رجاء المساعدة

salmasalma · 24 سبتمبر 2008

السلام عليكم
واجهتني مشكلة عويصة في الحاسوب
فقمت باستخدام
combofix
وحصلت على التقرير التالي
رجاءالمساعدة
فالكمبيوتر يعيد التشغبل حيث تظهر رسالة زرقاء تقول
***Stop 0x000000D1 (0x45eb5b4b, 0x00000002, 0x00000001, 0xf858e6b9) inspect.sys- address F858E6B9 base at F8587000, Datestamp 45bc9145. (0.21 seconds)

رجاء اخبروني ماذا افعل فانا امية في الحاسوب ولا اعرف كيفية التعاطي مع هذه المشاكل
اعمل فقط على الوورد لأني استاذة جامهية ادرس علم الاجتماع ولا معرفة لي بالتكنولوجيا
جزاكم خيرا

د.سلمى

ComboFix 08-09-22.06 - PC 2008-09-24 13:01:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.963.1033.18.669 [GMT 2:00]
Running from: C:\Documents and Settings\PC\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\blphc1dwj0e3f3.scr
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\lphc1dwj0e3f3.exe
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-24 11:21 . 2008-09-24 11:22 <DIR> d-------- C:\Documents and Settings\PC\Application Data\RegistrySmart
2008-09-24 00:31 . 2008-09-24 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-24 00:21 . 2008-09-24 00:26 <DIR> d-------- C:\Program Files\Intelinet
2008-09-23 22:30 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-23 22:29 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-09-23 22:28 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-23 22:27 . 2008-04-13 20:31 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-23 22:26 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-23 22:25 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-23 22:24 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-23 22:23 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-23 22:22 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-23 22:21 . 2008-04-13 21:24 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-23 22:21 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-09-23 03:00 . 2008-08-26 15:44 2,577 --a------ C:\WINDOWS\system32\config.bak
2008-09-23 03:00 . 2004-08-04 13:00 1,688 --a------ C:\WINDOWS\system32\autoexec.bak
2008-09-23 02:35 . 2008-09-23 02:35 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Avira
2008-09-20 09:54 . 2008-09-20 09:54 268 --ah----- C:\sqmdata11.sqm
2008-09-20 09:54 . 2008-09-20 09:54 244 --ah----- C:\sqmnoopt11.sqm
2008-09-20 01:03 . 2008-09-20 01:03 268 --ah----- C:\sqmdata10.sqm
2008-09-20 01:03 . 2008-09-20 01:03 244 --ah----- C:\sqmnoopt10.sqm
2008-09-19 08:23 . 2008-09-19 08:23 268 --ah----- C:\sqmdata09.sqm
2008-09-19 08:23 . 2008-09-19 08:23 244 --ah----- C:\sqmnoopt09.sqm
2008-09-19 00:50 . 2008-09-19 00:50 268 --ah----- C:\sqmdata08.sqm
2008-09-19 00:50 . 2008-09-19 00:50 244 --ah----- C:\sqmnoopt08.sqm
2008-09-17 20:58 . 2008-09-17 20:58 244 --ah----- C:\sqmnoopt07.sqm
2008-09-17 20:58 . 2008-09-17 20:58 232 --ah----- C:\sqmdata07.sqm
2008-09-16 23:23 . 2008-09-23 01:26 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-13 18:44 . 2008-09-13 18:44 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-09-13 18:44 . 2008-09-13 18:45 <DIR> d-------- C:\Program Files\PDFCreator
2008-09-13 18:44 . 2008-09-13 18:44 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8468.exe
2008-09-13 18:44 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-09-13 18:44 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-09-13 18:44 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-09-13 18:44 . 2008-09-13 18:44 14,290 --a------ C:\Program Files\settings.dat
2008-09-07 08:48 . 2008-09-19 08:25 1,555 --a------ C:\WINDOWS\ata live update.ini
2008-09-06 11:28 . 2008-09-13 19:46 <DIR> d-------- C:\Program Files\Google
2008-09-06 11:28 . 2008-09-23 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-03 19:58 . 2008-09-03 19:58 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-03 18:41 . 2008-09-23 23:40 <DIR> d-------- C:\Program Files\Security Task Manager
2008-09-03 18:41 . 2008-09-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-09-03 17:08 . 2008-09-03 17:08 <DIR> d-------- C:\Program Files\Avira
2008-09-03 14:47 . 2008-09-03 14:47 <DIR> d-------- C:\Program Files\Ace Utilities
2008-09-03 14:19 . 2005-10-31 20:50 49,152 --a------ C:\WINDOWS\wipe.dll
2008-09-03 14:15 . 2005-10-31 20:50 49,152 --a------ C:\Program Files\wipe.dll
2008-09-03 14:03 . 2008-09-03 14:03 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Uniblue
2008-09-03 13:57 . 2008-09-04 10:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-03 13:00 . 2008-09-03 13:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-03 13:00 . 2008-09-03 13:00 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-03 13:00 . 2008-09-03 13:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-03 12:57 . 2008-09-03 13:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 12:53 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-03 12:42 . 2008-04-14 02:12 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-09-03 12:41 . 2008-04-14 02:11 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-09-03 12:13 . 2008-06-23 18:01 6,068,736 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-03 12:13 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-03 12:13 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-03 12:13 . 2008-06-23 18:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-03 12:13 . 2008-06-23 18:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-03 12:13 . 2008-06-23 18:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-03 12:13 . 2008-06-23 18:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-03 12:13 . 2008-06-23 18:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-03 12:13 . 2008-06-23 10:23 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-03 11:53 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-02 08:35 . 2008-09-02 08:35 <DIR> d-------- C:\Program Files\FirstClass
2008-09-02 08:35 . 2008-09-02 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-09-02 08:35 . 2001-05-03 10:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-09-02 08:35 . 1996-02-26 22:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-08-28 06:04 . 2008-08-28 06:05 <DIR> d-------- C:\Program Files\Mawarith
2008-08-28 05:55 . 2008-08-28 05:55 268 --ah----- C:\sqmdata06.sqm
2008-08-28 05:55 . 2008-08-28 05:55 244 --ah----- C:\sqmnoopt06.sqm
2008-08-27 17:40 . 2008-08-28 08:11 13,030 --a------ C:\PDOXUSRS.NET
2008-08-27 17:39 . 2008-08-27 17:39 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-08-27 17:38 . 2008-08-27 17:39 <DIR> d-------- C:\Program Files\Lower Notpad
2008-08-27 17:38 . 2008-08-27 17:38 <DIR> d-------- C:\Documents and Settings\PC\Application Data\COWON
2008-08-27 17:37 . 2008-08-27 17:37 <DIR> d-------- C:\Program Files\AlShamel
2008-08-27 17:36 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-27 17:36 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-27 17:36 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-27 17:36 . 2008-04-13 20:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-27 14:57 . 2008-08-27 14:57 268 --ah----- C:\sqmdata05.sqm
