Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will not restart after trojan removal


  • This topic is locked This topic is locked
26 replies to this topic

#1 bflora

bflora

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 17 December 2012 - 09:20 AM

I was trying to install a sims 3 game on the computer for my son and found that the dvd would not start autorun and not read the disc. I tried several times to start manually with no luck. When i went online to research the problem, the computer would constantly freeze for several minutes. Also when I opened up my computer or looked at at properties for the computer it would freeze up. After awhile I couldn't get the task manager to start. I downloaded malwarebytes free program and tried to scan for a virus or trojan but the computer would only freeze. I restarted the computer in safe mode and ran the scan again. This time malwarebytes found 24 problems. Some were Trojans and most of them were pup mywebsearch. I had malwarebytes remove them and was told that I needed to restart the computer. I did that and it would not restart. I tried to use startup recovery and run system restore but got an error message that said there were no restore points. Then I tried to use the recovery particon on the hard drive but that failed also.

Edited by hamluis, 17 December 2012 - 11:26 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:15 PM

Posted 17 December 2012 - 11:35 AM

I have let the mods know that you cant get your pc to boot. Someone will be with you shortly.

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:15 PM

Posted 17 December 2012 - 01:32 PM

:welcome:

Lets give it a try. You will need a USB Flash drive.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:15 PM

Posted 17 December 2012 - 01:44 PM

Hi,

Just want to let you know I have moved this topic to the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay. :thumbup2:

Best regards,

bloopie

#5 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 25 December 2012 - 11:54 AM

Sorry, that its taking so long to return and post a reply. I was finaly able to use the farbar recovery scan tool on the computer.I know that this is Christmas so I don't expect a reply right away. Here is the printout from the scan tool:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 14 days old)
Ran by SYSTEM at 25-12-2012 09:51:07
Running from J:\
(X86) OS Language: English(US)
Attention: Could not load system hive.The operation completed successfully.

==================== Registry (Whitelisted) ===================

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-25 09:50 - 2012-12-25 09:51 - 00000000 ____D C:\FRST
2012-12-23 07:17 - 2012-12-17 12:20 - 01461033 ____A (Farbar) C:\Users\Public\Documents\FRST64.exe
2012-12-23 07:16 - 2012-12-23 07:16 - 00000000 ____D C:\Users\Public\Documents\farbar 64 bit
2012-12-23 07:16 - 2012-12-17 12:19 - 00907992 ____A (Farbar) C:\Users\Public\Documents\FRST.exe
2012-12-17 05:54 - 2012-12-17 05:54 - 00000010 ____A C:\MOVE_RECOVERY
2012-12-17 05:49 - 2012-12-17 05:49 - 00000000 ____D C:\BACKUP


==================== One Month Modified Files and Folders ========

2012-12-25 09:51 - 2012-12-25 09:50 - 00000000 ____D C:\FRST
2012-12-23 08:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2012-12-23 07:16 - 2012-12-23 07:16 - 00000000 ____D C:\Users\Public\Documents\farbar 64 bit
2012-12-17 12:20 - 2012-12-23 07:17 - 01461033 ____A (Farbar) C:\Users\Public\Documents\FRST64.exe
2012-12-17 12:19 - 2012-12-23 07:16 - 00907992 ____A (Farbar) C:\Users\Public\Documents\FRST.exe
2012-12-17 06:14 - 2006-11-02 05:03 - 00000000 ____D C:\users\Administrator
2012-12-17 06:14 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2012-12-17 06:14 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2012-12-17 06:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2012-12-17 06:14 - 2006-06-11 16:01 - 00000000 ____D C:\Windows\OPTIONS
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\MSN
2012-12-17 06:13 - 2006-06-11 16:01 - 00000000 ____D C:\Program Files\SIFXINST
2012-12-17 06:11 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker
2012-12-17 06:11 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2012-12-17 06:11 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\Services
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\WindowsMobile
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\winrm
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\WCN
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\slmgr
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\Branding
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\Performance
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Users\Public\Recorded TV
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\MSBuild
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Microsoft Games
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Web
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\winevt
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Speech
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SMI
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\RemInst
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\networklist
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\MUI
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\licensing
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\IME
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\com
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Speech
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\security
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\schemas
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Resources
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Registration
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Provisioning
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\PLA
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\nap
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Branding
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Windows NT
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-12-17 06:09 - 2006-06-11 16:36 - 00000000 ____D C:\Windows\Panther
2012-12-17 06:09 - 2006-06-11 16:01 - 00000000 ____D C:\Program Files\Common Files\New Boundary
2012-12-17 05:54 - 2012-12-17 05:54 - 00000010 ____A C:\MOVE_RECOVERY
2012-12-17 05:49 - 2012-12-17 05:49 - 00000000 ____D C:\BACKUP


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================

Restore point made on: 2012-12-23 07:20:05
Restore point made on: 2012-12-24 14:52:51
Restore point made on: 2012-12-25 05:06:16

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3069.88 MB
Available physical RAM: 2718.73 MB
Total Pagefile: 2852.93 MB
Available Pagefile: 2713.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.94 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:432.05 GB) (Free:275.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:33.71 GB) (Free:27.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (CD_ROM) (CDROM) (Total:2.53 GB) (Free:0 GB) CDFS
8 Drive j: (KINGSTON) (Removable) (Total:14.53 GB) (Free:13.86 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 34 GB 32 KB
Partition 2 Primary 432 GB 34 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 34 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 432 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 4032 KB

=========================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 J KINGSTON FAT32 Removable 15 GB Healthy

=========================================================
==================== End Of Log ============================

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:15 PM

Posted 25 December 2012 - 12:38 PM

That version of FRST is too old. Please download the latest one.

:step1:

First lets see the contents of the listed partitions:

Download the enclosed file.

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

:step2:

Second, we will take a look at the structure of those partitions:

For x86 (x32) bit systems please download Listparts

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 27 December 2012 - 09:35 AM

Thanks,
I'm at work today and it will most likely be Sat. or Sunday before I get a chance to try this.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:15 PM

Posted 27 December 2012 - 01:15 PM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 30 December 2012 - 09:50 AM

Here is the fixlog that I just ran. Below will be the result.txt



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2012
Ran by SYSTEM at 2012-12-30 09:23:03 Run:1
Running from F:\

==============================================


========= Dir /a:hd c:\ =========

Volume in drive C has no label.
Volume Serial Number is DCB9-CC63

Directory of c:\

12/23/2012 06:52 AM <DIR> $RECYCLE.BIN
12/17/2012 06:10 AM <DIR> Boot
12/17/2012 06:09 AM <DIR> ProgramData
12/25/2012 05:06 AM <DIR> System Volume Information
0 File(s) 0 bytes
4 Dir(s) 296,967,192,576 bytes free

========= End of CMD: =========


========= Dir /a:hd d:\ =========

Volume in drive D is RECOVERY
Volume Serial Number is D26A-4024

Directory of d:\

12/23/2012 06:52 AM <DIR> $RECYCLE.BIN
05/20/2007 11:09 PM <DIR> Boot
05/20/2007 11:09 PM <DIR> i386
02/03/2008 07:35 AM <DIR> PRELOAD
05/20/2007 11:09 PM <DIR> Program Files
05/20/2007 11:09 PM <DIR> ProgramData
05/20/2007 11:09 PM <DIR> sources
05/20/2007 11:09 PM <DIR> System Recovery
12/25/2012 05:06 AM <DIR> System Volume Information
05/20/2007 11:09 PM <DIR> UPDGOI
05/20/2007 11:09 PM <DIR> Users
12/16/2012 11:57 PM <DIR> Windows
0 File(s) 0 bytes
12 Dir(s) 29,942,444,032 bytes free

========= End of CMD: =========


========= Dir /a:hd c:\windows =========

Volume in drive C has no label.
Volume Serial Number is DCB9-CC63

Directory of c:\windows

File Not Found

========= End of CMD: =========


========= Dir /a:hd d:\windows =========

Volume in drive D is RECOVERY
Volume Serial Number is D26A-4024

Directory of d:\windows

12/16/2012 11:57 PM <DIR> .
12/16/2012 11:57 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 29,942,444,032 bytes free

========= End of CMD: =========


==== End of Fixlog ====




ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 30-12-2012 at 09:25:59
Windows Vista (X86)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 3069.88 MB
Available physical RAM: 2725.02 MB
Total Pagefile: 2852.93 MB
Available Pagefile: 2719.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.57 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:432.05 GB) (Free:275.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:33.71 GB) (Free:27.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (CD_ROM) (CDROM) (Total:2.53 GB) (Free:0 GB) CDFS
4 Drive f: (KINGSTON) (Removable) (Total:14.53 GB) (Free:13.86 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 Online 15 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 34 GB 32 KB
Partition 2 Primary 432 GB 34 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 34 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 432 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F KINGSTON FAT32 Removable 15 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device boot
description Windows Boot Manager
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {6dfc5cb0-f9ab-11da-ae34-df1fe3e76dcf}
displayorder {6dfc5cb0-f9ab-11da-ae34-df1fe3e76dcf}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {6dfc5cb0-f9ab-11da-ae34-df1fe3e76dcf}
device boot
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-us
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice boot
systemroot \Windows
resumeobject {6dfc5cb1-f9ab-11da-ae34-df1fe3e76dcf}
nx OptIn
detecthal Yes

Windows Boot Loader
-------------------
identifier {8df3ecad-4d1f-11e2-ae4f-e971a7bd47c4}
device partition=D:
path \Windows\system32\boot\winload.exe
description Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered)
osdevice partition=D:
systemroot \Windows
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {6dfc5cb1-f9ab-11da-ae34-df1fe3e76dcf}
device unknown
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filepath \hiberfil.sys
pae No
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device boot
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}


****** End Of Log ******

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:15 PM

Posted 30 December 2012 - 10:47 AM

The boot configuration data seems corrupted. Did you ever tried to rebuild the BCD? I will make some changes in it and see how it goes.

Download the enclosed file.

Save it next to FRST, overwriting the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. Let me know if successful and if any error message is returned at boot.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 30 December 2012 - 11:54 AM

I tried to boot the computer but it will not. I get this:
File: \windows\system32\winload.exe
Status: 0xc000000f
Info: The selected entry could not be loaded because the application is missing of corrupt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2012
Ran by SYSTEM at 2012-12-30 11:33:25 Run:2
Running from J:\

==============================================


========= bcdedit /export C:\bcdbackup =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {9dea862c-5cdd-4e70-acc1-f32b344d4795} device partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {9dea862c-5cdd-4e70-acc1-f32b344d4795} path \bootmgr =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {6dfc5cb0-f9ab-11da-ae34-df1fe3e76dcf} device partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {6dfc5cb0-f9ab-11da-ae34-df1fe3e76dcf} osdevice partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {6dfc5cb1-f9ab-11da-ae34-df1fe3e76dcf} device partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {b2721d73-1db4-4c62-bf78-c548a880142d} device partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /set {466f5a88-0af2-4f76-9038-095b170dc21c} device partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /enum all =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-us
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {6dfc5cb1-f9ab-11da-ae34-df1fe3e76dcf}
nx OptIn
detecthal Yes

Windows Boot Loader
-------------------
identifier {8df3ecad-4d1f-11e2-ae4f-e971a7bd47c4}
device partition=D:
path \Windows\system32\boot\winload.exe
description Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered)
osdevice partition=D:
systemroot \Windows
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {6dfc5cb1-f9ab-11da-ae34-df1fe3e76dcf}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {resumeloadersettings}
filepath \hiberfil.sys
pae No
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

========= End of CMD: =========


========= Dir /a c:\ =========

Volume in drive C has no label.
Volume Serial Number is DCB9-CC63

Directory of c:\

12/23/2012 06:52 AM <DIR> $RECYCLE.BIN
09/18/2006 01:43 PM 24 autoexec.bat
12/17/2012 05:49 AM <DIR> BACKUP
12/30/2012 11:33 AM 24,576 bcdbackup
12/30/2012 11:33 AM 21,504 bcdbackup.LOG
12/30/2012 11:33 AM 0 bcdbackup.LOG1
12/30/2012 11:33 AM 0 bcdbackup.LOG2
12/17/2012 06:10 AM <DIR> Boot
11/02/2006 01:53 AM 438,840 bootmgr
06/11/2006 04:36 PM 8,192 BOOTSECT.BAK
09/18/2006 01:43 PM 10 config.sys
12/25/2012 09:51 AM <DIR> FRST
06/11/2006 04:04 PM 21 LOCAL
06/11/2006 04:08 PM 78 MASTER.LOG
06/11/2006 04:04 PM 21 MINI
12/17/2012 05:54 AM 10 MOVE_RECOVERY
12/17/2012 06:10 AM <DIR> Program Files
12/17/2012 06:09 AM <DIR> ProgramData
12/17/2012 06:14 AM <DIR> SYSPREP
12/25/2012 05:06 AM <DIR> System Volume Information
12/17/2012 06:14 AM <DIR> Users
12/17/2012 06:09 AM <DIR> Windows
12 File(s) 493,276 bytes
10 Dir(s) 295,918,559,232 bytes free

========= End of CMD: =========


========= Dir /a d:\ =========

Volume in drive D is RECOVERY
Volume Serial Number is D26A-4024

Directory of d:\

12/23/2012 06:52 AM <DIR> $RECYCLE.BIN
04/30/2004 01:01 AM 53 Autorun.inf
05/20/2007 11:07 PM 238 BATCH.LOG
10/13/2006 12:26 AM 256 BATCH.OLD
05/20/2007 11:09 PM <DIR> Boot
08/29/2006 07:38 PM 435,752 BOOTMGR
10/04/2003 12:06 AM 102 Desktop.ini
08/20/2007 10:08 AM 0 DRECOVERY
12/17/2012 05:49 AM <DIR> FilesToKeepBackup
06/12/2003 04:52 AM 8,121 Folder.htt
05/20/2007 11:07 PM 0 FULL
05/20/2007 11:09 PM <DIR> i386
11/29/2004 11:01 PM 73,728 Info.exe
05/20/2007 11:09 PM 314 MASTER.LOG
11/06/2006 10:46 PM 189,262 MASTER.LOG.COPY
02/03/2008 07:35 AM <DIR> PRELOAD
05/20/2007 11:09 PM <DIR> Program Files
05/20/2007 11:09 PM <DIR> ProgramData
06/12/2003 03:41 AM 319,545 protect.ed
05/20/2007 11:03 PM <DIR> Recovery
05/20/2007 11:09 PM <DIR> sources
05/20/2007 11:09 PM <DIR> System Recovery
12/25/2012 05:06 AM <DIR> System Volume Information
05/20/2007 11:09 PM <DIR> UPDGOI
11/11/2006 05:44 PM 250 USER
05/20/2007 11:09 PM <DIR> Users
06/12/2003 04:43 AM 96,774 warning.bmp
12/16/2012 11:57 PM <DIR> Windows
14 File(s) 1,124,395 bytes
14 Dir(s) 29,942,444,032 bytes free

========= End of CMD: =========


==== End of Fixlog ====

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:15 PM

Posted 30 December 2012 - 05:20 PM

Lets search for that file.

