المعالجان يعملان 100%

الشووووق · 28 نوفمبر 2008

السلام عليكم ورحمة الله وبركاته

اخواني اعشاء زيزوم انا لدي لاب توب دل وفيه معالجين فجاءه اصبحت المعالجات اعمل بكامل طاقتها 100% واصبح الجهاز يعلق

اتمنى من اخواني اعضاء زيزوم مساعدتي لو بيدهم طريقه لذلك
وهذا التقرير \

Logfile of HijackThis v1.99.1
Scan saved at 9:42:02 PM, on 11/28/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\alyami\Downloads\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

MAAX · 28 نوفمبر 2008

اهلاا بك اخي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ثم ارفع تقرير هايجاك جديد

abdu_mka · 28 نوفمبر 2008

أخي المشكلة هذه , قد يكون حلها بدون الهاي جاك
انت ممكن تضغط alt +ctrl + delete
حتى يطلع windows task manager ثم تضغط process وترتبهن علي حسب cpu يبان عندك ما هو البرنامج اللي واخذ المعالجان كلهم

الشووووق · 28 نوفمبر 2008

هذا التقرير من البرنامج اللي عطيتني اخوي

ComboFix 08-11-27.07 - alyami 2008-11-28 22:38:18.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1033.18.1127 [GMT 3:00]
Running from: c:\users\alyami\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.
2008-11-28 00:11 . 2008-11-28 00:11 <DIR> d-a------ c:\users\alyami\AppData\Roaming\oovooToolbar
2008-11-28 00:11 . 2008-11-28 00:11 <DIR> d-------- c:\program files\ooVoo
2008-11-26 03:03 . 2008-10-21 08:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 03:03 . 2008-08-28 06:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 03:03 . 2008-08-28 06:40 425,472 --a------ c:\windows\System32\PhotodataHandler.dll
2008-11-26 03:03 . 2008-08-28 06:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 03:03 . 2008-10-22 06:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 04:23 . 2008-11-24 04:24 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 04:23 . 2008-11-24 04:24 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 04:23 . 2008-11-24 04:24 <DIR> d-------- c:\program files\iTunes
2008-11-24 04:23 . 2008-11-24 04:23 <DIR> d-------- c:\program files\iPod
2008-11-17 00:49 . 2008-10-17 00:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 00:49 . 2008-10-16 23:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 00:49 . 2008-10-17 00:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 00:49 . 2008-10-17 00:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 00:48 . 2008-10-17 00:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 00:48 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 00:48 . 2008-10-16 23:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 00:48 . 2008-10-17 00:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 00:48 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 22:49 . 2008-09-10 06:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 22:49 . 2008-09-05 08:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 22:49 . 2008-08-27 04:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-10-29 16:40 . 2008-08-12 06:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 16:40 . 2008-09-18 07:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 16:40 . 2008-09-18 07:56 125,952 --a------ c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 19:08 --------- d-----w c:\users\alyami\AppData\Roaming\Skype
2008-11-28 16:57 --------- d-----w c:\users\alyami\AppData\Roaming\skypePM
2008-11-28 16:42 69,894 ----a-w c:\users\All Users\nvModes.dat
2008-11-28 16:42 69,894 ----a-w c:\programdata\nvModes.dat
2008-11-27 21:11 --------- d-----w c:\program files\oovooToolbar
2008-11-27 21:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 00:05 --------- d-----w c:\programdata\Microsoft Help
2008-11-24 01:23 --------- d-----w c:\programdata\Apple Computer
2008-11-24 01:23 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 01:17 --------- d-----w c:\program files\QuickTime
2008-11-16 16:15 --------- d-----w c:\program files\Common Files\Adobe
2008-10-25 15:32 --------- d-----w c:\program files\MSBuild
2008-10-25 15:32 --------- d-----w c:\program files\Microsoft Works
2008-10-25 15:30 --------- d-----w c:\program files\Microsoft.NET
2008-10-25 15:26 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-20 20:53 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-15 00:23 --------- d-----w c:\program files\Windows Mail
2008-10-13 20:18 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-12 19:04 --------- d-----w c:\program files\DivX
2008-10-12 18:01 --------- d-----w c:\program files\Huawei technologies
2008-10-11 18:52 --------- d-----w c:\program files\Common Files\Real
2008-10-11 18:41 --------- d-----w c:\program files\VistaCodecPack
2008-10-11 15:03 --------- d-----w c:\programdata\VistaCodecs
2008-10-11 14:17 --------- d-----w c:\programdata\WLInstaller
2008-10-05 21:07 --------- d-----w c:\program files\Conduit
2008-10-05 21:07 --------- d-----w c:\program files\alahli_sa
2008-10-05 20:00 --------- d-----w c:\program files\Google
2008-10-05 19:02 --------- d-----w c:\program files\Apple Software Update
2008-10-05 19:00 --------- d-----w c:\program files\Bonjour
2008-10-05 15:57 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-02 18:21 --------- d-----w c:\program files\Windows Live
2008-10-02 18:14 --------- d-----w c:\users\alyami\AppData\Roaming\Yahoo!
2008-10-02 18:14 --------- d-----w c:\programdata\Yahoo!
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 01:48 737,280 ----a-w c:\windows\iun6002.exe
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-29 07:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 06:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-05-19 21:21 174 --sha-w c:\program files\desktop.ini
2008-05-14 00:55 27,430 ----a-w c:\users\alyami\AppData\Roaming\nvModes.dat
2008-05-12 18:25 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-05-12 18:25 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-11 17:13 76 --sh--r c:\windows\CT4CET.bin
2008-05-25 03:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-25 03:05 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-05-25 03:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
2008-05-13 14:51 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-13 14:51 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-05-13 14:51 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\s\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-02_20.32.35.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 15:57:51 2,560 ----a-w c:\windows\_MSRSTRT.EXE