2008-08-27 14:57 . 2008-08-27 14:57 244 --ah----- C:\sqmnoopt05.sqm
2008-08-27 14:54 . 2008-08-27 14:54 268 --ah----- C:\sqmdata04.sqm
2008-08-27 14:54 . 2008-08-27 14:54 244 --ah----- C:\sqmnoopt04.sqm
2008-08-27 14:48 . 2008-08-27 14:48 268 --ah----- C:\sqmdata03.sqm
2008-08-27 14:48 . 2008-08-27 14:48 244 --ah----- C:\sqmnoopt03.sqm
2008-08-27 14:44 . 2008-09-24 12:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 14:37 . 2008-09-03 10:36 <DIR> d-------- C:\Program Files\AvaFind
2008-08-27 14:37 . 2008-09-23 19:04 <DIR> d-------- C:\Documents and Settings\PC\Application Data\AvaFind Data
2008-08-27 10:38 . 2008-08-27 10:38 268 --ah----- C:\sqmdata02.sqm
2008-08-27 10:38 . 2008-08-27 10:38 244 --ah----- C:\sqmnoopt02.sqm
2008-08-26 20:03 . 2008-08-26 20:03 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Nero
2008-08-26 20:03 . 2008-08-26 20:03 268 --ah----- C:\sqmdata01.sqm
2008-08-26 20:03 . 2008-08-26 20:03 244 --ah----- C:\sqmnoopt01.sqm
2008-08-26 20:02 . 2008-08-26 20:02 <DIR> d-------- C:\Program Files\Nero
2008-08-26 20:02 . 2008-08-26 20:02 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-26 20:02 . 2008-08-26 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-26 20:02 . 2006-03-17 10:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-08-26 20:02 . 2006-03-17 10:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-08-26 20:02 . 2006-03-17 10:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-08-26 20:02 . 2006-03-17 13:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-08-26 20:02 . 2006-03-17 10:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-08-26 19:59 . 2008-08-26 19:59 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-26 19:42 . 2008-08-26 19:42 268 --ah----- C:\sqmdata00.sqm
2008-08-26 19:42 . 2008-08-26 19:42 244 --ah----- C:\sqmnoopt00.sqm
2008-08-26 19:25 . 2008-09-03 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-26 19:06 . 2008-08-26 19:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-26 19:06 . 2008-08-26 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:13 . 2007-06-19 15:26 126,976 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-26 16:10 . 2008-08-26 16:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-26 16:10 . 2007-03-01 11:47 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-08-26 16:10 . 2007-03-01 11:47 2,209,408 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2008-08-26 16:10 . 2007-03-01 11:47 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-08-26 16:07 . 2007-02-14 13:20 530,861 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-08-26 16:07 . 2007-02-14 13:20 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-08-26 16:07 . 2007-02-14 13:21 67,960 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-08-26 16:07 . 2007-02-14 13:20 47,907 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-08-26 16:07 . 2007-02-14 13:20 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-08-26 16:07 . 2007-02-14 13:21 30,285 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys
2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\Program Files\WIDCOMM
2008-08-26 16:04 . 2007-02-14 13:20 868,298 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-08-26 16:04 . 2007-02-14 13:20 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-08-26 16:02 . 2008-08-26 16:02 <DIR> d-------- C:\WINDOWS\Options
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 00:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 16:26 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-09-03 11:59 --------- d-----w C:\Program Files\Microsoft Works
2008-09-02 05:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-28 04:03 286,720 ------w C:\WINDOWS\Setup1.exe
2008-08-26 16:59 --------- d-----w C:\Program Files\Windows Live
2008-08-26 16:51 73,216 ------w C:\WINDOWS\ST6UNST.EXE
2008-08-26 16:51 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-26 16:50 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-26 16:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-26 16:50 --------- d-----w C:\Program Files\Real
2008-08-26 16:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-26 16:50 --------- d-----w C:\Program Files\Common Files\Real
2008-08-26 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-26 16:48 --------- d-----w C:\Program Files\CyberLink
2008-08-26 16:43 --------- d-----w C:\Documents and Settings\PC\Application Data\ACD Systems
2008-08-26 16:42 --------- d-----w C:\Program Files\JetAudio
2008-08-26 16:42 --------- d-----w C:\Program Files\Common Files\COWON
2008-08-26 16:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-26 16:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-26 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-26 16:26 --------- d-----w C:\Program Files\Common Files\L&H
2008-08-26 16:25 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-26 16:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-26 14:03 --------- d-----w C:\Program Files\Broadcom
2008-08-26 14:01 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-26 14:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-26 13:59 --------- d-----w C:\Program Files\Analog Devices
2008-08-26 13:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-26 13:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvaFind"="C:\Program Files\AvaFind\AvaFind.exe" [2004-06-01 295936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-09-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-09-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\bcmntray [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelinet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-09-03 18:26 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-06 11:09 133104 C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-06-19 15:26 84760 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-06-19 15:26 125720 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-06-19 15:26 101144 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 15:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 11:41 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-26 18:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-10-27 06:51 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-11-16 13:12 88209 C:\WINDOWS\AGRSMMSG.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"lphc1dwj0e3f3"=C:\WINDOWS\system32\lphc1dwj0e3f3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 20:37 41456]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S3 IntelinetSecure;IntelinetSecure;C:\Program Files\Intelinet\intelin2.exe [2008-09-17 856064]
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-24 13:03:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-09-24 13:04:42
ComboFix-quarantined-files.txt 2008-09-24 11:04:36
Pre-Run: 21,143,277,568 bytes free
Post-Run: 21,148,590,080 bytes free
300 --- E O F --- 2008-09-23 22:55:51