:step1:

Download the enclosed file.

Save it next to FRST, overwriting the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

:step2:

Type the following in the edit box on FRST, after "Search:".

winload.exe

It then should look like:

Search: winload.exe

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.

:step3:

Perform another scan with FRST and post the new FRST.txt produced.

Edited by JSntgRvr, 30 December 2012 - 05:31 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 30 December 2012 - 06:35 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2012
Ran by SYSTEM at 2012-12-30 18:26:26 Run:3
Running from J:\

==============================================


========= Dir /a c:\windows\system32 =========

Volume in drive C has no label.
Volume Serial Number is DCB9-CC63

Directory of c:\windows\system32

12/17/2012 06:13 AM <DIR> .
12/17/2012 06:13 AM <DIR> ..
11/02/2006 04:42 AM <DIR> 0409
11/02/2006 03:18 AM <DIR> AdvancedInstallers
11/02/2006 03:18 AM <DIR> ar-SA
11/02/2006 03:18 AM <DIR> bg-BG
12/17/2012 06:09 AM <DIR> Boot
12/17/2012 06:09 AM <DIR> Branding
12/17/2012 06:09 AM <DIR> catroot
12/17/2012 06:09 AM <DIR> catroot2
11/02/2006 04:57 AM <DIR> CodeIntegrity
12/17/2012 06:09 AM <DIR> com
12/25/2012 09:51 AM <DIR> config
11/02/2006 03:18 AM <DIR> cs-CZ
11/02/2006 03:18 AM <DIR> da-DK
11/02/2006 03:18 AM <DIR> de-DE
12/17/2012 06:09 AM <DIR> drivers
12/17/2012 06:09 AM <DIR> DriverStore
11/02/2006 03:18 AM <DIR> el-GR
11/02/2006 04:42 AM <DIR> en
12/17/2012 06:13 AM <DIR> en-US
11/02/2006 03:18 AM <DIR> es-ES
11/02/2006 03:18 AM <DIR> et-EE
11/02/2006 03:18 AM <DIR> fi-FI
11/02/2006 03:18 AM <DIR> fr-FR
11/02/2006 02:23 AM <DIR> GroupPolicy
11/02/2006 02:23 AM <DIR> GroupPolicyUsers
11/02/2006 03:18 AM <DIR> he-IL
11/02/2006 03:18 AM <DIR> hr-HR
11/02/2006 03:18 AM <DIR> hu-HU
11/02/2006 03:18 AM <DIR> ias
11/02/2006 03:18 AM <DIR> icsxml
12/17/2012 06:09 AM <DIR> IME
11/02/2006 02:33 AM <DIR> inetsrv
11/02/2006 03:18 AM <DIR> it-IT
11/02/2006 03:18 AM <DIR> ja-JP
11/02/2006 04:35 AM 19,968 jnwmon.dll
11/02/2006 03:18 AM <DIR> ko-KR
12/17/2012 06:09 AM <DIR> licensing
12/23/2012 08:46 AM <DIR> LogFiles
11/02/2006 03:18 AM <DIR> lt-LT
11/02/2006 03:18 AM <DIR> lv-LV
11/02/2006 03:18 AM <DIR> manifeststore
12/17/2012 06:09 AM <DIR> Microsoft
12/17/2012 06:09 AM <DIR> migration
11/02/2006 04:42 AM <DIR> migwiz
12/17/2012 06:14 AM <DIR> Msdtc
11/02/2006 01:45 AM 407,552 msinfo32.exe
12/17/2012 06:09 AM <DIR> MUI
11/02/2006 03:18 AM <DIR> nb-NO
11/02/2006 02:23 AM <DIR> NDF
12/17/2012 06:09 AM <DIR> networklist
11/02/2006 03:18 AM <DIR> nl-NL
12/17/2012 06:09 AM <DIR> oobe
11/02/2006 03:18 AM <DIR> pl-PL
12/17/2012 06:09 AM <DIR> Printing_Admin_Scripts
11/02/2006 03:18 AM <DIR> pt-BR
11/02/2006 03:18 AM <DIR> pt-PT
11/02/2006 03:18 AM <DIR> ras
12/17/2012 06:09 AM <DIR> RemInst
11/02/2006 05:09 AM <DIR> restore
11/02/2006 03:18 AM <DIR> ro-RO
11/02/2006 03:18 AM <DIR> ru-RU
12/17/2012 06:09 AM <DIR> setup
11/02/2006 03:18 AM <DIR> sk-SK
11/02/2006 03:18 AM <DIR> sl-SI
12/17/2012 06:09 AM <DIR> slmgr
11/02/2006 03:18 AM <DIR> SLUI
12/17/2012 06:09 AM <DIR> SMI
12/17/2012 06:09 AM <DIR> Speech
12/17/2012 06:09 AM <DIR> spool
11/02/2006 01:46 AM 134,144 sqmapi.dll
11/02/2006 03:18 AM <DIR> sr-Latn-CS
11/02/2006 03:18 AM <DIR> sv-SE
12/17/2012 06:14 AM <DIR> sysprep
11/02/2006 03:18 AM <DIR> Tasks
11/02/2006 03:18 AM <DIR> th-TH
11/02/2006 03:18 AM <DIR> tr-TR
11/02/2006 03:18 AM <DIR> uk-UA
12/17/2012 06:09 AM <DIR> wbem
12/17/2012 06:09 AM <DIR> WCN
12/17/2012 06:09 AM <DIR> WDI
11/02/2006 05:02 AM <DIR> wfp
12/17/2012 06:09 AM <DIR> winevt
12/17/2012 06:09 AM <DIR> winrm
12/17/2012 06:09 AM <DIR> XPSViewer
11/02/2006 03:18 AM <DIR> zh-CN
11/02/2006 03:18 AM <DIR> zh-HK
11/02/2006 03:18 AM <DIR> zh-TW
3 File(s) 561,664 bytes
86 Dir(s) 295,918,505,984 bytes free