+ 2008-10-25 15:32:51 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-10-25 15:32:50 65,536 ----a-w c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2008-10-25 15:32:53 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-10-25 15:32:50 1,215,328 ----a-w c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2008-10-25 15:32:50 82,784 ----a-w c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2008-10-25 15:32:36 31,560 ----a-w c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2008-10-25 15:32:51 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-10-25 15:32:36 16,712 ----a-w c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2008-10-25 15:30:46 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-10-25 15:31:49 1,612,592 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2008-10-25 15:31:50 1,276,720 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-10-25 15:31:50 150,320 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-10-25 15:32:36 404,296 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-10-25 15:31:52 88,896 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-10-25 15:31:52 146,232 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-10-25 15:32:23 17,208 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2008-10-25 15:31:50 920,376 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-10-25 15:31:51 35,648 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-10-26 00:03:33 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-10-25 15:31:51 232,248 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-10-25 15:31:50 20,280 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-10-27 14:09:40 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-10-25 15:32:50 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-10-25 15:31:50 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-10-25 15:31:52 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-10-25 15:32:50 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-10-25 15:32:51 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-10-25 15:31:50 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-10-25 15:30:42 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2008-10-25 15:30:46 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-10-25 15:32:01 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-10-25 15:32:38 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-10-25 15:32:36 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2008-10-25 15:32:25 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-10-25 15:32:24 12,632 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-10-25 15:32:25 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-10-25 15:32:32 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2008-10-25 15:32:16 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-10-25 15:32:35 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-10-25 15:32:17 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-10-25 15:32:16 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-10-25 15:32:50 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2008-04-23 04:44:47 140,288 ----a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
+ 2008-08-05 09:51:47 140,288 ----a-w c:\windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
+ 2008-10-27 14:09:48 120,408 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2008-10-25 15:32:57 367,400 ----a-w c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
- 2008-04-23 04:44:14 4,046,848 ----a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
- 2008-04-23 04:45:00 1,957,888 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-10-27 14:09:48 611,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2008-10-25 15:32:36 43,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2008-10-25 15:32:37 39,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2008-10-25 15:32:36 60,200 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2008-10-25 15:32:49 211,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2008-10-25 15:32:49 105,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2008-10-25 15:32:48 330,520 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2008-10-25 15:32:49 39,712 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2008-10-25 15:32:49 39,704 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2008-10-25 15:32:49 72,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2008-10-25 15:32:49 47,832 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2008-10-25 15:32:49 39,624 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
- 2008-10-02 03:26:43 1,660 ----a-w c:\windows\bthservsdp.dat
+ 2008-11-28 17:21:07 1,660 ----a-w c:\windows\bthservsdp.dat
- 2008-04-23 04:42:33 373,248 ----a-w c:\windows\ehome\ehglid.dll
+ 2008-08-05 09:49:54 373,248 ----a-w c:\windows\ehome\ehglid.dll
- 2008-04-23 04:42:33 105,472 ----a-w c:\windows\ehome\ehPresenter.dll
+ 2008-08-05 09:49:54 105,472 ----a-w c:\windows\ehome\ehPresenter.dll
- 2008-04-23 04:42:33 254,464 ----a-w c:\windows\ehome\ehReplay.dll
+ 2008-08-05 09:49:54 254,464 ----a-w c:\windows\ehome\ehReplay.dll
- 2008-04-23 04:44:14 4,046,848 ----a-w c:\windows\ehome\ehshell.dll
+ 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\ehome\ehshell.dll
- 2008-04-23 04:27:00 18,944 ----a-w c:\windows\ehome\ehtrace.dll
+ 2008-08-06 03:27:39 18,944 ----a-w c:\windows\ehome\ehtrace.dll
- 2008-04-23 04:42:33 522,240 ----a-w c:\windows\ehome\ehui.dll
+ 2008-08-05 09:49:54 522,240 ----a-w c:\windows\ehome\ehui.dll
- 2008-01-18 20:33:24 172,544 ----a-w c:\windows\ehome\McrMgr.exe
+ 2008-08-05 09:49:28 173,056 ----a-w c:\windows\ehome\McrMgr.exe
- 2008-04-23 04:44:47 140,288 ----a-w c:\windows\ehome\mcupdate.exe
+ 2008-08-05 09:51:47 140,288 ----a-w c:\windows\ehome\mcupdate.exe
- 2008-04-23 04:45:00 1,957,888 ----a-w c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\ehome\Microsoft.MediaCenter.UI.dll
- 2008-09-17 02:50:26 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-10-12 18:08:44 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-09-17 02:50:25 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2008-10-12 18:08:40 86,016 ----a-w c:\windows\inf\infstor.dat