salmasalma · 24 سبتمبر 2008

رجاء ردوا اذا سمحتم

السّاجد لله · 24 سبتمبر 2008

اعملي تقرير هايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

salmasalma · 24 سبتمبر 2008

مع فائق الشكر: اليكم التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:02 PM, on 24/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PC\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6546 bytes

السّاجد لله · 24 سبتمبر 2008

حددي هذه القيم واحذفيها دكتورة

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe

طريقة الحذف

بعدها ادخلي على ازالة البرامج واحذفي جميع التولبار لديك لانها سبب اغلب المشاكل

ثم قومي بالتالي

عطلي جميع برامج الحماية ,,
وحملي هذه الاداة واحفظيها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لكي رسالة ,, اضغطي على >> Yes
بعدها بتظهر لكي رساله ثانيه ,, اضغطي على >> Yes
انتظري حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظري حتى يظهر لكي تقرير ,, انسخيه والصقيه بردك القادم

ثم اعملي تقرير للهايجاك جديد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغلي البرنامج ==> واضغطي على Do a system scan and save log
لحظات .. ويظهر لكي تقرير اعملي تحديد الكل ==> انسخه والصقه بردك القادم

salmasalma · 24 سبتمبر 2008

الف شكر يا اخي العزيز من العراق العظيم....اقوم الآن بعمل اللازم وسأوافيك باتقرير حالما اجهز. ارجو ان يكون الحل على يديك....فوالله لدي عمل كثير على الجهاز ولا اقدر ان اضيع ساعات اخرى هكذا.
الف شكر واتمنى ان تكون حضرتك موجودا عندما ابعث التقرير القادم...الى اللقاء

salmasalma · 24 سبتمبر 2008

بالمناسبة فالجهاز يقوم بعمل
scan
باستخدام

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ارجو الا يتعارض هذا الفحص من مايكروسوفت بما تفضلت واقترحت....لقد وجد لحد الآن 14 مشكلة وفيروس وسيبقى يعمل ربما لساعتين اخريات

السّاجد لله · 24 سبتمبر 2008

salmasalma قال:
الف شكر يا اخي العزيز من العراق العظيم....اقوم الآن بعمل اللازم وسأوافيك باتقرير حالما اجهز. ارجو ان يكون الحل على يديك....فوالله لدي عمل كثير على الجهاز ولا اقدر ان اضيع ساعات اخرى هكذا.
الف شكر واتمنى ان تكون حضرتك موجودا عندما ابعث التقرير القادم...الى اللقاء