========= End of CMD: =========


========= Dir /a d:\windows\system32 =========

Volume in drive D is RECOVERY
Volume Serial Number is D26A-4024

Directory of d:\windows\system32

12/17/2012 05:48 AM <DIR> .
12/17/2012 05:48 AM <DIR> ..
05/20/2007 10:51 PM <DIR> 0404
05/20/2007 10:51 PM <DIR> 0405
05/20/2007 10:51 PM <DIR> 0406
05/20/2007 10:51 PM <DIR> 0407
05/20/2007 10:51 PM <DIR> 0408
05/20/2007 10:51 PM <DIR> 0409
05/20/2007 10:51 PM <DIR> 040B
05/20/2007 10:51 PM <DIR> 040C
05/20/2007 10:51 PM <DIR> 0410
05/20/2007 10:51 PM <DIR> 0411
05/20/2007 10:51 PM <DIR> 0412
05/20/2007 10:51 PM <DIR> 0413
05/20/2007 10:51 PM <DIR> 0414
05/20/2007 10:51 PM <DIR> 0415
05/20/2007 10:51 PM <DIR> 0416
05/20/2007 10:51 PM <DIR> 0419
05/20/2007 10:51 PM <DIR> 041D
05/20/2007 10:51 PM <DIR> 041F
05/20/2007 10:51 PM <DIR> 0804
05/20/2007 10:51 PM <DIR> 0816
05/20/2007 10:51 PM <DIR> 0C0A
11/02/2006 03:31 AM 2,151 12520437.cpx
11/02/2006 03:31 AM 2,233 12520850.cpx
11/02/2006 01:46 AM 126,976 aclui.dll
11/02/2006 01:46 AM 204,288 activeds.dll
11/01/2006 11:21 PM 111,616 activeds.tlb
11/02/2006 01:46 AM 198,656 adsldpc.dll
05/20/2007 10:51 PM <DIR> AdvancedInstallers
11/02/2006 01:46 AM 770,048 advapi32.dll
11/02/2006 01:46 AM 124,928 advpack.dll
11/02/2006 01:46 AM 1,729,536 apds.dll
11/02/2006 01:46 AM 219,648 apircl.dll
05/18/2006 07:52 AM 166,400 apphelp.dll
11/02/2006 01:46 AM 198,656 apss.dll
05/20/2007 10:51 PM <DIR> ar-SA
11/02/2006 01:44 AM 19,968 ARP.EXE
11/02/2006 01:46 AM 66,560 asycfilt.dll
11/02/2006 01:46 AM 71,680 atl.dll
11/02/2006 12:38 AM 289,792 atmfd.dll
11/02/2006 01:46 AM 34,304 atmlib.dll
11/02/2006 01:44 AM 16,384 attrib.exe
11/02/2006 01:46 AM 1,984,512 authui.dll
11/02/2006 01:46 AM 78,848 authz.dll
11/02/2006 01:44 AM 640,000 autochk.exe
11/02/2006 01:44 AM 653,312 autoconv.exe
11/02/2006 01:46 AM 107,520 AuxiliaryDisplayClassInstaller.dll
09/13/2006 05:35 PM 847,872 BackupST.exe
09/13/2006 07:01 PM 47,164 BackupST.lgg
09/04/2006 12:27 AM 191,932 BackupST.smf
09/04/2006 12:27 AM 191,932 BackupST_OEM1.smf
09/13/2006 05:32 PM 585,728 BackupWiz.exe
09/07/2006 03:08 AM 24,800 BackupWiz.lgg
09/13/2006 05:33 PM 184,197 BackupWiz.smf
09/13/2006 05:33 PM 184,197 BackupWiz_OEM1.smf
11/21/2005 05:37 PM 221,184 BaseImg.dll
11/13/2005 01:59 PM 9,642 BaseImg.lgg
11/02/2006 01:46 AM 68,608 basesrv.dll
11/02/2006 01:46 AM 11,776 batt.dll
08/08/2006 05:20 PM 24,576 BCD
11/02/2006 01:44 AM 259,584 bcdedit.exe
11/02/2006 03:31 AM 46,592 bcdprov.dll
11/02/2006 01:46 AM 108,032 bcdsrv.dll
11/02/2006 01:46 AM 265,728 bcrypt.dll
05/20/2007 10:53 PM 46 BEGIN
11/02/2006 01:46 AM 317,440 BFE.DLL
05/20/2007 10:51 PM <DIR> bg-BG
11/02/2006 01:46 AM 6,656 blbres.dll
11/02/2006 01:46 AM 17,408 blb_ps.dll
11/02/2006 03:31 AM 342,528 bmrui.exe
05/20/2007 10:51 PM <DIR> Boot
11/02/2006 01:44 AM 81,408 bootcfg.exe
11/02/2006 03:31 AM 282,624 BootRec.exe
11/01/2006 10:56 PM 2,560 bootstr.dll
11/02/2006 01:49 AM 21,608 BOOTVID.DLL
05/20/2007 10:51 PM <DIR> Branding
11/02/2006 01:46 AM 17,408 brcoinst.dll
11/02/2006 01:46 AM 1,321,472 browseui.dll
11/02/2006 01:46 AM 43,008 bthci.dll
11/02/2006 01:46 AM 39,936 bthserv.dll
11/02/2006 01:46 AM 68,608 cabinet.dll
11/02/2006 01:46 AM 16,896 capisp.dll
05/20/2007 10:51 PM <DIR> catroot
08/31/2008 10:30 AM <DIR> catroot2
11/02/2006 03:31 AM 451,072 catsrv.dll
11/02/2006 03:31 AM 488,448 catsrvut.dll
11/02/2006 01:46 AM 320,000 certcli.dll
11/02/2006 01:46 AM 19,456 cfgmgr32.dll
11/02/2006 12:31 AM 11,776 chcp.com
11/02/2006 01:44 AM 15,872 chkdsk.exe
11/02/2006 01:44 AM 16,896 chkntfs.exe
11/02/2006 01:51 AM 615,528 ci.dll
11/02/2006 01:46 AM 13,824 clb.dll
11/02/2006 03:31 AM 523,776 clbcatq.dll
11/02/2006 01:51 AM 221,800 clfs.sys
11/02/2006 03:31 AM 86,016 cliconfg.dll
11/02/2006 03:31 AM 40,960 cliconfg.exe
11/02/2006 03:31 AM 40,960 cliconfg.rll
11/02/2006 01:46 AM 119,296 clusapi.dll
11/02/2006 01:44 AM 320,000 cmd.exe
11/02/2006 01:46 AM 58,880 cmifw.dll
11/02/2006 01:46 AM 281,088 cmipnpinstall.dll
11/02/2006 01:46 AM 11,776 cngaudit.dll
11/02/2006 01:46 AM 31,232 cnvfat.dll
05/20/2007 10:51 PM <DIR> CodeIntegrity
11/02/2006 03:31 AM 62,464 colbact.dll
05/18/2006 05:52 PM 38,912 colorcpl.exe
05/18/2006 05:52 PM 743,936 colorui.dll
05/20/2007 10:51 PM <DIR> com
11/02/2006 01:46 AM 7,168 comcat.dll
11/02/2006 01:46 AM 454,656 comdlg32.dll
11/02/2006 12:50 AM 1,236,992 comres.dll
11/02/2006 03:31 AM 1,210,880 comsvcs.dll
05/20/2007 10:51 PM <DIR> config
11/02/2006 01:46 AM 95,744 console.dll
11/02/2006 01:44 AM 17,408 convert.exe
11/02/2006 01:46 AM 178,176 credui.dll
05/20/2007 11:04 PM 20 CRYPT.INI
11/02/2006 01:46 AM 974,336 crypt32.dll
11/02/2006 01:46 AM 24,576 cryptdlg.dll
11/02/2006 01:46 AM 57,856 cryptdll.dll
11/02/2006 01:46 AM 54,784 cryptext.dll
11/02/2006 01:46 AM 93,184 cryptnet.dll
11/02/2006 01:46 AM 123,392 cryptsvc.dll
11/02/2006 01:46 AM 969,216 cryptui.dll
05/20/2007 10:51 PM <DIR> cs-CZ
11/02/2006 01:46 AM 27,648 cscapi.dll
11/02/2006 01:46 AM 22,016 cscdll.dll
11/02/2006 03:31 AM 114,688 cscript.exe
05/20/2007 11:08 PM 894 CSP.DAT
11/02/2006 01:46 AM 49,664 csrsrv.dll
11/02/2006 01:45 AM 7,680 csrss.exe
11/16/2006 06:34 PM 73,728 CSTCasperBundle.dll
08/25/2006 12:40 AM 53,248 CSTError.dll
09/20/2006 06:43 PM 61,440 CSTHistory.dll
11/13/2006 07:04 PM 45,056 CSTWim.dll
09/18/2006 01:47 PM 66,082 C_037.NLS
09/18/2006 01:47 PM 66,082 C_10000.NLS
09/18/2006 01:47 PM 162,850 C_10001.NLS
09/18/2006 01:47 PM 195,618 C_10002.NLS
09/18/2006 01:47 PM 177,698 C_10003.NLS
09/18/2006 01:47 PM 66,082 C_10004.NLS
09/18/2006 01:47 PM 66,082 C_10005.NLS
09/18/2006 01:47 PM 66,082 C_10006.NLS
09/18/2006 01:47 PM 66,082 C_10007.NLS
09/18/2006 01:47 PM 173,602 C_10008.NLS
09/18/2006 01:47 PM 66,082 C_10010.NLS
09/18/2006 01:47 PM 66,082 C_10017.NLS
09/18/2006 01:47 PM 66,082 C_10021.NLS
09/18/2006 01:47 PM 66,082 C_10029.NLS
09/18/2006 01:47 PM 66,082 C_10079.NLS
09/18/2006 01:47 PM 66,082 C_10081.NLS
09/18/2006 01:47 PM 66,082 C_10082.NLS
09/18/2006 01:47 PM 66,082 C_1026.NLS
09/18/2006 01:47 PM 66,082 C_1047.NLS
09/18/2006 01:47 PM 66,082 C_1140.NLS
09/18/2006 01:47 PM 66,082 C_1141.NLS
09/18/2006 01:47 PM 66,082 C_1142.NLS
09/18/2006 01:47 PM 66,082 C_1143.NLS
09/18/2006 01:47 PM 66,082 C_1144.NLS
09/18/2006 01:47 PM 66,082 C_1145.NLS
09/18/2006 01:47 PM 66,082 C_1146.NLS
09/18/2006 01:47 PM 66,082 C_1147.NLS
09/18/2006 01:47 PM 66,082 C_1148.NLS
09/18/2006 01:47 PM 66,082 C_1149.NLS
09/18/2006 01:47 PM 66,082 C_1250.NLS
09/18/2006 01:47 PM 66,082 C_1251.NLS
09/18/2006 01:47 PM 66,082 C_1252.NLS
09/18/2006 01:47 PM 66,082 C_1253.NLS
09/18/2006 01:47 PM 66,082 C_1254.NLS
09/18/2006 01:47 PM 66,082 C_1255.NLS
09/18/2006 01:47 PM 66,082 C_1256.NLS
09/18/2006 01:47 PM 66,082 C_1257.NLS
09/18/2006 01:47 PM 66,082 C_1258.NLS
09/18/2006 01:47 PM 189,986 C_1361.NLS
09/18/2006 01:47 PM 180,258 C_20000.NLS
09/18/2006 01:47 PM 186,402 C_20001.NLS
09/18/2006 01:47 PM 173,602 C_20002.NLS
09/18/2006 01:47 PM 185,378 C_20003.NLS
09/18/2006 01:47 PM 180,258 C_20004.NLS
09/18/2006 01:47 PM 187,938 C_20005.NLS
09/18/2006 01:47 PM 66,082 C_20105.NLS
09/18/2006 01:47 PM 66,082 C_20106.NLS
09/18/2006 01:47 PM 66,082 C_20107.NLS
09/18/2006 01:47 PM 66,082 C_20108.NLS
09/18/2006 01:47 PM 66,082 C_20127.NLS
09/18/2006 01:47 PM 139,810 C_20261.NLS
09/18/2006 01:47 PM 66,082 C_20269.NLS
09/18/2006 01:47 PM 66,082 C_20273.NLS
09/18/2006 01:47 PM 66,082 C_20277.NLS
09/18/2006 01:47 PM 66,082 C_20278.NLS
09/18/2006 01:47 PM 66,082 C_20280.NLS
09/18/2006 01:47 PM 66,082 C_20284.NLS
09/18/2006 01:47 PM 66,082 C_20285.NLS
09/18/2006 01:47 PM 66,082 C_20290.NLS
09/18/2006 01:47 PM 66,082 C_20297.NLS
09/18/2006 01:47 PM 66,082 C_20420.NLS
09/18/2006 01:47 PM 66,082 C_20423.NLS
09/18/2006 01:47 PM 66,082 C_20424.NLS
09/18/2006 01:47 PM 66,082 C_20833.NLS
09/18/2006 01:47 PM 66,082 C_20838.NLS
09/18/2006 01:47 PM 66,082 C_20866.NLS
09/18/2006 01:47 PM 66,082 C_20871.NLS
09/18/2006 01:47 PM 66,082 C_20880.NLS
09/18/2006 01:47 PM 66,082 C_20905.NLS
09/18/2006 01:47 PM 66,082 C_20924.NLS
09/18/2006 01:47 PM 180,770 C_20932.NLS
09/18/2006 01:47 PM 173,602 C_20936.NLS
09/18/2006 01:47 PM 177,698 C_20949.NLS
09/18/2006 01:47 PM 66,082 C_21025.NLS
09/18/2006 01:47 PM 66,082 C_21027.NLS
09/18/2006 01:47 PM 66,082 C_21866.NLS
09/18/2006 01:47 PM 66,082 C_28591.NLS
09/18/2006 01:47 PM 66,082 C_28592.NLS
09/18/2006 01:47 PM 66,082 C_28593.NLS
09/18/2006 01:47 PM 66,082 C_28594.NLS
09/18/2006 01:47 PM 66,082 C_28595.NLS
09/18/2006 01:47 PM 66,082 C_28596.NLS
09/18/2006 01:47 PM 66,082 C_28597.NLS
09/18/2006 01:47 PM 66,082 C_28598.NLS
09/18/2006 01:47 PM 66,082 C_28599.NLS
09/18/2006 01:47 PM 66,082 c_28603.nls
09/18/2006 01:47 PM 66,082 C_28605.NLS
09/18/2006 01:47 PM 66,594 C_437.NLS
09/18/2006 01:47 PM 66,082 C_500.NLS
09/18/2006 01:47 PM 66,082 C_708.NLS
09/18/2006 01:47 PM 66,594 C_720.NLS
09/18/2006 01:47 PM 66,594 C_737.NLS
09/18/2006 01:47 PM 66,594 C_775.NLS
09/18/2006 01:47 PM 66,594 C_850.NLS
09/18/2006 01:47 PM 66,594 C_852.NLS
09/18/2006 01:47 PM 66,594 C_855.NLS
09/18/2006 01:47 PM 66,594 C_857.NLS
09/18/2006 01:47 PM 66,594 C_858.NLS
09/18/2006 01:47 PM 66,594 C_860.NLS
09/18/2006 01:47 PM 66,594 C_861.NLS