- 2008-09-17 02:50:26 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2008-10-12 18:08:44 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2006-10-27 12:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 18:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 12:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 12:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 12:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 12:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 17:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 17:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 17:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 17:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 17:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 17:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 12:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 17:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 17:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 17:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 17:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 17:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 17:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 12:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 17:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 12:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 16:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 18:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 12:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 17:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 17:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 21:48:08 234,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-26 16:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 12:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 11:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 11:04:58 75,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 16:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 12:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 17:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 12:37:44 338,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 12:38:02 6,191,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 12:37:44 284,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-26 21:47:54 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-27 12:37:40 34,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 12:37:44 300,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-26 21:47:44 33,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 12:37:56 2,689,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 12:38:00 3,508,544 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 12:37:40 117,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 12:37:50 768,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 12:37:52 1,359,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-26 21:48:24 377,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 12:37:58 3,071,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 12:37:44 284,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-26 21:48:00 197,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-26 21:48:18 317,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-26 21:48:40 1,555,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-26 21:47:42 31,016 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-26 21:47:40 22,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-26 21:48:02 224,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 12:38:04 7,053,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-26 21:48:42 2,210,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-26 21:48:18 363,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-26 21:47:40 16,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 12:37:56 2,738,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 12:37:38 35,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-26 21:48:02 222,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 12:37:50 1,163,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 12:38:00 4,746,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 12:37:54 1,396,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-26 21:48:34 955,680 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 12:37:40 268,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-26 21:48:26 572,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 12:37:48 631,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-26 17:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 17:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 12:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 12:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 12:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 18:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2008-10-25 15:32:36 609,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2008-10-25 15:32:36 118,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-26 16:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 17:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 12:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 12:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 18:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 10:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 12:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 11:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 16:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 17:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 18:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 17:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 10:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 12:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 16:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 10:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 16:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 16:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 17:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 12:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 17:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 17:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 17:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 12:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 17:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 17:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 17:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 12:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 17:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 17:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 17:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 12:39:36 687,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 12:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 17:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 17:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 17:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 12:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 17:23:00 782,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 17:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-26 15:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 12:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 12:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 12:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 12:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 18:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 12:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 12:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-10-25 15:31:51 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 16:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 17:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 11:05:00 77,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 17:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 12:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 17:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 18:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 18:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 11:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 17:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 17:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 17:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 17:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 18:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 12:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 11:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 11:04:48 29,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 11:05:04 126,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 11:05:02 86,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 11:04:56 58,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 11:04:48 27,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 11:04:54 51,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 11:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 11:04:58 76,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-29 21:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 20:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 19:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 12:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-10-25 15:31:52 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 12:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 12:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 12:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 11:05:08 1,181,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 18:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 18:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 11:05:08 530,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2008-11-24 01:24:38 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
- 2008-05-11 20:01:29 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-10-11 04:10:15 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-10-05 19:03:03 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-13 00:02:14 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-10-05 19:00:36 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2008-11-13 00:06:31 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-13 00:06:31 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-13 00:06:31 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-13 00:06:31 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-13 00:06:31 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-13 00:06:31 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-13 00:06:31 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-13 00:06:31 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-13 00:06:31 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-13 00:06:31 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-13 00:06:31 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-13 00:06:31 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-13 00:06:52 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-11-16 16:15:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2008-05-12 15:02:49 29,926 ----a-r c:\windows\Installer\{CACE46A6-D098-40B3-911D-A7334E336714}\MsblIco.Exe
+ 2008-10-11 14:23:38 29,926 ----a-r c:\windows\Installer\{CACE46A6-D098-40B3-911D-A7334E336714}\MsblIco.Exe
- 2008-10-02 16:44:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-28 17:22:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-02 16:44:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-28 17:22:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-02 17:20:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-28 19:42:50 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-28 19:42:50 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-02 16:45:59 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-28 19:42:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-28 19:42:44 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-18 19:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 11:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-10-02 16:44:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-28 19:28:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-02 16:44:26 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
+ 2008-11-28 19:28:15 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
- 2008-10-02 16:44:26 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\s\index.dat
+ 2008-11-28 19:28:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\s\index.dat
- 2008-10-02 17:27:58 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-28 19:37:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-05-30 23:22:46 683,520 ----a-w c:\windows\System32\divx.dll
+ 2007-02-01 02:56:06 639,066 ----a-w c:\windows\System32\divx.dll
- 2008-05-22 22:19:46 81,920 ----a-w c:\windows\System32\dpl100.dll
+ 2007-01-30 02:56:58 73,728 ----a-w c:\windows\System32\dpl100.dll
+ 2007-08-08 09:06:40 23,424 ----a-w c:\windows\System32\drivers\ewdcsc.sys
+ 2007-08-08 09:07:42 101,504 ----a-w c:\windows\System32\drivers\ewusbmdm.sys
- 2008-01-29 09:01:28 16,168 ----a-w c:\windows\System32\drivers\GEARAspiWDM.sys
+ 2008-04-17 10:12:54 15,464 ----a-w c:\windows\System32\drivers\GEARAspiWDM.sys