ان شاء الله اكون موجود انا او احد اخوتي ومنقصر معاكي عزيزتي

salmasalma · 24 سبتمبر 2008

هذا هو التقرير الاول...الف شكر مقدما

ComboFix 08-09-22.06 - PC 2008-09-24 15:47:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.963.1033.18.567 [GMT 2:00]
Running from: C:\Documents and Settings\PC\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-24 15:33 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-09-24 15:32 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-09-24 15:31 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-09-24 15:27 . 2008-09-24 15:48 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-09-24 15:27 . 2008-09-24 15:27 <DIR> d-------- C:\7123472e6b8a4fd8fc5e
2008-09-24 14:32 . 2008-09-24 14:32 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Windows Search
2008-09-24 14:31 . 2008-09-24 14:31 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Windows Desktop Search
2008-09-24 14:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-24 14:30 . 2008-09-24 14:30 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-24 14:30 . 2008-09-24 14:30 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-09-24 14:20 . 2008-09-24 14:22 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-09-24 13:32 . 2008-09-24 15:27 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-24 11:21 . 2008-09-24 11:22 <DIR> d-------- C:\Documents and Settings\PC\Application Data\RegistrySmart
2008-09-24 00:31 . 2008-09-24 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-24 00:21 . 2008-09-24 00:26 <DIR> d-------- C:\Program Files\Intelinet
2008-09-23 22:30 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-23 22:29 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-09-23 22:28 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-23 22:27 . 2008-04-13 20:31 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-23 22:26 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-23 22:25 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-23 22:24 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-23 22:23 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-23 22:22 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-23 22:21 . 2008-04-13 21:24 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-23 22:21 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-09-23 03:00 . 2008-08-26 15:44 2,577 --a------ C:\WINDOWS\system32\config.bak
2008-09-23 03:00 . 2004-08-04 13:00 1,688 --a------ C:\WINDOWS\system32\autoexec.bak
2008-09-20 09:54 . 2008-09-20 09:54 268 --ah----- C:\sqmdata11.sqm
2008-09-20 09:54 . 2008-09-20 09:54 244 --ah----- C:\sqmnoopt11.sqm
2008-09-20 01:03 . 2008-09-20 01:03 268 --ah----- C:\sqmdata10.sqm
2008-09-20 01:03 . 2008-09-20 01:03 244 --ah----- C:\sqmnoopt10.sqm
2008-09-19 08:23 . 2008-09-19 08:23 268 --ah----- C:\sqmdata09.sqm
2008-09-19 08:23 . 2008-09-19 08:23 244 --ah----- C:\sqmnoopt09.sqm
2008-09-19 00:50 . 2008-09-19 00:50 268 --ah----- C:\sqmdata08.sqm
2008-09-19 00:50 . 2008-09-19 00:50 244 --ah----- C:\sqmnoopt08.sqm
2008-09-17 20:58 . 2008-09-17 20:58 244 --ah----- C:\sqmnoopt07.sqm
2008-09-17 20:58 . 2008-09-17 20:58 232 --ah----- C:\sqmdata07.sqm
2008-09-16 23:23 . 2008-09-23 01:26 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-13 18:44 . 2008-09-13 18:44 <DIR> d-------- C:\Program Files\PDFCreator Toolbar
2008-09-13 18:44 . 2008-09-13 18:45 <DIR> d-------- C:\Program Files\PDFCreator
2008-09-13 18:44 . 2008-09-13 18:44 253,116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8468.exe
2008-09-13 18:44 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-09-13 18:44 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-09-13 18:44 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-09-13 18:44 . 2008-09-13 18:44 14,290 --a------ C:\Program Files\settings.dat
2008-09-07 08:48 . 2008-09-19 08:25 1,555 --a------ C:\WINDOWS\ata live update.ini
2008-09-06 11:28 . 2008-09-24 15:37 <DIR> d-------- C:\Program Files\Google
2008-09-05 23:30 . 2008-09-05 23:30 241,704 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 . 2008-09-05 23:29 917,032 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-03 19:58 . 2008-09-03 19:58 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-03 18:41 . 2008-09-23 23:40 <DIR> d-------- C:\Program Files\Security Task Manager
2008-09-03 18:41 . 2008-09-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-09-03 14:47 . 2008-09-03 14:47 <DIR> d-------- C:\Program Files\Ace Utilities
2008-09-03 14:19 . 2005-10-31 20:50 49,152 --a------ C:\WINDOWS\wipe.dll
2008-09-03 14:15 . 2005-10-31 20:50 49,152 --a------ C:\Program Files\wipe.dll
2008-09-03 14:03 . 2008-09-03 14:03 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Uniblue
2008-09-03 13:57 . 2008-09-04 10:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-03 13:00 . 2008-09-03 13:00 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-03 13:00 . 2008-09-03 13:00 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-03 13:00 . 2008-09-03 13:00 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-03 12:57 . 2008-09-03 13:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 12:53 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-03 12:42 . 2008-04-14 02:12 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-09-03 12:41 . 2008-04-14 02:11 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-09-03 12:13 . 2008-06-23 18:01 6,068,736 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-03 12:13 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-03 12:13 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-03 12:13 . 2008-06-23 18:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-03 12:13 . 2008-06-23 18:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-03 12:13 . 2008-06-23 18:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-03 12:13 . 2008-06-23 18:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-03 12:13 . 2008-06-23 18:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-03 12:13 . 2008-06-23 10:23 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-03 11:53 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-02 08:35 . 2008-09-02 08:35 <DIR> d-------- C:\Program Files\FirstClass
2008-09-02 08:35 . 2008-09-02 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-09-02 08:35 . 2001-05-03 10:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-09-02 08:35 . 1996-02-26 22:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-08-28 06:04 . 2008-08-28 06:05 <DIR> d-------- C:\Program Files\Mawarith
2008-08-28 05:55 . 2008-08-28 05:55 268 --ah----- C:\sqmdata06.sqm
2008-08-28 05:55 . 2008-08-28 05:55 244 --ah----- C:\sqmnoopt06.sqm
2008-08-27 17:40 . 2008-08-28 08:11 13,030 --a------ C:\PDOXUSRS.NET
2008-08-27 17:39 . 2008-08-27 17:39 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-08-27 17:38 . 2008-08-27 17:39 <DIR> d-------- C:\Program Files\Lower Notpad
2008-08-27 17:38 . 2008-08-27 17:38 <DIR> d-------- C:\Documents and Settings\PC\Application Data\COWON
2008-08-27 17:37 . 2008-08-27 17:37 <DIR> d-------- C:\Program Files\AlShamel
2008-08-27 17:36 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-27 17:36 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-27 17:36 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-27 17:36 . 2008-04-13 20:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-27 14:57 . 2008-08-27 14:57 268 --ah----- C:\sqmdata05.sqm
2008-08-27 14:57 . 2008-08-27 14:57 244 --ah----- C:\sqmnoopt05.sqm
2008-08-27 14:54 . 2008-08-27 14:54 268 --ah----- C:\sqmdata04.sqm
2008-08-27 14:54 . 2008-08-27 14:54 244 --ah----- C:\sqmnoopt04.sqm
2008-08-27 14:48 . 2008-08-27 14:48 268 --ah----- C:\sqmdata03.sqm
2008-08-27 14:48 . 2008-08-27 14:48 244 --ah----- C:\sqmnoopt03.sqm
2008-08-27 14:44 . 2008-09-24 12:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 14:37 . 2008-09-03 10:36 <DIR> d-------- C:\Program Files\AvaFind
2008-08-27 14:37 . 2008-09-24 15:42 <DIR> d-------- C:\Documents and Settings\PC\Application Data\AvaFind Data
2008-08-27 10:38 . 2008-08-27 10:38 268 --ah----- C:\sqmdata02.sqm
2008-08-27 10:38 . 2008-08-27 10:38 244 --ah----- C:\sqmnoopt02.sqm
2008-08-26 20:03 . 2008-08-26 20:03 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Nero
2008-08-26 20:03 . 2008-08-26 20:03 268 --ah----- C:\sqmdata01.sqm
2008-08-26 20:03 . 2008-08-26 20:03 244 --ah----- C:\sqmnoopt01.sqm
2008-08-26 20:02 . 2008-08-26 20:02 <DIR> d-------- C:\Program Files\Nero
2008-08-26 20:02 . 2008-08-26 20:02 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-26 20:02 . 2008-08-26 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-26 20:02 . 2006-03-17 10:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-08-26 20:02 . 2006-03-17 10:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-08-26 20:02 . 2006-03-17 10:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-08-26 20:02 . 2006-03-17 13:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-08-26 20:02 . 2006-03-17 10:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-08-26 19:59 . 2008-08-26 19:59 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-26 19:42 . 2008-08-26 19:42 268 --ah----- C:\sqmdata00.sqm
2008-08-26 19:42 . 2008-08-26 19:42 244 --ah----- C:\sqmnoopt00.sqm
2008-08-26 19:25 . 2008-09-24 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-26 19:06 . 2008-09-24 14:49 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-26 19:06 . 2008-08-26 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:13 . 2007-06-19 15:26 126,976 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-26 16:10 . 2008-09-24 15:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-26 16:10 . 2007-03-01 11:47 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-08-26 16:10 . 2007-03-01 11:47 2,209,408 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2008-08-26 16:10 . 2007-03-01 11:47 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-08-26 16:07 . 2007-02-14 13:20 530,861 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 00:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 16:26 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-09-03 11:59 --------- d-----w C:\Program Files\Microsoft Works
2008-09-02 05:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-28 04:03 286,720 ------w C:\WINDOWS\Setup1.exe
2008-08-26 16:59 --------- d-----w C:\Program Files\Windows Live
2008-08-26 16:51 73,216 ------w C:\WINDOWS\ST6UNST.EXE
2008-08-26 16:51 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-26 16:50 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-26 16:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-26 16:50 --------- d-----w C:\Program Files\Real
2008-08-26 16:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-26 16:50 --------- d-----w C:\Program Files\Common Files\Real
2008-08-26 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-26 16:48 --------- d-----w C:\Program Files\CyberLink