09/18/2006 01:47 PM 66,594 C_862.NLS
09/18/2006 01:47 PM 66,594 C_863.NLS
09/18/2006 01:47 PM 66,594 C_864.NLS
09/18/2006 01:47 PM 66,594 C_865.NLS
09/18/2006 01:47 PM 66,594 C_866.NLS
09/18/2006 01:47 PM 66,594 C_869.NLS
09/18/2006 01:47 PM 66,082 C_870.NLS
09/18/2006 01:47 PM 66,594 C_874.NLS
09/18/2006 01:47 PM 66,082 C_875.NLS
09/18/2006 01:47 PM 162,850 C_932.NLS
09/18/2006 01:47 PM 196,642 C_936.NLS
09/18/2006 01:47 PM 196,642 C_949.NLS
09/18/2006 01:47 PM 196,642 C_950.NLS
11/02/2006 01:46 AM 221,696 C_G18030.DLL
11/02/2006 01:46 AM 10,240 C_IS2022.DLL
05/20/2007 10:51 PM <DIR> da-DK
11/02/2006 01:46 AM 1,853,440 dbgeng.dll
11/02/2006 01:46 AM 798,208 dbghelp.dll
05/20/2007 10:51 PM <DIR> Dblenv
10/18/2006 11:26 PM 688,128 DblRes.exe
10/09/2006 01:24 AM 33,624 DBLRES.INI
11/02/2006 03:31 AM 135,168 dbnetlib.dll
11/02/2006 03:31 AM 32,768 dbnmpntw.dll
11/02/2006 01:46 AM 10,240 dciman32.dll
05/20/2007 10:52 PM <DIR> de-DE
05/18/2006 07:52 AM 334,336 devmgr.dll
11/02/2006 03:31 AM 58,880 dfrgifc.exe
11/02/2006 03:31 AM 10,240 dfrgifps.dll
05/18/2006 07:27 PM 83,456 dfshim.dll
11/02/2006 01:46 AM 10,240 dhcpcmonitor.dll
11/02/2006 01:46 AM 204,800 dhcpcsvc.dll
11/02/2006 01:46 AM 120,320 dhcpcsvc6.dll
11/02/2006 01:46 AM 66,048 DHCPQEC.DLL
11/02/2006 01:45 AM 114,176 diskpart.exe
11/02/2006 01:45 AM 228,352 diskraid.exe
11/02/2006 01:46 AM 35,328 dispci.dll
11/02/2006 03:31 AM 32,768 dispex.dll
11/02/2006 01:45 AM 7,168 dllhost.exe
11/02/2006 01:45 AM 7,168 dllhst3g.exe
11/02/2006 01:46 AM 162,816 dnsapi.dll
11/02/2006 01:45 AM 24,576 dnscacheugc.exe
11/02/2006 01:46 AM 83,968 dnsrslvr.dll
11/02/2006 01:45 AM 15,360 doskey.exe
11/02/2006 01:45 AM 407,040 dpapimig.exe
11/02/2006 01:46 AM 256,512 dpx.dll
08/31/2008 10:35 AM <DIR> drivers
05/20/2007 10:52 PM <DIR> DriverStore
11/02/2006 01:45 AM 100,864 drvinst.exe
11/02/2006 01:45 AM 31,232 drvload.exe
11/02/2006 01:46 AM 245,248 drvstore.dll
11/02/2006 03:31 AM 4,656 ds16gt.dLL
11/02/2006 03:31 AM 20,480 ds32gt.dll
11/02/2006 03:31 AM 86,528 dskquota.dll
09/05/2006 12:22 AM 86,016 DskUtil.dll
11/02/2006 01:46 AM 183,808 duser.dll
11/02/2006 01:46 AM 39,936 dwmapi.dll
05/18/2006 07:52 AM 87,552 efsadu.dll
05/20/2007 10:52 PM <DIR> el-GR
05/20/2007 10:52 PM <DIR> en-US
09/18/2006 09:47 PM 65,536 Engine.dll
05/20/2007 11:04 PM 43 env_var.ini
05/20/2007 10:52 PM <DIR> es-ES
11/02/2006 01:46 AM 1,455,616 esent.dll
11/02/2006 01:45 AM 93,184 esentutl.exe
05/20/2007 10:52 PM <DIR> et-EE
11/02/2006 01:46 AM 19,968 eventcls.dll
01/04/2006 01:39 AM 626 exclusions.ini
11/02/2006 01:45 AM 52,736 expand.exe
11/02/2006 01:39 AM 7,168 f3ahvoas.dll
11/02/2006 03:31 AM 141,824 Faultrep.dll
11/02/2006 01:46 AM 12,288 fbwflib.dll
06/21/2006 11:17 PM 475,136 FDSoftThinks.dll
09/13/2006 05:14 PM 812 fdsoftthinks.dll.LOG
11/02/2006 01:46 AM 53,760 feclient.dll
05/20/2007 10:52 PM <DIR> fi-FI
06/07/2006 10:12 PM 477 filetypes.ini
11/02/2006 01:45 AM 13,312 find.exe
11/02/2006 01:45 AM 10,240 finger.exe
11/02/2006 01:46 AM 392,704 FirewallAPI.dll
11/02/2006 01:45 AM 13,824 fixmapi.exe
11/02/2006 01:46 AM 14,848 fltLib.dll
11/02/2006 01:45 AM 18,944 fltMC.exe
12/09/2001 12:55 AM 45,056 flush.dll
11/02/2006 01:46 AM 23,040 fmifs.dll
08/31/2008 10:29 AM 63,232 FNTCACHE.DAT
04/21/2006 11:07 PM 331,784 fontreg.nls
11/02/2006 01:46 AM 72,192 fontsub.dll
11/02/2006 12:32 AM 35,328 format.com
05/20/2007 10:52 PM <DIR> fr-FR
11/02/2006 12:53 AM 11,776 framebuf.dll
11/02/2006 01:45 AM 41,984 ftp.exe
11/02/2006 01:46 AM 162,816 fveapi.dll
11/02/2006 01:46 AM 109,568 fveRecover.dll
08/30/2006 01:21 AM 12,800 fveupdate.exe
11/02/2006 01:46 AM 543,232 FWPUCLNT.DLL
11/02/2006 01:46 AM 28,672 FwRemoteSvr.dll
11/02/2006 01:46 AM 296,448 gdi32.dll
11/02/2006 01:46 AM 73,728 gpapi.dll
05/18/2006 05:52 PM 28,160 gpscript.dll
05/18/2006 05:52 PM 23,552 gpscript.exe
11/02/2006 01:46 AM 569,344 gpsvc.dll
05/20/2007 10:52 PM <DIR> GroupPolicy
05/20/2007 10:52 PM <DIR> GroupPolicyUsers
11/02/2006 01:50 AM 134,760 halacpi.dll
11/02/2006 01:51 AM 160,872 halmacpi.dll
11/02/2006 01:46 AM 8,704 hccoin.dll
05/20/2007 10:52 PM <DIR> he-IL
05/18/2006 05:52 PM 129,536 helpcins.dll
11/02/2006 03:31 AM 524,800 hhctrl.ocx
11/02/2006 03:31 AM 43,008 hhsetup.dll
11/02/2006 01:46 AM 22,016 hid.dll
11/02/2006 01:46 AM 25,600 hidserv.dll
08/23/2001 04:00 AM 14,848 hnetmon.dll
11/02/2006 01:45 AM 8,704 HOSTNAME.EXE
05/20/2007 10:52 PM <DIR> hr-HR
05/20/2007 10:52 PM <DIR> hu-HU
11/02/2006 03:31 AM 26,624 icacls.exe
11/02/2006 01:46 AM 86,016 icfupgd.dll
11/02/2006 01:46 AM 213,504 icm32.dll
11/02/2006 01:39 AM 3,072 icmp.dll
05/18/2006 05:52 PM 23,040 icmui.dll
12/07/2006 01:53 AM 45,056 ICompression.dll
11/02/2006 03:30 AM 8,798 icrav03.rat
01/27/2006 04:04 AM 290,304 idecoi.dll
11/02/2006 01:46 AM 26,112 idndl.dll
11/02/2006 03:30 AM 6,054,400 ieframe.dll
11/02/2006 01:46 AM 266,752 iertutil.dll
11/02/2006 03:30 AM 180,736 ieui.dll
11/02/2006 01:46 AM 24,576 ifmon.dll
11/02/2006 01:46 AM 121,856 ifsutil.dll
11/02/2006 01:46 AM 8,704 ifsutilx.dll
11/02/2006 01:46 AM 416,768 IKEEXT.DLL
11/02/2006 01:46 AM 152,576 imagehlp.dll
11/02/2006 01:39 AM 6,921,216 imageres.dll
08/29/2006 03:04 PM 380,928 imagex.exe
11/02/2006 01:46 AM 105,984 imapi.dll
11/02/2006 01:46 AM 316,928 imapi2.dll
11/02/2006 01:46 AM 489,472 imapi2fs.dll
11/02/2006 03:30 AM 36,352 imgutil.dll
11/02/2006 01:46 AM 115,200 imm32.dll
11/02/2006 03:30 AM 735,232 inetcomm.dll
11/02/2006 01:46 AM 52,736 inetmib1.dll
11/02/2006 03:30 AM 84,480 INETRES.dll
11/02/2006 01:46 AM 200,192 input.dll
08/29/2006 03:03 PM 226,304 intlcfg.exe
11/02/2006 01:45 AM 26,112 ipconfig.exe
11/02/2006 01:46 AM 89,600 IPHLPAPI.DLL
08/23/2001 04:00 AM 154,112 ipmontr.dll
08/28/2002 06:40 PM 318,464 ippromon.dll
11/02/2006 01:46 AM 361,984 IPSECSVC.DLL
08/23/2001 04:00 AM 83,968 ipxmontr.dll
08/23/2001 04:00 AM 69,120 ipxpromn.dll
02/18/2007 06:16 PM 53,248 IRestorePlugIn.dll
11/01/2006 11:31 PM 14,848 iscsilog.dll
05/20/2007 10:52 PM <DIR> it-IT
05/20/2007 10:52 PM <DIR> ja-JP
11/02/2006 03:31 AM 491,520 jscript.dll
11/02/2006 01:46 AM 27,136 jsproxy.dll
11/02/2006 01:39 AM 6,656 kbd101.dll
11/02/2006 01:39 AM 6,144 kbd101a.dll
11/02/2006 01:39 AM 6,144 kbd101b.dll
11/02/2006 01:39 AM 6,144 kbd101c.dll
11/02/2006 01:39 AM 6,144 kbd103.dll
11/02/2006 01:39 AM 6,656 kbd106.dll
11/02/2006 01:39 AM 6,656 kbd106n.dll
11/02/2006 01:39 AM 6,144 KBDA1.DLL
11/02/2006 01:39 AM 5,632 KBDA2.DLL
11/02/2006 01:39 AM 6,144 KBDA3.DLL
11/02/2006 01:39 AM 6,656 KBDAL.DLL
11/02/2006 01:39 AM 5,632 KBDARME.DLL
11/02/2006 01:39 AM 5,632 KBDARMW.DLL
11/02/2006 01:39 AM 6,656 kbdax2.dll
11/02/2006 01:39 AM 6,144 KBDAZE.DLL
11/02/2006 01:39 AM 6,144 KBDAZEL.DLL
11/02/2006 01:39 AM 5,632 KBDBASH.DLL
11/02/2006 01:39 AM 6,144 KBDBE.DLL
11/02/2006 01:39 AM 6,656 KBDBENE.DLL
11/02/2006 01:39 AM 6,144 KBDBGPH.DLL
11/02/2006 01:39 AM 6,144 KBDBHC.DLL
11/02/2006 01:39 AM 6,144 KBDBLR.DLL
11/02/2006 01:39 AM 6,144 KBDBR.DLL
11/02/2006 01:39 AM 6,144 KBDBU.DLL
11/02/2006 01:39 AM 6,144 KBDBULG.DLL
11/02/2006 01:39 AM 6,656 KBDCA.DLL
11/02/2006 01:39 AM 7,680 KBDCAN.DLL
11/02/2006 01:39 AM 7,168 KBDCR.DLL
11/02/2006 01:39 AM 7,168 KBDCZ.DLL
11/02/2006 01:39 AM 6,656 KBDCZ1.DLL
11/02/2006 01:39 AM 7,168 KBDCZ2.DLL
11/02/2006 01:39 AM 6,144 KBDDA.DLL
11/02/2006 01:39 AM 6,144 KBDDIV1.DLL
11/02/2006 01:39 AM 6,144 KBDDIV2.DLL
11/02/2006 01:39 AM 5,632 KBDDV.DLL
11/02/2006 01:39 AM 6,656 KBDES.DLL
11/02/2006 01:39 AM 6,144 KBDEST.DLL
11/02/2006 01:39 AM 5,632 KBDFA.DLL
11/02/2006 01:39 AM 6,656 KBDFC.DLL
11/02/2006 01:39 AM 6,144 KBDFI.DLL
11/02/2006 01:39 AM 7,168 KBDFI1.DLL
11/02/2006 01:39 AM 6,144 KBDFO.DLL
11/02/2006 01:39 AM 6,144 KBDFR.DLL
11/02/2006 01:39 AM 5,632 KBDGAE.DLL
11/02/2006 01:39 AM 5,120 KBDGEO.DLL
11/02/2006 01:39 AM 6,144 kbdgeoer.dll
11/02/2006 01:39 AM 6,144 kbdgeoqw.dll
11/02/2006 01:39 AM 6,656 KBDGKL.DLL
11/02/2006 01:39 AM 6,144 KBDGR.DLL
11/02/2006 01:39 AM 6,656 KBDGR1.DLL
11/02/2006 01:39 AM 7,168 KBDGRLND.DLL
11/02/2006 01:39 AM 5,632 KBDHE.DLL
11/02/2006 01:39 AM 6,656 KBDHE220.DLL
11/02/2006 01:39 AM 6,144 KBDHE319.DLL
11/02/2006 01:39 AM 5,632 KBDHEB.DLL
11/02/2006 01:39 AM 6,656 KBDHELA2.DLL
11/02/2006 01:39 AM 6,656 KBDHELA3.DLL
11/02/2006 01:39 AM 8,704 KBDHEPT.DLL
11/02/2006 01:39 AM 6,656 KBDHU.DLL
11/02/2006 01:39 AM 6,144 KBDHU1.DLL
11/02/2006 01:39 AM 7,168 kbdibm02.dll
11/02/2006 01:39 AM 6,144 KBDIC.DLL
11/02/2006 01:39 AM 6,144 KBDINASA.DLL
11/02/2006 01:39 AM 6,144 KBDINBE1.DLL
11/02/2006 01:39 AM 6,144 KBDINBE2.DLL
11/02/2006 01:39 AM 6,656 KBDINBEN.DLL
11/02/2006 01:39 AM 6,144 KBDINDEV.DLL
11/02/2006 01:39 AM 6,144 KBDINGUJ.DLL
11/02/2006 01:39 AM 5,632 KBDINHIN.DLL
11/02/2006 01:39 AM 6,144 KBDINKAN.DLL
11/02/2006 01:39 AM 6,656 KBDINMAL.DLL
11/02/2006 01:39 AM 6,144 KBDINMAR.DLL
11/02/2006 01:39 AM 5,632 KBDINORI.DLL
11/02/2006 01:39 AM 6,144 KBDINPUN.DLL
11/02/2006 01:39 AM 5,632 KBDINTAM.DLL
11/02/2006 01:39 AM 6,144 KBDINTEL.DLL
11/02/2006 01:39 AM 7,168 KBDINUK2.DLL
11/02/2006 01:39 AM 5,632 KBDIR.DLL
11/02/2006 01:39 AM 5,632 KBDIT.DLL
11/02/2006 01:39 AM 6,144 KBDIT142.DLL
11/02/2006 01:39 AM 6,656 KBDIULAT.DLL
05/18/2006 05:50 PM 6,656 KBDIUNAQ.DLL
11/02/2006 01:46 AM 10,752 KBDJPN.DLL
