586688 c:\windows\Installer\61cecb.msi
+ 2010-03-24 22:45 . 2010-03-24 22:45 3638272 c:\windows\Installer\61cec5.msp
+ 2010-03-24 22:48 . 2010-03-24 22:48 7878656 c:\windows\Installer\61cec4.msp
+ 2010-11-20 08:12 . 2010-11-20 08:12 2283008 c:\windows\Installer\2b84f.msi
+ 2008-12-05 17:30 . 2008-12-05 17:30 5283840 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_x86.dll
+ 2010-11-20 12:02 . 2010-11-20 12:02 5283840 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_GAC_x86.dll
+ 2010-11-19 01:28 . 2010-11-19 01:28 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_47495d7d\System.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_07872b7d\System.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a9748768\System.Xml.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6db1b79b\System.Xml.dll
+ 2010-11-19 01:28 . 2010-11-19 01:28 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_cbdcc1a6\System.Windows.Forms.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ae9ca4ae\System.Windows.Forms.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_befcbb69\System.Drawing.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ff732dc9\System.Design.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_08157538\System.Design.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fbb06951\mscorlib.dll
+ 2010-11-19 01:29 . 2010-11-19 01:29 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_76815a31\mscorlib.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 3346944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1aa14d2749342ebbd643bf06c6817c3e\WindowsBase.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\3d1f18c581e345c5f96042ba961418bc\UIAutomationClientsideProviders.ni.dll
+ 2010-11-21 09:49 . 2010-11-21 09:49 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D6.tmp\System.dll
+ 2010-11-21 09:53 . 2010-11-21 09:53 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-11-21 19:09 . 2010-11-21 19:09 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb02f4c55bd1221dff95b8f47028b110\System.Runtime.Serialization.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 1039872 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\079dab74259760fb9b514fe90c8a3d69\System.Printing.ni.dll
+ 2010-11-21 19:08 . 2010-11-21 19:08 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\76bfd39192229553f41ce5b47e612e85\System.IdentityModel.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44c365291bef4d0b6405e36aed6946c0\System.Data.Linq.ni.dll
+ 2010-11-21 16:59 . 2010-11-21 16:59 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 2132480 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\060d796704d1b7c0a96730a172387366\ReachFramework.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87779b2601c4dc647c654cabd404747f\PresentationUI.ni.dll
+ 2010-11-21 16:56 . 2010-11-21 16:56 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-11-20 14:21 . 2010-11-20 14:21 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-11-20 11:58 . 2010-11-20 11:58 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-11-21 09:45 . 2010-11-21 09:45 5988352 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-20 11:59 . 2010-11-20 11:59 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-11-20 14:21 . 2010-11-20 14:21 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-20 14:21 . 2010-11-20 14:21 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-11-21 09:52 . 2010-11-21 09:52 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-19 01:27 . 2010-11-19 01:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-11-19 01:27 . 2010-11-19 01:27 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-07-13 11:26 . 2010-11-19 01:28 35758536 c:\windows\system32\mrt.exe
+ 2010-09-24 12:08 . 2010-09-24 12:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2008-12-13 08:21 . 2008-12-13 08:21 10473472 c:\windows\Installer\d2a973.msp
+ 2010-05-19 11:08 . 2010-05-19 11:08 11408896 c:\windows\Installer\cccd5.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\cccbf.msp
+ 2010-09-24 05:08 . 2010-09-24 05:08 17518080 c:\windows\Installer\8a395.msp
+ 2010-11-20 14:24 . 2010-11-20 14:24 11738624 c:\windows\Installer\61cf02.msi
+ 2010-11-20 12:01 . 2010-11-20 12:01 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP311.tmp\mscorlib.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-11-21 16:58 . 2010-11-21 16:58 14337536 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3a9198b4a3d03ee363efdb8f981c936f\PresentationFramework.ni.dll
+ 2010-11-21 16:57 . 2010-11-21 16:57 12236288 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f3e4034fe857abe4d652af143c0b5bc1\PresentationCore.ni.dll
+ 2010-11-21 09:51 . 2010-11-21 09:51 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Games\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/31/2010 10:07 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/31/2010 10:07 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/10/2010 10:55 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/31/2010 10:07 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/31/2010 10:07 PM 116784]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 2:00 PM 14336]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [10/31/2010 10:07 PM 126392]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [10/31/2010 9:38 PM 44368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/31/2010 9:59 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101119.001\IDSXpx86.sys [11/20/2010 10:21 AM 341880]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/31/2010 9:01 PM 436792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Bogdan & Silvana\Application Data\Mozilla\Firefox\Profiles\uffaqcdr.default\
FF - prefs.js: browser.startup.homepage - www.google.ro
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Bogdan & Silvana\Application Data\Mozilla\Firefox\Profiles\uffaqcdr.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-21 22:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_4176eef.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_4176eef.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-21 22:53:07
ComboFix-quarantined-files.txt 2010-11-21 20:53
ComboFix2.txt 2010-11-19 01:24

Pre-Run: 41,778,024,448 bytes free
Post-Run: 43,770,986,496 bytes free

- - End Of File - - 338E9830672765DFDE2BB842E1E47704


Computer seems to work fine. Somewhat a little slower than before but I guess it has to do with all these tests that I've done so far. I observed that autoplay is not working (when inserting a cd or dvd). The other day my boy wanted to play a game from his cd (it's educational kit that requires no install), a game that uses abode reader but it's not working anymore. I just thought I should tell you about these things though I don't believe they are of big importance :)

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users