2008-08-26 16:43 --------- d-----w C:\Documents and Settings\PC\Application Data\ACD Systems
2008-08-26 16:42 --------- d-----w C:\Program Files\JetAudio
2008-08-26 16:42 --------- d-----w C:\Program Files\Common Files\COWON
2008-08-26 16:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-26 16:42 --------- d-----w C:\Program Files\ACD Systems
2008-08-26 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-26 16:26 --------- d-----w C:\Program Files\Common Files\L&H
2008-08-26 16:25 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-26 16:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-26 14:03 --------- d-----w C:\Program Files\Broadcom
2008-08-26 14:01 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-26 14:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-26 13:59 --------- d-----w C:\Program Files\Analog Devices
2008-08-26 13:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-26 13:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-24_13.04.19.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-24 12:21:08 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-09-24 12:20:59 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-09-24 12:21:08 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-09-24 12:21:13 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-24 12:21:09 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-24 12:21:09 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-09-24 12:21:09 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-09-24 12:21:00 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-24 12:20:59 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-09-24 12:21:00 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-24 12:21:00 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-09-24 12:20:59 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-09-24 12:20:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-09-24 12:20:59 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-09-24 12:21:09 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-09-24 12:21:13 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-24 12:21:09 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-09-24 12:21:15 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-24 12:21:10 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-24 12:21:10 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-24 12:21:10 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-24 12:21:10 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-09-24 12:21:11 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-24 12:21:10 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-24 12:21:10 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-24 12:21:12 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-24 12:21:12 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-24 12:21:12 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-24 12:21:12 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-24 12:21:12 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-24 12:21:12 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-24 12:21:14 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-24 12:21:12 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-24 12:21:12 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-24 12:21:12 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-24 12:21:12 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-24 12:21:12 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-24 12:21:10 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-24 12:25:44 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-09-24 12:25:55 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-09-24 12:25:56 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-09-24 12:25:57 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-24 12:25:52 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-09-24 12:25:36 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-24 12:25:36 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-09-24 12:26:05 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-09-24 12:25:48 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-24 12:25:43 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-09-24 12:25:36 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-09-24 12:25:38 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-09-24 12:25:54 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-24 12:25:54 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-24 12:25:55 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-09-24 12:25:40 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-09-24 12:25:41 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-09-24 12:25:42 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-09-24 12:25:42 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-09-24 12:25:39 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-24 12:26:07 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-09-24 12:26:07 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-09-24 12:25:33 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-09-24 12:26:06 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-24 12:26:08 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-09-24 12:25:35 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-09-24 12:25:34 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-09-24 12:25:34 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-09-24 12:26:00 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-09-24 12:25:45 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-09-24 12:26:01 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-09-24 12:25:58 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-09-24 12:25:38 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-09-24 12:25:53 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-24 12:25:46 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-09-24 12:25:45 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-24 12:25:47 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-09-24 12:26:03 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-24 12:25:58 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-24 12:26:04 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-24 12:25:59 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-24 12:26:00 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-24 12:25:43 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-24 12:25:47 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-24 12:26:05 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-24 12:25:49 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-24 12:25:50 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-24 12:25:51 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-24 12:25:52 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-09-24 12:26:02 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-09-24 12:26:53 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\077e70cf802c9f4b9739503895697c3d\mscorlib.ni.dll
+ 2008-09-24 12:28:35 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\c8657bccace1974d9943885f032af85c\System.Data.ni.dll
+ 2008-09-24 12:28:57 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\db073a29ad2e4b479e7c9a4afda792c1\System.Design.ni.dll
+ 2008-09-24 12:27:37 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f497f473739fe544bbcaf055b193bc80\System.Drawing.Design.ni.dll
+ 2008-09-24 12:27:45 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9f963333b5c20e4587bd033f58f8dca4\System.Drawing.ni.dll
+ 2008-09-24 12:28:08 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cec92dd3342c2d4d8050c3362f480e85\System.Windows.Forms.ni.dll
+ 2008-09-24 12:28:21 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5315caa886d01b4c8317dd82e75e0db1\System.Xml.ni.dll
+ 2008-09-24 12:27:31 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af9500ada2777e47a2b438b0cb12b169\System.ni.dll
+ 2008-09-24 12:22:37 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_e60416c6\CustomMarshalers.dll
+ 2008-09-24 12:22:41 3,289,088 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df597743\mscorlib.dll
+ 2008-09-24 12:22:52 1,462,272 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a923dced\System.Design.dll
+ 2008-09-24 12:22:57 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ca4a098a\System.Drawing.Design.dll
+ 2008-09-24 12:22:59 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_668dfd49\System.Drawing.dll
+ 2008-09-24 12:23:04 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e60a323d\System.Windows.Forms.dll
+ 2008-09-24 12:23:10 2,076,672 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b35645a8\System.Xml.dll
+ 2008-09-24 12:22:56 1,929,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_95b15394\System.dll
+ 2008-06-24 06:05:12 455,744 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
+ 2008-09-24 13:29:10 10,134 ----a-r C:\WINDOWS\Installer\{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}\ARPPRODUCTICON.exe
+ 2005-09-23 05:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 07:42:38 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 09:52:48 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 10:45:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 07:42:38 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 05:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 05:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 05:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2003-02-21 00:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 01:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 01:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 03:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 05:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 03:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 17:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 17:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 17:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 17:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 17:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 17:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 09:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 05:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 05:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-20 17:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 08:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 08:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 05:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 05:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 02:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 08:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 17:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-20 17:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 05:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 05:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 05:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 05:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-20 17:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 05:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 17:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 05:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 05:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 05:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 05:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 05:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 05:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 05:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 05:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 05:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 05:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 05:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-20 17:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-20 17:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-20 17:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 17:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 17:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 05:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 16:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 17:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 17:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 17:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 17:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 17:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-20 17:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 17:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 16:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 17:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 17:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 05:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 05:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 05:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-20 17:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 17:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 17:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 05:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 05:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 05:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 05:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 05:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 05:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 05:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 05:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 05:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-20 17:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 05:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 05:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 05:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 05:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 05:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 05:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 05:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 05:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 05:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 05:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 05:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 05:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 08:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 03:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-20 18:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2005-09-23 05:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 05:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2005-09-23 05:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 05:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 05:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 05:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 05:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 05:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 05:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 05:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 05:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 05:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 05:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 05:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 05:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 05:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 05:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 05:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 05:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 05:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 05:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 05:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 05:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 05:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2005-09-23 05:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 05:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 05:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 05:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 05:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 05:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 05:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 05:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 05:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 05:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 05:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 05:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 05:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 05:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 05:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 05:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 05:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 04:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 04:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 04:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 04:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 04:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 04:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 01:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 04:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 04:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 04:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 04:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 04:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 04:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 04:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 04:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 04:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 04:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 04:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 04:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 04:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 04:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 04:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 04:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 04:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 04:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 05:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 05:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 05:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 05:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 05:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 05:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 05:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 05:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 05:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 05:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 05:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 05:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 05:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 05:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 05:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 05:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 05:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 05:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 05:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 05:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 05:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 05:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 05:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 05:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 05:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 05:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 05:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 05:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 05:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 05:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 05:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 05:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 05:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 05:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 05:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 05:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 05:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 05:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 05:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 05:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 05:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 05:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 05:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 05:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 05:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 05:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 05:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 05:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 05:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 05:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 05:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 05:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 05:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 05:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 05:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 05:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 05:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 05:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 05:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 05:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 05:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 05:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 05:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 05:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 05:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 05:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 05:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 05:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 05:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 05:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 05:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 05:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 05:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 05:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 05:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2006-10-14 14:43:18 27,648 -c----w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2008-04-14 00:11:57 29,696 -c--a-w C:\WINDOWS\system32\dllcache\mimefilt.dll