11/02/2006 01:39 AM 6,144 KBDKAZ.DLL
11/02/2006 01:39 AM 6,144 KBDKHMR.DLL
11/02/2006 01:46 AM 10,240 KBDKOR.DLL
11/02/2006 01:39 AM 5,632 KBDKYR.DLL
11/02/2006 01:39 AM 6,656 KBDLA.DLL
11/02/2006 01:39 AM 6,144 KBDLAO.DLL
11/02/2006 01:39 AM 7,168 kbdlk41a.dll
11/02/2006 01:39 AM 5,632 KBDLT.DLL
11/02/2006 01:39 AM 6,144 KBDLT1.DLL
11/02/2006 01:39 AM 6,144 KBDLT2.DLL
11/02/2006 01:39 AM 6,144 KBDLV.DLL
11/02/2006 01:39 AM 6,656 KBDLV1.DLL
11/02/2006 01:39 AM 6,144 KBDMAC.DLL
11/02/2006 01:39 AM 6,144 KBDMACST.DLL
11/02/2006 01:39 AM 5,632 KBDMAORI.DLL
11/02/2006 01:39 AM 6,144 KBDMLT47.DLL
11/02/2006 01:39 AM 6,144 KBDMLT48.DLL
11/02/2006 01:39 AM 5,632 KBDMON.DLL
11/02/2006 01:39 AM 6,144 KBDMONMO.DLL
11/02/2006 01:39 AM 6,144 KBDNE.DLL
11/02/2006 01:39 AM 7,168 kbdnec.dll
11/02/2006 01:39 AM 7,168 kbdnec95.dll
11/02/2006 01:39 AM 9,216 kbdnecat.dll
11/02/2006 01:39 AM 7,680 kbdnecnt.dll
11/02/2006 01:39 AM 6,144 KBDNEPR.DLL
11/02/2006 01:39 AM 6,144 KBDNO.DLL
11/02/2006 01:39 AM 7,168 KBDNO1.DLL
11/02/2006 01:39 AM 6,144 KBDPASH.DLL
11/02/2006 01:39 AM 6,656 KBDPL.DLL
11/02/2006 01:39 AM 6,144 KBDPL1.DLL
11/02/2006 01:39 AM 6,144 KBDPO.DLL
11/02/2006 01:39 AM 7,168 KBDRO.DLL
11/02/2006 01:39 AM 7,680 KBDROPR.DLL
11/02/2006 01:39 AM 7,680 KBDROST.DLL
11/02/2006 01:39 AM 5,632 KBDRU.DLL
11/02/2006 01:39 AM 6,144 KBDRU1.DLL
11/02/2006 01:39 AM 6,656 KBDSF.DLL
11/02/2006 01:39 AM 7,168 KBDSG.DLL
11/02/2006 01:39 AM 6,656 KBDSL.DLL
11/02/2006 01:39 AM 7,680 KBDSMSFI.DLL
11/02/2006 01:39 AM 7,680 KBDSMSNO.DLL
11/02/2006 01:39 AM 5,632 KBDSN1.DLL
11/02/2006 01:39 AM 7,168 KBDSOREX.DLL
11/02/2006 01:39 AM 7,168 KBDSORST.DLL
11/02/2006 01:39 AM 6,144 KBDSP.DLL
11/02/2006 01:39 AM 6,144 KBDSW.DLL
11/02/2006 01:39 AM 6,656 KBDSW09.DLL
11/02/2006 01:39 AM 6,144 KBDSYR1.DLL
11/02/2006 01:39 AM 6,144 KBDSYR2.DLL
11/02/2006 01:39 AM 5,632 KBDTAJIK.DLL
11/02/2006 01:39 AM 6,144 KBDTAT.DLL
11/02/2006 01:39 AM 6,144 KBDTH0.DLL
11/02/2006 01:39 AM 6,144 KBDTH1.DLL
11/02/2006 01:39 AM 6,144 KBDTH2.DLL
11/02/2006 01:39 AM 6,144 KBDTH3.DLL
11/02/2006 01:39 AM 6,656 KBDTIPRC.DLL
11/02/2006 01:39 AM 6,144 KBDTUF.DLL
11/02/2006 01:39 AM 6,144 KBDTUQ.DLL
11/02/2006 01:39 AM 6,144 KBDTURME.DLL
11/02/2006 01:39 AM 6,144 KBDUGHR.DLL
11/02/2006 01:39 AM 6,144 KBDUK.DLL
11/02/2006 01:39 AM 7,168 KBDUKX.DLL
11/02/2006 01:39 AM 5,632 KBDUR.DLL
11/02/2006 01:39 AM 6,144 KBDUR1.DLL
11/02/2006 01:39 AM 5,632 KBDURDU.DLL
11/02/2006 01:39 AM 6,144 KBDUS.DLL
11/02/2006 01:39 AM 6,144 KBDUSA.DLL
11/02/2006 01:39 AM 6,144 KBDUSL.DLL
11/02/2006 01:39 AM 6,144 KBDUSR.DLL
11/02/2006 01:39 AM 6,656 KBDUSX.DLL
11/02/2006 01:39 AM 6,144 KBDUZB.DLL
11/02/2006 01:39 AM 6,144 KBDVNTC.DLL
11/02/2006 01:39 AM 6,144 KBDYAK.DLL
11/02/2006 01:39 AM 6,144 KBDYCC.DLL
11/02/2006 01:39 AM 7,680 KBDYCL.DLL
11/02/2006 12:30 AM 8,704 kd1394.dll
11/02/2006 01:49 AM 17,000 kdcom.dll
11/02/2006 01:49 AM 19,048 kdusb.dll
11/02/2006 01:46 AM 493,056 kerberos.dll
11/02/2006 01:46 AM 874,496 kernel32.dll
11/02/2006 01:46 AM 18,944 keyiso.dll
11/02/2006 01:44 AM 38,400 kmddsp.tsp
05/20/2007 10:52 PM <DIR> ko-KR
11/02/2006 01:46 AM 12,800 ktmw32.dll
09/13/2006 06:45 PM 119 lang.ini
05/20/2007 10:52 PM <DIR> licensing
05/18/2006 03:04 AM 22,016 linkinfo.dll
11/02/2006 01:46 AM 18,944 lmhsvc.dll
11/01/2006 10:24 PM 3,661,664 locale.nls
05/20/2007 10:52 PM <DIR> LogFiles
11/02/2006 01:45 AM 9,216 LogonUI.exe
11/02/2006 01:46 AM 24,064 lpk.dll
11/02/2006 01:46 AM 1,233,408 lsasrv.dll
11/02/2006 01:45 AM 7,680 lsass.exe
11/02/2006 01:45 AM 210,944 lsm.exe
05/20/2007 10:52 PM <DIR> lt-LT
11/02/2006 01:46 AM 101,376 luainstall.dll
05/20/2007 10:52 PM <DIR> lv-LV
11/02/2006 12:33 AM 3,072 lz32.dll
09/18/2006 01:47 PM 8,838 l_intl.nls
09/18/2006 01:44 PM 80,010 manage-bde.ini.en
09/18/2006 01:44 PM 124,363 manage-bde.wsf
11/02/2006 01:46 AM 66,560 mapi32.dll
11/02/2006 01:46 AM 66,560 mapistub.dll
01/05/2007 01:46 AM 158,856 MBR.DLL
01/05/2007 01:46 AM 158,856 MBR.EXE
10/02/2006 09:15 PM 5,385 MBR.INI
09/08/2006 04:17 AM 5,344 MBR.INI.old
11/02/2006 01:45 AM 267,776 mcbuilder.exe
11/02/2006 01:51 AM 301,672 mcupdate_GenuineIntel.dll
11/02/2006 03:31 AM 124,928 MdSched.exe
11/02/2006 01:46 AM 41,984 mf3216.dll
11/02/2006 01:46 AM 1,139,200 mfc42.dll
11/02/2006 01:46 AM 1,162,752 mfc42u.dll
11/29/2004 07:03 PM 1,060,864 mfc71.dll
03/18/2003 03:12 PM 1,047,552 mfc71u.dll
08/31/2008 10:29 AM <DIR> Microsoft
05/20/2007 10:52 PM <DIR> migration
11/02/2006 01:46 AM 2,014,720 milcore.dll
09/18/2006 01:33 PM 673,088 mlang.dat
11/02/2006 01:46 AM 187,904 mlang.dll
11/02/2006 01:46 AM 146,944 MMDevAPI.dll
11/02/2006 12:32 AM 25,088 mode.com
11/02/2006 01:46 AM 15,360 montr_ci.dll
11/02/2006 12:32 AM 20,992 more.com
02/24/2006 04:54 PM 53,248 mount.exe
11/02/2006 01:45 AM 12,288 mountvol.exe
11/02/2006 01:45 AM 14,336 mpnotify.exe
11/02/2006 01:46 AM 69,120 mpr.dll
11/02/2006 01:46 AM 98,304 mprapi.dll
11/02/2006 01:46 AM 101,888 mprmsg.dll
11/02/2006 01:46 AM 395,264 MPSSVC.dll
11/02/2006 03:31 AM 168,960 mqad.dll
11/02/2006 03:31 AM 112,640 mqcmiplugin.dll
11/02/2006 03:31 AM 122,368 mqmigplugin.dll
11/02/2006 03:31 AM 149,504 mqrt.dll
11/02/2006 03:31 AM 174,592 mqsec.dll
11/02/2006 01:45 AM 11,264 MRINFO.EXE
11/02/2006 01:40 AM 3,072 msafd.dll
11/02/2006 01:46 AM 59,904 msasn1.dll
11/02/2006 01:46 AM 10,240 mscat32.dll
11/02/2006 01:46 AM 391,168 mscms.dll
05/18/2006 07:27 PM 270,848 mscoree.dll
11/02/2006 03:31 AM 8,192 mscpx32r.dLL
11/02/2006 01:46 AM 28,672 mscpxl32.dLL
11/02/2006 01:46 AM 805,888 msctf.dll
11/02/2006 03:31 AM 159,744 msdadiag.dll
11/02/2006 03:31 AM 126,976 msdart.dll
11/02/2006 03:31 AM 8,192 msdatsrc.tlb
11/02/2006 03:31 AM 499,712 msdtcprx.dll
11/02/2006 01:46 AM 564,224 msftedit.dll
01/02/2006 05:34 AM 136,610 msgupwiz.smf
11/02/2006 03:30 AM 45,568 mshta.exe
11/02/2006 03:30 AM 3,580,416 mshtml.dll
11/02/2006 03:30 AM 1,383,424 mshtml.tlb
11/02/2006 03:30 AM 477,696 mshtmled.dll
05/18/2006 07:52 AM 2,038,272 msi.dll
11/02/2006 01:46 AM 15,872 msiltcfg.dll
11/02/2006 01:46 AM 4,608 msimg32.dll
11/02/2006 03:30 AM 31,232 msimtf.dll
11/02/2006 03:31 AM 1,572,864 msjet40.dll
11/02/2006 03:31 AM 167,936 msjint40.dll
11/02/2006 03:31 AM 77,824 msjter40.dll
11/02/2006 03:31 AM 294,912 msjtes40.dll
11/02/2006 01:46 AM 156,160 msls31.dll
11/02/2006 01:46 AM 10,752 msmmsp.dll
11/02/2006 03:31 AM 8,192 msorc32r.dll
11/02/2006 03:31 AM 180,224 msorcl32.dll
11/02/2006 01:46 AM 44,032 msports.dll
11/01/2006 11:18 PM 2,048 msprivs.dll
11/02/2006 03:30 AM 193,024 msrating.dll
11/02/2006 03:31 AM 110,592 msscript.ocx
11/02/2006 01:46 AM 215,552 msshsq.dll
11/02/2006 01:46 AM 38,912 mssign32.dll
11/02/2006 01:46 AM 7,680 mssip32.dll
11/02/2006 01:46 AM 213,504 msv1_0.dll
11/02/2006 01:46 AM 58,368 msvcirt.dll
11/02/2006 01:46 AM 408,576 msvcp60.dll
08/28/2000 08:00 AM 516,173 MSVCP60D.DLL
11/29/2004 07:03 PM 499,712 msvcp71.dll
03/18/2003 01:04 PM 765,952 msvcp71d.dll
06/22/2003 09:12 PM 348,160 msvcr71.dll
03/18/2003 01:03 PM 544,768 msvcr71d.dll
11/02/2006 01:46 AM 681,472 msvcrt.dll
11/02/2006 01:41 AM 61,440 msvcrt40.dll
02/16/2004 08:00 AM 434,252 MSVCRTD.DLL
11/02/2006 03:31 AM 856,064 mswdat10.dll
11/02/2006 01:46 AM 227,328 mswsock.dll
11/02/2006 03:31 AM 622,592 mswstr10.dll
11/02/2006 03:31 AM 1,204,224 msxml3.dll
11/02/2006 03:31 AM 2,048 msxml3r.dll
11/02/2006 03:31 AM 1,337,344 msxml6.dll
11/02/2006 03:31 AM 2,048 msxml6r.dll
11/02/2006 03:31 AM 124,928 mtstocom.exe
11/02/2006 03:31 AM 247,808 mtxclu.dll
11/02/2006 01:46 AM 22,016 mtxdm.dll
05/20/2007 10:52 PM <DIR> MUI
11/02/2006 01:46 AM 15,360 muifontsetup.dll
11/02/2006 01:45 AM 44,544 MuiUnattend.exe
05/20/2007 10:52 PM <DIR> nb-NO
11/02/2006 01:45 AM 15,360 nbtstat.exe
11/02/2006 01:46 AM 68,608 nci.dll
11/02/2006 01:46 AM 48,128 ncobjapi.dll
11/02/2006 01:44 AM 164,864 ncpa.cpl
11/02/2006 01:46 AM 193,024 ncrypt.dll
11/02/2006 01:46 AM 414,208 ncryptui.dll
11/02/2006 01:46 AM 91,648 ncsi.dll
11/02/2006 01:44 AM 49,664 ndptsp.tsp
11/02/2006 01:45 AM 48,128 net.exe
11/02/2006 01:45 AM 168,960 net1.exe
11/02/2006 01:46 AM 425,472 netapi32.dll
11/02/2006 01:45 AM 21,504 netbtugc.exe
11/02/2006 01:45 AM 24,064 netcfg.exe
11/02/2006 01:46 AM 383,488 netcfgx.dll
11/02/2006 01:41 AM 2,048 neth.dll
11/02/2006 01:46 AM 101,888 netiohlp.dll
11/02/2006 01:45 AM 22,016 netiougc.exe
11/02/2006 01:46 AM 559,616 netlogon.dll
11/02/2006 01:41 AM 2,048 netmsg.dll
05/18/2006 07:52 AM 163,328 netplwiz.dll
11/02/2006 01:46 AM 14,848 netrap.dll
11/02/2006 01:45 AM 98,304 netsh.exe
11/02/2006 01:46 AM 3,174,400 netshell.dll
11/02/2006 01:45 AM 27,136 NETSTAT.EXE
05/20/2007 11:04 PM 1,138 Network.dll.LOG
05/20/2007 10:52 PM <DIR> NetworkList
11/02/2006 01:46 AM 180,736 newdev.dll
11/02/2006 01:45 AM 74,752 newdev.exe
05/20/2007 10:52 PM <DIR> nl-NL
11/02/2006 01:46 AM 48,128 nlaapi.dll
11/02/2006 01:46 AM 171,520 nlasvc.dll
11/02/2006 01:46 AM 24,576 Nlsdl.dll
11/02/2006 12:33 AM 2,560 normaliz.dll
09/18/2006 01:47 PM 59,342 normidna.nls
09/18/2006 01:47 PM 45,794 normnfc.nls
09/18/2006 01:47 PM 39,284 normnfd.nls
09/18/2006 01:47 PM 66,384 normnfkc.nls
09/18/2006 01:47 PM 60,294 normnfkd.nls
11/02/2006 01:45 AM 151,040 notepad.exe
11/02/2006 01:46 AM 10,240 nsi.dll
11/02/2006 01:46 AM 18,432 nsisvc.dll
11/02/2006 01:47 AM 1,162,656 ntdll.dll
11/02/2006 01:46 AM 87,552 ntdsapi.dll
11/02/2006 01:51 AM 3,502,184 ntkrnlpa.exe
11/02/2006 01:46 AM 61,440 ntlanman.dll
11/02/2006 01:46 AM 120,832 ntmarta.dll
11/02/2006 01:51 AM 3,467,880 ntoskrnl.exe
11/02/2006 01:46 AM 220,160 ntprint.dll
11/02/2006 01:45 AM 61,440 ntprint.exe
05/18/2006 07:52 AM 656,896 ntshrui.dll
01/23/2006 01:48 AM 35,840 nvcoi.dll
12/08/2005 01:06 AM 1,570 nvide.nvu
01/27/2006 04:04 AM 19,456 nvraidco.dll
01/23/2006 01:48 AM 176,128 nvuide.exe
11/02/2006 03:31 AM 26,224 odbc16gt.dll
11/02/2006 01:46 AM 409,600 odbc32.dll
11/02/2006 03:31 AM 24,576 odbc32gt.dll
11/02/2006 03:31 AM 86,016 odbcad32.exe
11/02/2006 03:31 AM 28,672 odbcbcp.dll
11/02/2006 03:31 AM 40,960 odbcconf.dll
11/02/2006 03:31 AM 32,768 odbcconf.exe
11/02/2006 03:31 AM 4,453 odbcconf.rsp
11/02/2006 01:46 AM 114,688 odbccp32.dll
11/02/2006 03:31 AM 77,824 odbccr32.dll
11/02/2006 03:31 AM 77,824 odbccu32.dll
11/02/2006 01:42 AM 229,376 odbcint.dll
11/02/2006 03:31 AM 24,576 odbcji32.dll
11/02/2006 03:31 AM 315,392 odbcjt32.dll
11/02/2006 01:46 AM 159,744 odbctrac.dll
11/02/2006 03:31 AM 20,480 oddbse32.dll
11/02/2006 03:31 AM 20,480 odexl32.dll
11/02/2006 03:31 AM 20,480 odfox32.dll
11/02/2006 03:31 AM 20,480 odpdx32.dll
11/02/2006 03:31 AM 20,480 odtext32.dll
11/02/2006 01:46 AM 1,314,816 ole32.dll
11/02/2006 01:46 AM 214,016 oleacc.dll
11/01/2006 11:08 PM 2,048 oleaccrc.dll
11/02/2006 01:46 AM 558,080 oleaut32.dll
05/18/2006 07:27 PM 78,848 olecli32.dll
11/02/2006 03:30 AM 101,888 oledlg.dll
11/02/2006 01:46 AM 88,576 olepro32.dll
11/01/2006 11:28 PM 22,528 oleres.dll
09/18/2006 01:43 PM 808 onlinedeploy.cmd
05/20/2007 10:52 PM <DIR> oobe
11/02/2006 01:46 AM 6,656 osuninst.dll
11/14/2006 02:49 AM 29,304 patch.cmd
11/02/2006 01:45 AM 13,312 PATHPING.EXE
11/18/2005 04:09 AM 40,960 PCA_VSS.dll
08/08/2006 11:49 PM 123 pconfig.dcf
05/09/2007 07:12 AM 41,924 perfc001.dat
05/09/2007 07:12 AM 35,770 perfc005.dat
05/09/2007 07:13 AM 37,308 perfc006.dat
05/09/2007 07:14 AM 37,898 perfc007.dat
05/09/2007 07:15 AM 45,032 perfc008.dat
11/02/2006 02:24 AM 908 perfc009.dat
05/09/2007 07:16 AM 41,314 perfc00A.dat
05/09/2007 07:17 AM 37,820 perfc00B.dat
05/09/2007 07:17 AM 38,444 perfc00C.dat
05/09/2007 07:18 AM 32,104 perfc00D.dat
05/09/2007 07:19 AM 37,596 perfc010.dat
05/09/2007 07:20 AM 31,580 perfc011.dat
05/09/2007 07:21 AM 31,580 perfc012.dat
05/09/2007 07:23 AM 42,988 perfc013.dat
05/09/2007 07:22 AM 36,074 perfc014.dat
05/09/2007 07:25 AM 38,496 perfc015.dat
05/09/2007 07:28 AM 39,570 perfc019.dat
05/09/2007 07:29 AM 37,020 perfc01D.dat
05/09/2007 07:31 AM 37,120 perfc01F.dat
05/09/2007 07:12 AM 41,018 perfd001.dat
05/09/2007 07:12 AM 34,724 perfd005.dat
05/09/2007 07:13 AM 36,364 perfd006.dat
05/09/2007 07:13 AM 36,916 perfd007.dat
05/09/2007 07:14 AM 43,928 perfd008.dat
05/09/2007 07:15 AM 40,258 perfd00A.dat
05/09/2007 07:16 AM 36,790 perfd00B.dat
05/09/2007 07:17 AM 37,390 perfd00C.dat
05/09/2007 07:18 AM 31,198 perfd00D.dat
05/09/2007 07:19 AM 36,614 perfd010.dat
05/09/2007 07:20 AM 30,674 perfd011.dat
05/09/2007 07:20 AM 30,674 perfd012.dat
05/09/2007 07:23 AM 41,976 perfd013.dat
05/09/2007 07:21 AM 35,166 perfd014.dat
05/09/2007 07:24 AM 37,468 perfd015.dat
05/09/2007 07:27 AM 38,684 perfd019.dat
05/09/2007 07:28 AM 35,978 perfd01D.dat
05/09/2007 07:30 AM 36,196 perfd01F.dat
05/09/2007 07:12 AM 288,338 perfh001.dat
05/09/2007 07:12 AM 290,554 perfh005.dat
05/09/2007 07:13 AM 303,562 perfh006.dat
05/09/2007 07:14 AM 294,992 perfh007.dat
05/09/2007 07:15 AM 368,928 perfh008.dat
11/02/2006 02:24 AM 3,442 perfh009.dat
05/09/2007 07:16 AM 340,616 perfh00A.dat
05/09/2007 07:17 AM 277,252 perfh00B.dat
05/09/2007 07:17 AM 344,234 perfh00C.dat
05/09/2007 07:18 AM 228,444 perfh00D.dat
05/09/2007 07:19 AM 334,992 perfh010.dat
05/09/2007 07:20 AM 140,742 perfh011.dat
05/09/2007 07:21 AM 157,508 perfh012.dat
05/09/2007 07:23 AM 340,136 perfh013.dat
05/09/2007 07:22 AM 297,512 perfh014.dat
05/09/2007 07:25 AM 336,600 perfh015.dat
05/09/2007 07:28 AM 336,810 perfh019.dat
05/09/2007 07:29 AM 294,000 perfh01D.dat
05/09/2007 07:31 AM 284,608 perfh01F.dat
05/09/2007 07:12 AM 285,290 perfi001.dat
05/09/2007 07:12 AM 286,912 perfi005.dat
05/09/2007 07:13 AM 300,302 perfi006.dat
05/09/2007 07:13 AM 290,748 perfi007.dat
05/09/2007 07:14 AM 364,862 perfi008.dat
05/09/2007 07:15 AM 336,930 perfi00A.dat
05/09/2007 07:16 AM 274,158 perfi00B.dat
05/09/2007 07:17 AM 340,236 perfi00C.dat
05/09/2007 07:18 AM 225,844 perfi00D.dat
05/09/2007 07:19 AM 331,172 perfi010.dat
05/09/2007 07:20 AM 139,030 perfi011.dat
05/09/2007 07:20 AM 155,890 perfi012.dat
05/09/2007 07:23 AM 336,440 perfi013.dat
05/09/2007 07:21 AM 294,254 perfi014.dat
05/09/2007 07:24 AM 332,832 perfi015.dat
05/09/2007 07:27 AM 332,666 perfi019.dat
05/09/2007 07:28 AM 290,490 perfi01D.dat
05/09/2007 07:30 AM 281,380 perfi01F.dat
05/09/2007 07:34 AM 7,032,066 PerfStringBackup.INI
10/26/2004 04:35 PM 20,480 physical memory.exe
11/02/2006 01:45 AM 15,360 PING.EXE
05/20/2007 10:52 PM <DIR> pl-PL
11/02/2006 03:30 AM 44,544 pngfilt.dll
11/02/2006 01:46 AM 1,822,720 pnidui.dll
11/02/2006 01:46 AM 180,736 pnpsetup.dll
11/02/2006 01:46 AM 542,208 pnpui.dll
11/02/2006 01:46 AM 272,896 polstore.dll
11/02/2006 01:45 AM 99,840 poqexec.exe
11/02/2006 01:46 AM 96,768 powrprof.dll
05/09/2007 07:34 AM 31,580 prfc0404.dat
05/09/2007 07:26 AM 38,480 prfc0416.dat
05/09/2007 07:33 AM 31,580 prfc0804.dat
05/09/2007 07:27 AM 40,588 prfc0816.dat
05/09/2007 07:33 AM 30,674 prfd0404.dat
05/09/2007 07:25 AM 37,412 prfd0416.dat
05/09/2007 07:31 AM 30,674 prfd0804.dat
05/09/2007 07:26 AM 39,514 prfd0816.dat
05/09/2007 07:34 AM 117,968 prfh0404.dat
05/09/2007 07:26 AM 322,782 prfh0416.dat
05/09/2007 07:33 AM 111,048 prfh0804.dat
05/09/2007 07:27 AM 336,484 prfh0816.dat
05/09/2007 07:33 AM 116,540 prfi0404.dat
05/09/2007 07:25 AM 318,818 prfi0416.dat
05/09/2007 07:31 AM 109,926 prfi0804.dat
05/09/2007 07:26 AM 332,682 prfi0816.dat
11/02/2006 01:45 AM 13,824 print.exe
11/02/2006 01:46 AM 858,112 printui.dll
11/02/2006 01:46 AM 7,680 procinst.dll
11/02/2006 01:46 AM 152,576 profsvc.dll
11/02/2006 01:46 AM 733,696 propsys.dll
11/02/2006 01:46 AM 12,288 psapi.dll
11/02/2006 01:49 AM 24,168 PSHED.DLL
05/20/2007 10:52 PM <DIR> pt-BR
05/20/2007 10:52 PM <DIR> pt-PT
05/18/2006 07:52 AM 160,256 puiapi.dll
05/18/2006 07:52 AM 1,378,816 Query.dll
11/02/2006 01:46 AM 78,848 QUTIL.DLL
05/20/2007 10:52 PM <DIR> ras
11/02/2006 01:46 AM 10,240 rasadhlp.dll
11/02/2006 01:46 AM 280,064 rasapi32.dll
11/02/2006 01:46 AM 90,624 rasauto.dll
11/02/2006 01:45 AM 16,896 rasautou.exe
11/02/2006 01:46 AM 77,824 rascfg.dll
11/02/2006 01:46 AM 274,432 raschap.dll
09/18/2006 01:41 PM 1,818 rasctrnm.h
11/02/2006 01:46 AM 15,360 rasctrs.dll
11/02/2006 01:46 AM 52,736 rasdiag.dll
11/02/2006 01:46 AM 824,832 rasdlg.dll
11/02/2006 01:46 AM 70,656 rasman.dll
11/02/2006 01:46 AM 234,496 rasmans.dll
11/02/2006 01:46 AM 255,488 rasmontr.dll
11/02/2006 01:46 AM 32,768 rasmxs.dll
11/02/2006 01:46 AM 254,976 rasppp.dll
11/02/2006 01:46 AM 22,016 rasser.dll
11/02/2006 01:46 AM 67,072 rastapi.dll
11/02/2006 01:46 AM 232,960 rastls.dll
02/08/2006 02:43 AM 450,560 RecDev.dll
11/02/2006 01:45 AM 11,776 recover.exe
09/04/2006 06:50 PM 184,113 Recovery.smf
11/02/2006 01:45 AM 60,928 reg.exe
11/02/2006 01:46 AM 66,560 regapi.dll
11/02/2006 01:45 AM 9,216 regedt32.exe
11/02/2006 01:45 AM 14,336 regsvr32.exe
05/20/2007 10:52 PM <DIR> RemInst
11/02/2006 01:45 AM 16,896 replace.exe
05/20/2007 11:03 PM <DIR> res256
09/06/2006 04:55 AM 199,836 RESTCD.LOG
05/12/2006 04:33 AM 679,936 RestoExplo.exe
06/01/2006 10:10 AM 270 RestoExplo.log
05/20/2007 10:52 PM <DIR> restore
12/21/2006 09:20 PM 3,166,208 Restore.exe
05/20/2007 11:07 PM 135,444 Restore.exe.LOG
11/07/2006 01:43 AM 7,402 RESTORE.INI
05/10/2007 12:54 AM 130,308 RESTORE.LGG
09/22/2006 09:44 PM 225,538 RESTORE.LOG
11/07/2006 01:43 AM 7,874 RESTORE.PGA
10/17/2006 11:22 PM 15,926 restore.res
10/12/2006 01:31 AM 85,000 RESTORE.RSC
01/09/2007 06:22 PM 14,816 restore.sts
11/07/2006 01:44 AM 7,846 RESTORE.SV8
11/07/2006 01:45 AM 7,786 RESTORE.SVG
11/07/2006 01:45 AM 7,000 RESTORE.VG8
11/07/2006 01:45 AM 7,060 RESTORE.VGA
11/07/2006 01:46 AM 7,860 RESTORE.XGA
02/18/2007 06:17 PM 831,488 Restore7.exe
12/17/2012 05:48 AM 204 RESTORE7.EXE.LOG
09/13/2006 05:36 PM 942,080 RestoreST.exe
09/13/2006 06:57 PM 27,594 RestoreST.lgg
09/04/2006 12:27 AM 191,932 RestoreST.smf
09/04/2006 12:27 AM 191,932 RestoreST_OEM1.smf
11/02/2006 01:46 AM 66,048 resutils.dll
11/02/2006 01:46 AM 467,456 riched20.dll
11/02/2006 01:46 AM 8,192 riched32.dll
11/02/2006 01:43 AM 2,560 rnr20.dll
05/20/2007 10:52 PM <DIR> ro-RO
11/02/2006 01:45 AM 87,040 Robocopy.exe
11/02/2006 01:45 AM 17,920 ROUTE.EXE
05/18/2006 05:52 PM 11,264 ROUTETAB.DLL
05/18/2006 07:52 AM 119,808 rpchttp.dll
11/02/2006 01:46 AM 789,504 rpcrt4.dll
11/02/2006 01:46 AM 545,792 rpcss.dll
11/02/2006 01:47 AM 228,968 rsaenh.dll
11/02/2006 03:31 AM 313,856 rstrui.exe
11/02/2006 01:46 AM 36,352 rtutils.dll
05/20/2007 10:52 PM <DIR> ru-RU
11/02/2006 01:45 AM 44,544 rundll32.exe
11/02/2006 01:45 AM 30,208 sacsess.exe