+ 2008-03-07 17:02:08 29,696 -c--a-w C:\WINDOWS\system32\dllcache\mimefilt.dll
- 2008-04-14 00:12:02 98,304 -c--a-w C:\WINDOWS\system32\dllcache\nlhtml.dll
+ 2008-03-07 17:02:08 98,304 -c--a-w C:\WINDOWS\system32\dllcache\nlhtml.dll
- 2008-04-14 00:12:02 192,000 -c--a-w C:\WINDOWS\system32\dllcache\offfilt.dll
+ 2008-03-07 17:02:08 192,000 -c--a-w C:\WINDOWS\system32\dllcache\offfilt.dll
+ 2006-10-14 14:44:44 671,744 -c----w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
+ 2006-10-14 18:21:58 580,352 -c----w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2006-10-14 18:22:00 1,698,048 -c----w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
+ 2007-02-02 01:00:00 9,336 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2007-02-02 01:00:00 9,464 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2008-02-13 01:00:00 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2008-02-13 15:16:54 68,080 ----a-w C:\WINDOWS\system32\drvins64.exe
+ 2008-05-15 14:15:16 53,168 -c--a-w C:\WINDOWS\system32\DRVSTORE\mpfilter_7624CBE7EF3BB21A52F29BE608459E93D0D31F4C\mpfilter.sys
+ 2007-11-27 20:56:28 91,328 -c--a-w C:\WINDOWS\system32\DRVSTORE\msfwdrv_8B7A77566FDBAD6964DFFFCFFDA27E97D55990D5\msfwdrv.sys
+ 2007-11-27 20:56:30 116,416 -c--a-w C:\WINDOWS\system32\DRVSTORE\msfwhlpr_0D06EB3A0072EC31805FD097692DFF987F98BDA6\msfwhlpr.sys
+ 2008-09-05 21:30:06 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2008-04-14 00:11:57 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll
+ 2008-03-07 17:02:08 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll
+ 2005-09-23 05:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2005-09-23 05:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2005-09-23 05:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2008-05-26 20:17:44 34,816 ------w C:\WINDOWS\system32\msscb.dll
+ 2008-05-26 20:17:26 60,416 ------w C:\WINDOWS\system32\msscntrs.dll
+ 2008-05-26 20:17:38 11,776 ------w C:\WINDOWS\system32\msshooks.dll
+ 2008-05-26 20:18:34 231,936 ------w C:\WINDOWS\system32\msshsq.dll
+ 2008-05-26 20:17:26 87,552 ------w C:\WINDOWS\system32\mssitlb.dll
+ 2008-05-26 20:18:26 350,208 ------w C:\WINDOWS\system32\mssph.dll
+ 2008-05-26 20:18:56 203,776 ------w C:\WINDOWS\system32\mssphtb.dll
+ 2008-05-26 20:17:28 32,768 ------w C:\WINDOWS\system32\mssprxy.dll
+ 2008-05-26 20:21:26 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll
+ 2008-05-26 20:18:42 44,032 ------w C:\WINDOWS\system32\msstrc.dll
+ 2003-02-20 16:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
+ 2005-09-23 05:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2003-02-20 17:16:34 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
- 2008-04-14 00:12:02 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2008-03-07 17:02:08 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2008-05-26 20:19:36 273,408 ------w C:\WINDOWS\system32\oeph.dll
+ 2008-05-26 20:19:16 11,264 ------w C:\WINDOWS\system32\oephRes.dll
- 2008-04-14 00:12:02 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll
+ 2008-03-07 17:02:08 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll
- 2008-09-24 11:03:19 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-24 13:42:23 69,732 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-24 11:03:19 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-24 13:42:23 422,442 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-14 14:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll
+ 2008-05-26 20:18:08 71,680 ------w C:\WINDOWS\system32\propdefs.dll
+ 2008-05-26 20:17:48 754,176 ------w C:\WINDOWS\system32\propsys.dll
+ 2007-07-05 15:55:04 567,792 ----a-w C:\WINDOWS\system32\Px.dll
+ 2008-02-13 15:17:04 66,544 ----a-w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-02-13 15:17:02 120,304 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
+ 2007-06-06 23:02:00 535,288 ----a-w C:\WINDOWS\system32\pxdrv.dll
+ 2008-02-13 15:16:56 66,032 ----a-w C:\WINDOWS\system32\pxinsa64.exe
+ 2008-02-13 15:16:58 121,328 ----a-w C:\WINDOWS\system32\pxinsi64.exe
+ 2007-07-05 15:55:06 186,864 ----a-w C:\WINDOWS\system32\PxMas.dll
+ 2007-07-05 15:55:08 1,649,136 ----a-w C:\WINDOWS\system32\PxSFS.DLL
+ 2007-07-05 15:55:08 379,376 ----a-w C:\WINDOWS\system32\PxWave.dll
+ 2007-07-05 15:55:10 158,192 ----a-w C:\WINDOWS\system32\pxwma.dll
+ 2006-08-24 14:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
+ 2008-05-26 20:18:32 38,400 ------w C:\WINDOWS\system32\rtffilt.dll
+ 2008-05-26 20:17:56 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe
+ 2008-05-26 20:18:44 439,808 ------w C:\WINDOWS\system32\searchindexer.exe
+ 2008-05-26 20:18:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe
+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-10-14 14:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2006-10-14 14:42:18 376,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2006-10-14 14:42:28 510,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2006-10-14 14:40:36 619,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 14:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-10-14 14:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 15:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2006-10-14 15:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2006-10-14 18:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2006-10-14 15:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2006-10-14 18:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2006-10-14 14:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2006-10-14 18:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2008-05-26 20:17:30 301,568 ------w C:\WINDOWS\system32\srchadmin.dll
+ 2008-05-26 19:59:40 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin
+ 2008-05-26 19:59:42 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin
+ 2008-05-26 20:21:08 1,582,592 ------w C:\WINDOWS\system32\tquery.dll
+ 2008-05-26 20:19:20 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll
+ 2008-05-26 20:19:22 143,872 ------w C:\WINDOWS\system32\UncDMS.dll
+ 2008-05-26 20:19:28 108,032 ------w C:\WINDOWS\system32\UncNE.dll
+ 2008-05-26 20:19:28 131,072 ------w C:\WINDOWS\system32\UncPH.dll
+ 2008-05-26 20:19:26 2,048 ------w C:\WINDOWS\system32\UncRes.dll
+ 2003-02-20 17:06:20 282,624 ----a-w C:\WINDOWS\system32\URTTemp\fusion.dll
+ 2003-02-20 17:06:24 155,648 ----a-w C:\WINDOWS\system32\URTTemp\mscoree.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\system32\URTTemp\mscorsn.dll
+ 2003-02-20 17:08:32 2,482,176 ----a-w C:\WINDOWS\system32\URTTemp\mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\URTTemp\msvcr71.dll
+ 2003-02-21 03:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
+ 2007-03-25 23:00:00 88,824 ----a-w C:\WINDOWS\system32\vxblock.dll
+ 2008-09-05 21:30:42 241,704 ------w C:\WINDOWS\system32\WgaLogon.dll
+ 2008-09-05 21:29:58 917,032 ------w C:\WINDOWS\system32\WgaTray.exe
+ 2008-05-26 20:18:34 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll
+ 2006-10-14 18:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2006-10-14 18:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2008-09-24 13:41:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_53c.dat
+ 2005-09-22 21:49:12 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2005-09-23 05:29:16 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 05:29:16 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 05:29:16 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2008-09-24 12:25:36 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-09-24 12:25:36 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvaFind"="C:\Program Files\AvaFind\AvaFind.exe" [2004-06-01 295936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-09-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-09-03 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\bcmntray [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelinet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-09-03 18:26 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-06 11:09 133104 C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 23:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-06-19 15:26 84760 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-06-19 15:26 125720 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-06-19 15:26 101144 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 15:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
--a------ 2008-08-08 15:24 67112 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 11:41 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-26 18:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-11-16 13:12 88209 C:\WINDOWS\AGRSMMSG.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"lphc1dwj0e3f3"=C:\WINDOWS\system32\lphc1dwj0e3f3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 20:37 41456]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
S4 IntelinetSecure;IntelinetSecure;C:\Program Files\Intelinet\intelin2.exe [2008-09-17 856064]
*Newly Created Service* - MSFWSVC
*Newly Created Service* - OCHEALTHMON
*Newly Created Service* - WINSS
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-24 15:49:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-09-24 15:50:01
ComboFix-quarantined-files.txt 2008-09-24 13:49:58
ComboFix2.txt 2008-09-24 11:04:43
Pre-Run: 20,350,160,896 bytes free
Post-Run: 20,377,690,112 bytes free
768 --- E O F --- 2008-09-23 22:55:51