11/02/2006 01:46 AM 14,848 sacsvr.dll
11/02/2006 01:46 AM 56,320 samlib.dll
11/02/2006 01:46 AM 474,624 samsrv.dll
11/02/2006 01:46 AM 176,640 scecli.dll
11/02/2006 01:46 AM 305,664 scesrv.dll
11/02/2006 01:46 AM 269,312 schannel.dll
11/02/2006 01:20 AM 77,824 schema.dat
11/02/2006 03:31 AM 163,840 scrobj.dll
11/02/2006 03:31 AM 155,648 scrrun.dll
11/02/2006 01:46 AM 32,768 sdhcinst.dll
11/02/2006 01:46 AM 72,704 secur32.dll
11/02/2006 01:46 AM 8,704 SensApi.dll
11/02/2006 01:45 AM 279,552 services.exe
11/02/2006 01:46 AM 43,008 setbcdlocale.dll
05/20/2007 10:52 PM <DIR> setup
11/02/2006 01:46 AM 1,584,128 setupapi.dll
11/02/2006 01:46 AM 4,608 sfc.dll
11/02/2006 01:45 AM 15,872 sfc.exe
11/02/2006 01:46 AM 38,400 sfc_os.dll
05/18/2006 07:52 AM 1,801,216 shdocvw.dll
11/02/2006 01:46 AM 11,314,688 shell32.dll
11/02/2006 01:46 AM 7,168 shfolder.dll
11/02/2006 01:46 AM 339,968 shlwapi.dll
11/02/2006 01:46 AM 101,888 shrink.dll
04/30/2004 12:33 AM 45,056 ShutDown.dll
11/02/2006 03:31 AM 12,288 simpdata.tlb
05/20/2007 10:52 PM <DIR> sk-SK
09/04/2006 06:50 PM 184,113 skin.smf
05/20/2007 10:52 PM <DIR> sl-SI
11/02/2006 01:46 AM 221,184 SLC.dll
05/20/2007 10:52 PM <DIR> SMI
11/02/2006 01:46 AM 700,416 SmiEngine.dll
11/02/2006 01:45 AM 62,976 smss.exe
11/02/2006 01:46 AM 22,528 snmpapi.dll
02/19/2003 01:20 AM 143,360 SoftCore.dll
11/02/2006 01:46 AM 9,216 softpub.dll
11/02/2006 03:31 AM 138,240 spp.dll
11/02/2006 03:31 AM 520,192 sqlsrv32.dll
11/02/2006 03:31 AM 106,496 sqlsrv32.rll
11/02/2006 03:31 AM 180,800 sqlunirl.dll
11/02/2006 03:31 AM 24,603 sqlwid.dll
11/02/2006 03:31 AM 49,179 sqlwoa.dll
05/20/2007 10:52 PM <DIR> sr-Latn-CS
11/02/2006 03:31 AM 40,960 srclient.dll
11/02/2006 03:31 AM 371,712 srcore.dll
11/02/2006 03:31 AM 16,384 srdelayed.exe
09/18/2006 01:45 PM 9 startnet.cmd
12/13/2006 08:19 PM 217,088 STCasperM.dll
11/02/2006 03:31 AM 63,488 stclient.dll
08/22/2006 07:39 PM 122,880 STCrypto.dll
01/07/2007 10:59 AM 172,032 STDisks.dll
11/01/2006 11:29 PM 16,896 stdole2.tlb
09/18/2006 01:37 PM 7,168 stdole32.tlb
09/17/2006 05:37 PM 118,784 STFiles.dll
12/17/2012 12:13 AM 4,066 STFramework.log
07/19/2006 11:48 PM 143,360 STGuiDll.dll
12/21/2006 07:29 AM 241,664 STImageM.dll
09/07/2006 12:30 AM 96,256 STNLS.dll
09/13/2006 06:42 PM 77,824 STODD.dll
11/02/2006 01:46 AM 47,616 Storprop.dll
09/07/2006 12:30 AM 21,504 STPE.dll
11/02/2006 01:49 AM 22,632 streamci.dll
02/18/2007 06:16 PM 397,312 STRecovery.dll
09/07/2006 12:30 AM 53,248 STRegistry.dll
09/07/2006 12:30 AM 81,920 STString.dll
09/07/2006 12:30 AM 114,688 STStringArray.dll
12/14/2006 03:02 AM 77,824 STSystems.dll
11/29/2006 04:09 PM 90,112 STVdsDisks.dll
12/05/2006 12:09 PM 32,768 STVssM.dll
11/14/2006 11:55 PM 40,960 STVssM2003.dll
11/14/2006 08:52 PM 69,632 STVssMVista.dll
11/14/2006 11:56 PM 40,960 STVssMXP.dll
11/14/2006 11:57 PM 40,960 STVssMXP64.dll
11/22/2006 07:15 PM 122,880 STWimM.dll
09/07/2006 12:30 AM 51,200 STWiz.dll
09/08/2006 01:01 AM 98,304 STXMLSystem.dll
08/07/2006 01:54 AM 42 ST_AUTOFAILOVER.CMD
08/08/2006 01:31 AM 20 ST_LOG.ini
12/17/2012 05:48 AM 0 ST_LOG.LOG
08/28/2006 07:34 PM 49,152 ST_LogDll.dll
11/02/2006 01:45 AM 13,824 subst.exe
05/20/2007 10:52 PM <DIR> sv-SE
11/02/2006 01:45 AM 22,016 svchost.exe
08/26/2001 08:59 PM 49,152 SVG.DLL
04/04/2002 03:46 PM 49,152 SwapPart.dll
11/02/2006 01:46 AM 292,864 swprv.dll
11/02/2006 03:31 AM 28,160 sxproxy.dll
11/02/2006 01:46 AM 377,344 sxs.dll
11/02/2006 01:45 AM 26,624 sxstrace.exe
11/02/2006 01:46 AM 103,424 sysclass.dll
11/02/2006 01:46 AM 15,360 sysntfy.dll
05/20/2007 10:52 PM <DIR> sysprep
11/02/2006 01:46 AM 105,472 syssetup.dll
11/02/2006 01:46 AM 191,488 tapi32.dll
11/02/2006 01:45 AM 163,840 taskmgr.exe
11/02/2006 01:46 AM 11,264 tbs.dll
11/02/2006 01:46 AM 54,784 tbssvc.dll
11/02/2006 01:46 AM 167,424 tcpipcfg.dll
11/02/2006 03:31 AM 28,160 tcpmib.dll
11/02/2006 01:45 AM 9,728 TCPSVCS.EXE
05/20/2007 10:52 PM <DIR> th-TH
10/02/2006 01:22 AM 5,632 Thumbs.db
11/02/2006 03:30 AM 1,988 ticrf.rat
05/20/2007 10:52 PM <DIR> tr-TR
11/02/2006 01:45 AM 12,288 TRACERT.EXE
11/02/2006 12:32 AM 16,384 tree.com
11/02/2006 01:02 AM 14,336 tsddd.dll
11/01/2006 10:58 PM 2,048 tzres.dll
11/02/2006 01:45 AM 45,568 ucsvc.exe
11/02/2006 01:46 AM 35,840 uexfat.dll
11/02/2006 01:46 AM 92,672 ufat.dll
05/20/2007 10:52 PM <DIR> uk-UA
11/02/2006 01:46 AM 99,328 ulib.dll
11/02/2006 01:46 AM 221,184 umpnpmgr.dll
11/02/2006 01:46 AM 200,704 unattend.dll
11/02/2006 01:46 AM 321,536 untfs.dll
01/02/2006 05:35 AM 265,941 Upgrade.smf
11/02/2006 01:46 AM 23,040 ureg.dll
05/18/2006 07:27 PM 40,448 url.dll
11/02/2006 01:46 AM 1,149,952 urlmon.dll
11/02/2006 01:46 AM 633,856 user32.dll
11/02/2006 01:46 AM 107,008 userenv.dll
11/02/2006 01:45 AM 24,576 userinit.exe
11/02/2006 01:46 AM 502,784 usp10.dll
11/02/2006 01:46 AM 29,696 utildll.dll
11/02/2006 01:46 AM 130,048 uudf.dll
11/02/2006 01:46 AM 240,640 uxtheme.dll
11/02/2006 03:31 AM 413,696 vbscript.dll
08/08/2006 11:49 PM 759,200 Vcd.dta
11/02/2006 01:46 AM 17,408 vdmdbg.dll
11/02/2006 01:45 AM 392,704 vds.exe
11/02/2006 01:46 AM 168,448 vdsbas.dll
11/02/2006 01:46 AM 488,448 vdsdyn.dll
11/02/2006 01:45 AM 24,576 vdsldr.exe
11/02/2006 01:46 AM 114,688 vdsutil.dll
11/02/2006 01:46 AM 36,864 vds_ps.dll
06/21/2006 10:17 PM 69,632 VDVSS64.dll
11/02/2006 01:46 AM 157,696 verifier.dll
11/02/2006 01:45 AM 112,640 verifier.exe
11/02/2006 01:46 AM 20,480 version.dll
12/08/2005 03:52 AM 70 version.ini
05/09/2007 07:50 AM 20,535 vfpodbc.dll
11/02/2006 12:53 AM 10,752 vga.dll
11/02/2006 12:54 AM 56,320 vga256.dll
11/02/2006 12:53 AM 21,504 vga64k.dll
06/21/2006 10:17 PM 163,840 virtdisk.dll
06/21/2006 10:17 PM 196,608 virtdisk.exe
06/21/2006 10:17 PM 57,344 virtdisk.sys
06/21/2006 10:17 PM 67,072 virtdk64.sys
11/02/2006 01:46 AM 994,816 vssapi.dll
11/02/2006 01:46 AM 73,728 vsstrace.dll
11/02/2006 03:31 AM 924,160 VSSVC.exe
11/02/2006 01:46 AM 25,088 vss_ps.dll
11/02/2006 01:46 AM 270,848 w32time.dll
11/02/2006 01:46 AM 26,624 w32topl.dll
10/02/2006 01:24 AM 6,246 Warning.bmp
11/02/2006 01:45 AM 183,296 wbadmin.exe
05/20/2007 10:53 PM <DIR> wbem
11/02/2006 01:45 AM 562,176 wbengine.exe
11/02/2006 01:46 AM 32,256 WcsPlugInService.dll
11/02/2006 01:46 AM 168,448 wdigest.dll
11/02/2006 01:45 AM 436,736 wdscapture.exe
09/18/2006 01:45 PM 374 wdscapture.inf
11/02/2006 01:46 AM 218,112 wdscore.dll
11/02/2006 01:46 AM 348,672 WdsImage.dll
11/02/2006 03:31 AM 889,856 wer.dll
11/02/2006 03:31 AM 31,232 werdiagcontroller.dll
11/02/2006 03:31 AM 216,064 WerFault.exe
11/02/2006 03:31 AM 856,576 WerFaultSecure.exe
11/02/2006 03:31 AM 61,952 wermgr.exe
11/02/2006 01:46 AM 244,736 wevtapi.dll
11/02/2006 01:46 AM 989,696 wevtsvc.dll
11/02/2006 01:45 AM 160,256 wevtutil.exe
11/02/2006 01:46 AM 16,896 wfapigp.dll
05/20/2007 10:53 PM <DIR> wfp
11/02/2006 12:58 AM 115,173 WFP.TMF
11/01/2006 09:34 AM 318,464 wimgapi.dll
11/02/2006 12:39 AM 2,026,496 win32k.sys
11/02/2006 01:46 AM 869,376 winbrand.dll
05/20/2007 10:53 PM <DIR> winevt
11/02/2006 01:46 AM 376,832 winhttp.dll
11/02/2006 01:46 AM 822,272 wininet.dll
11/02/2006 01:45 AM 95,744 wininit.exe
11/02/2006 01:46 AM 61,440 winipsec.dll
11/02/2006 01:45 AM 308,224 winlogon.exe
11/02/2006 01:46 AM 193,024 winmm.dll
11/02/2006 01:46 AM 15,360 winnsi.dll
02/17/2005 01:05 AM 1,440,056 winpe.bmp
11/02/2006 01:45 AM 17,408 winpeshl.exe
09/01/2006 01:59 AM 60 WINPESHL.INI
12/17/2012 05:46 AM 0 Winrelauncher.exe.LOG
11/02/2006 01:46 AM 115,200 WinSCard.dll
11/02/2006 01:46 AM 48,640 winsockhc.dll
11/02/2006 01:44 AM 255,488 winspool.drv
11/02/2006 01:46 AM 374,784 winsrv.dll
11/02/2006 01:46 AM 134,656 winsta.dll
11/02/2006 01:46 AM 171,520 wintrust.dll
11/02/2006 01:46 AM 156,160 wkssvc.dll
11/02/2006 01:46 AM 8,192 wlanutil.dll
11/02/2006 01:46 AM 288,768 Wldap32.dll
11/02/2006 01:45 AM 34,304 wlrmdr.exe
11/02/2006 01:44 AM 5,120 wmi.dll
11/02/2006 01:46 AM 337,920 wmicmiplugin.dll
11/02/2006 03:31 AM 62,599 WmiMgmt.msc
11/02/2006 01:46 AM 22,528 wmiprop.dll
11/02/2006 01:46 AM 10,752 wmsgapi.dll
02/13/2006 01:35 AM 77,824 wnaspi32.dll
06/11/2003 02:00 PM 39,424 WNASPINT.DLL
11/02/2006 01:46 AM 613,888 wpd_ci.dll
11/02/2006 01:46 AM 23,040 wpeinit.exe
11/02/2006 01:46 AM 66,048 wpeutil.dll
11/02/2006 01:46 AM 9,216 wpeutil.exe
12/06/2005 07:12 AM 569 Writer.ini
11/02/2006 01:44 AM 4,608 ws2help.dll
11/02/2006 01:46 AM 178,688 ws2_32.dll
11/02/2006 03:31 AM 135,168 wscript.exe
11/02/2006 03:31 AM 36,864 wshcon.dll
11/02/2006 01:46 AM 14,336 wshelper.dll
11/02/2006 01:46 AM 10,752 wship6.dll
11/02/2006 01:46 AM 11,264 wshnetbs.dll
11/02/2006 03:31 AM 114,688 wshom.ocx
11/02/2006 01:46 AM 11,264 WSHTCPIP.DLL
11/02/2006 01:46 AM 14,848 wsock32.dll
11/02/2006 01:46 AM 24,064 wtsapi32.dll
11/02/2006 01:46 AM 502,784 wuapi.dll
11/02/2006 01:46 AM 76,800 wudriver.dll
11/02/2006 01:46 AM 22,016 wups.dll
11/02/2006 01:46 AM 36,352 xcopy.exe
11/02/2006 01:46 AM 126,976 xmllite.dll
01/25/2006 08:55 AM 184,832 xmlrw.dll
11/02/2006 03:31 AM 30,208 xolehlp.dll
05/20/2007 10:53 PM <DIR> zh-CN
05/20/2007 10:53 PM <DIR> zh-HK
05/20/2007 10:53 PM <DIR> zh-TW
06/21/2006 10:17 PM 59,904 zlib1.dll
1096 File(s) 220,375,504 bytes
89 Dir(s) 29,942,444,032 bytes free

========= End of CMD: =========


==== End of Fixlog ====

#14 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 30 December 2012 - 06:36 PM

Farbar Recovery Scan Tool (x86) Version: 11-12-2012
Ran by SYSTEM at 2012-12-30 18:28:27
Running from J:\

================== Search: "winload.exe" ===================

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94\winload.exe
[2009-09-16 13:57] - [2009-04-10 22:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
[2008-04-08 12:49] - [2008-02-28 23:02] - 0988216 ____A (Microsoft Corporation) B014C9768E1A7E12D7F1EA8B4294EE7E

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
[2008-04-08 12:49] - [2008-02-28 23:11] - 0988216 ____A (Microsoft Corporation) BB82A604FCC5A930696962A27F1C9760

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048\winload.exe
[2008-06-17 21:49] - [2008-01-18 23:44] - 0986680 ____A (Microsoft Corporation) 8C5CF5E594B696DEC0B6BC791EB0371A

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
[2008-04-08 12:48] - [2008-02-14 15:13] - 0944696 ____A (Microsoft Corporation) 651D59AE69715F62D7D7D9F4746B1195

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
[2008-04-08 12:48] - [2008-02-14 15:19] - 0944184 ____A (Microsoft Corporation) 2FE80A1F41E18B07FC00C94EC316E164

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6002.18005_none_6b24103689ec6965\winload.exe
[2009-09-16 13:57] - [2009-04-10 22:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
[2008-04-08 12:49] - [2008-02-28 23:02] - 0988216 ____A (Microsoft Corporation) B014C9768E1A7E12D7F1EA8B4294EE7E

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
[2008-04-08 12:49] - [2008-02-28 23:11] - 0988216 ____A (Microsoft Corporation) BB82A604FCC5A930696962A27F1C9760

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18000_none_6938972a8cca9e19\winload.exe
[2008-06-17 21:49] - [2008-01-18 23:44] - 0986680 ____A (Microsoft Corporation) 8C5CF5E594B696DEC0B6BC791EB0371A

C:\BACKUP\12-12-17 0549AM\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6000.16386_none_6701d52e8fdf8d45\winload.exe
[2006-11-02 00:30] - [2006-11-02 01:52] - 0940648 ____A (Microsoft Corporation) 00D439AB54A9FEB59F94B15C03FF4277

C:\BACKUP\12-12-17 0549AM\Windows\System32\winload.exe
[2009-09-16 13:57] - [2009-04-10 22:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\BACKUP\12-12-17 0549AM\Windows\System32\Boot\winload.exe
[2009-09-16 13:57] - [2009-04-10 22:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

=== End Of Search ===

#15 bflora

bflora
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 30 December 2012 - 06:42 PM

looks like a lot of information

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 19 days old)
Ran by SYSTEM at 30-12-2012 18:40:47
Running from J:\
(X86) OS Language: English(US)
Attention: Could not load system hive.The operation completed successfully.

==================== Registry (Whitelisted) ===================

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-30 11:33 - 2012-12-30 13:47 - 00024576 ____A C:\bcdbackup
2012-12-30 11:33 - 2012-12-30 13:47 - 00021504 ___AH C:\bcdbackup.LOG
2012-12-25 09:50 - 2012-12-30 18:40 - 00000000 ____D C:\FRST
2012-12-23 07:17 - 2012-12-17 12:20 - 01461033 ____A (Farbar) C:\Users\Public\Documents\FRST64.exe
2012-12-23 07:16 - 2012-12-23 07:16 - 00000000 ____D C:\Users\Public\Documents\farbar 64 bit
2012-12-23 07:16 - 2012-12-17 12:19 - 00907992 ____A (Farbar) C:\Users\Public\Documents\FRST.exe
2012-12-17 05:54 - 2012-12-17 05:54 - 00000010 ____A C:\MOVE_RECOVERY
2012-12-17 05:49 - 2012-12-17 05:49 - 00000000 ____D C:\BACKUP

==================== One Month Modified Files and Folders ========

2012-12-30 18:40 - 2012-12-25 09:50 - 00000000 ____D C:\FRST
2012-12-30 13:47 - 2012-12-30 11:33 - 00024576 ____A C:\bcdbackup
2012-12-30 13:47 - 2012-12-30 11:33 - 00021504 ___AH C:\bcdbackup.LOG
2012-12-25 09:51 - 2006-11-02 05:03 - 00000000 ____D C:\users\Administrator
2012-12-25 09:51 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2012-12-23 08:46 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2012-12-23 07:16 - 2012-12-23 07:16 - 00000000 ____D C:\Users\Public\Documents\farbar 64 bit
2012-12-17 12:20 - 2012-12-23 07:17 - 01461033 ____A (Farbar) C:\Users\Public\Documents\FRST64.exe
2012-12-17 12:19 - 2012-12-23 07:16 - 00907992 ____A (Farbar) C:\Users\Public\Documents\FRST.exe
2012-12-17 06:14 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2012-12-17 06:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2012-12-17 06:14 - 2006-06-11 16:01 - 00000000 ____D C:\Windows\OPTIONS
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar
2012-12-17 06:13 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\MSN
2012-12-17 06:13 - 2006-06-11 16:01 - 00000000 ____D C:\Program Files\SIFXINST
2012-12-17 06:11 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker
2012-12-17 06:11 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2012-12-17 06:11 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\Services
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\WindowsMobile
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\winrm
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\WCN
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\slmgr
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-12-17 06:09 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\Branding
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\Performance
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Users\Public\Recorded TV
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\MSBuild
2012-12-17 06:09 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Microsoft Games
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Web
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\winevt
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Speech
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SMI
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\RemInst
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\networklist
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\MUI
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\licensing
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\IME
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\com
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Speech
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\security
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\schemas
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Resources
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Registration
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Provisioning
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\PLA
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\nap
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Branding
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Windows NT
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-12-17 06:09 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-12-17 06:09 - 2006-06-11 16:36 - 00000000 ____D C:\Windows\Panther
2012-12-17 06:09 - 2006-06-11 16:01 - 00000000 ____D C:\Program Files\Common Files\New Boundary
2012-12-17 05:54 - 2012-12-17 05:54 - 00000010 ____A C:\MOVE_RECOVERY
2012-12-17 05:49 - 2012-12-17 05:49 - 00000000 ____D C:\BACKUP


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================

Restore point made on: 2012-12-23 07:20:05
Restore point made on: 2012-12-24 14:52:51
Restore point made on: 2012-12-25 05:06:16

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3069.88 MB
Available physical RAM: 2601.68 MB
Total Pagefile: 2852.93 MB
Available Pagefile: 2651.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.94 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:432.05 GB) (Free:275.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:33.71 GB) (Free:27.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (CD_ROM) (CDROM) (Total:2.53 GB) (Free:0 GB) CDFS
8 Drive j: (KINGSTON) (Removable) (Total:14.53 GB) (Free:13.86 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 34 GB 32 KB
Partition 2 Primary 432 GB 34 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 34 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 432 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 4032 KB

=========================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 J KINGSTON FAT32 Removable 15 GB Healthy

=========================================================
==================== End Of Log ============================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users