salmasalma · 24 سبتمبر 2008

التقرير الثاني

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:11 PM, on 24/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PC\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4698 bytes

salmasalma · 24 سبتمبر 2008

بانتظار ولاحظاتك اخي هشام على احر من الجمر وع فائق الشكر

السّاجد لله · 24 سبتمبر 2008

التقرير الان سليم
هل ما زالت المشكلة قائمة دكتورة

salmasalma · 24 سبتمبر 2008

والله يا اخي لا اعرف....لأنني قمت الآن باعادة تشغيل الكمبيوتر ....وستأخذ عدد من الدقائق (او اكتر) لظهور الرسالة المشؤمة (التي اتمنى الا تظهر)....
ولكن شكرا يا اخي لأنك طمأنتني...ساتركه الآن لأرى فيما اذا ظهرت الصفحة الزرقاء مع الرسالة....ان لم تظهر فهذا يعني ان الامور قد عادت الى الطبيعي...واذا ظهرت....فسامحني ان ازعجتك مرة اخرى بالسوأل...
يا رب

مع خالص تحياتي

السّاجد لله · 24 سبتمبر 2008

اختي الغالية د سلمى انا معك الى النهاية وان شاء الله تنحل المشكلة على يدي او على يد اخوتي خبراء الصيانة المهم لا تهتمين ويارب تنحل المشكلة

salmasalma · 24 سبتمبر 2008

hesham77 قال:
اختي الغالية د سلمى انا معك الى النهاية وان شاء الله تنحل المشكلة على يدي او على يد اخوتي خبراء الصيانة المهم لا تهتمين ويارب تنحل المشكلة

ها قد مرت اكثر من سبع ساعات على فتح الجهاز
والف الحمد لله
لقد زال الخطر ولم تعد تظهر تلك الرسالة الزرقاء (السوداء بالأحرى)
لا ادري كيف اشكرك اخي هشام على المساعدة القيمة
ففي احدى لحظات جزعي ليلة امس
كنت قد قررت شراء جهاز آخر بعد ان اعيتني الحيلة
لقد وفرت علي التعب والمال
فجزاك الله خيرا

واتمنى الا تحصل تلك المشكلة مرة اخرى

مع فائق التقدير والشكر العميق

د. سلمى

salmasalma · 24 سبتمبر 2008

لكنني لا زلت اطمع منك ومن زملائك هنا بشئ آخر ان تكرمتم

لقد استغنيت عن مضاد الفيروسات ونزلت مكانه مضاد من مايروسوفت
وهو
Windows Live OneCare

وهو كما تعلمون تجريبي لمدة ثلاث اشهر وبعد ذلك لا بد من الدفع وشراء البرنامج
الا يتوفر عن احد الزملاء الكرام اسم مستخدم وباص وورد لكي يبقى البرنامج بشكل دائم
فقد ارتحت له وهو كما يتبين متناسب مع جهازي
فهو مضاد للفيروسات والتجسس وكل الاشياء الاخرى

سأكون من الشاكرين اذا تكرمتم بالمساعدة

السّاجد لله · 24 سبتمبر 2008

اولا الحمد لله على انتهاء المشكلة وثانيا جار البحث لكي عن ما طلبتي وشكرا لكلماتك الرائعة

السّاجد لله · 24 سبتمبر 2008

تفضلي عزيزتي البرنامج كامل مع السريال حملي من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

السّاجد لله · 24 سبتمبر 2008

وهذا رابط اخر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

احذفي البرنامج القديم ونصبي الجديد من هنا

k:

salmasalma · 25 سبتمبر 2008

كما يقال على هذه الصفحات
جاري التحميل
ويا رب يظبط

الف شكر على المساعدة الرائعة

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي جديد