- 2008-01-18 18:29:30 288,256 ----a-w c:\windows\System32\drivers\srv.sys
+ 2008-08-27 01:06:25 288,768 ----a-w c:\windows\System32\drivers\srv.sys
+ 2007-08-08 09:06:40 23,424 ----a-w c:\windows\System32\DriverStore\FileRepository\ewdcsc.inf_5bf1fcc0\ewdcsc.sys
+ 2007-08-08 09:07:42 101,504 ----a-w c:\windows\System32\DriverStore\FileRepository\ewmdm2k.inf_3e6e8a74\ewusbmdm.sys
+ 2007-08-08 09:07:42 101,504 ----a-w c:\windows\System32\DriverStore\FileRepository\ewser2k.inf_12542008\ewusbmdm.sys
+ 2008-10-01 10:01:28 32,000 ----a-w c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_3c16a04b\usbaapl.sys
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 10:12:54 15,464 -c--a-w c:\windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2007-01-30 02:56:58 196,608 ----a-w c:\windows\System32\dtu100.dll
- 2008-04-23 04:42:37 428,544 ----a-w c:\windows\System32\EncDec.dll
+ 2008-08-05 09:49:58 428,544 ----a-w c:\windows\System32\EncDec.dll
- 2008-06-12 18:36:38 7,680 ----a-w c:\windows\System32\ff_vfw.dll
+ 2007-02-21 18:00:28 10,752 ----a-w c:\windows\System32\ff_vfw.dll
+ 2007-08-22 22:03:38 1,195,888 ----a-w c:\windows\System32\FM20.DLL
+ 2006-10-26 11:10:06 33,088 ----a-w c:\windows\System32\FM20ENU.DLL
- 2008-05-27 03:39:44 268,680 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-10-26 13:02:07 413,520 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2008-01-29 09:02:30 107,368 ----a-w c:\windows\System32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\System32\GEARAspi.dll
- 2008-06-27 04:15:23 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\System32\ieframe.dll
- 2008-01-18 20:34:32 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2008-10-02 03:49:14 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-06-27 04:15:24 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2008-10-02 03:49:14 28,160 ----a-w c:\windows\System32\jsproxy.dll
- 2008-06-11 00:04:26 1,044,480 ----a-w c:\windows\System32\libdivx.dll
+ 2007-01-30 03:03:28 1,044,480 ----a-w c:\windows\System32\libdivx.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\System32\Macromed\Flash\FlashUtil10a.exe
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-05-11 20:06:21 74,649 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-08 13:14:11 88,590 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-02 16:11:21 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2008-06-27 04:15:28 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
+ 2008-05-13 17:45:03 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w c:\windows\System32\mrt.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\System32\mrt.exe
- 2008-06-27 04:15:24 3,578,368 ----a-w c:\windows\System32\mshtml.dll
+ 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2006-10-26 16:56:10 32,592 ----a-w c:\windows\System32\msonpmon.dll
+ 2006-07-24 07:50:38 125,744 ----a-w c:\windows\System32\MSSTDFMT.DLL
- 2008-06-27 04:15:25 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2008-10-02 03:49:16 671,232 ----a-w c:\windows\System32\mstime.dll
- 2008-01-18 20:35:36 466,944 ----a-w c:\windows\System32\netapi32.dll
+ 2008-10-16 04:47:33 466,944 ----a-w c:\windows\System32\netapi32.dll
+ 2008-11-18 20:06:25 2,456 ----a-w c:\windows\System32\networklist\icons\{32DF1C7A-E598-4CF3-AC19-5FBCDECE98D0}_24.bin
+ 2008-11-18 20:06:25 4,280 ----a-w c:\windows\System32\networklist\icons\{32DF1C7A-E598-4CF3-AC19-5FBCDECE98D0}_32.bin
+ 2008-11-18 20:06:25 9,560 ----a-w c:\windows\System32\networklist\icons\{32DF1C7A-E598-4CF3-AC19-5FBCDECE98D0}_48.bin
- 2008-09-22 16:06:57 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-27 23:00:08 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2008-09-22 16:06:57 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-27 23:00:08 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2008-08-12 14:11:32 278,528 ----a-w c:\windows\System32\pncrt.dll
+ 2008-10-11 18:52:00 278,528 ----a-w c:\windows\System32\pncrt.dll
- 2008-04-23 04:42:37 293,376 ----a-w c:\windows\System32\psisdecd.dll
+ 2008-08-05 09:49:58 293,376 ----a-w c:\windows\System32\psisdecd.dll
- 2008-05-22 22:22:18 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
+ 2007-01-30 03:03:42 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
+ 2006-07-24 07:50:40 39,728 ----a-w c:\windows\System32\SCP32.DLL
+ 2006-11-02 15:10:16 80,912 ----a-w c:\windows\System32\sherlock2.exe
- 2008-09-17 04:53:29 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-26 00:06:40 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-10-26 16:56:16 864,080 ----a-w c:\windows\System32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-10-26 16:56:14 67,408 ----a-w c:\windows\System32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-10-26 16:56:16 864,080 ----a-w c:\windows\System32\spool\drivers\w32x86\msonpdrv.dll
+ 2006-10-26 16:56:14 67,408 ----a-w c:\windows\System32\spool\drivers\w32x86\msonpui.dll
+ 2006-10-26 16:56:12 33,104 ----a-w c:\windows\System32\spool\prtprocs\w32x86\msonpppr.dll
- 2008-06-11 00:04:26 200,704 ----a-w c:\windows\System32\ssldivx.dll
+ 2007-01-30 03:03:28 200,704 ----a-w c:\windows\System32\ssldivx.dll
+ 2006-11-02 09:45:39 31,744 ----a-w c:\windows\System32\swsc.exe
- 2008-06-27 04:15:28 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2006-07-24 07:50:40 47,920 ----a-w c:\windows\System32\VBAME.DLL
- 2008-10-02 16:46:16 11,564 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1862329753-1500085176-1659670493-1000_UserData.bin
+ 2008-11-28 17:25:05 12,136 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1862329753-1500085176-1659670493-1000_UserData.bin
- 2008-10-02 16:46:16 67,242 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 17:25:05 69,066 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 04:33:17 4,718 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-10-02 16:46:14 47,302 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 17:24:35 50,870 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-21 00:45:22 249,496 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-11-27 19:19:58 274,598 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2007-01-20 18:26:06 1,565,480 ----a-w c:\windows\System32\wmv9vcm.dll
- 2008-01-10 12:15:30 755,027 ----a-w c:\windows\System32\xvidcore.dll
+ 2006-11-01 11:52:38 765,952 ----a-w c:\windows\System32\xvidcore.dll
- 2008-01-10 12:16:20 159,839 ----a-w c:\windows\System32\xvidvfw.dll
+ 2006-11-01 11:54:30 180,224 ----a-w c:\windows\System32\xvidvfw.dll
- 2004-01-25 16:18:44 217,088 ----a-w c:\windows\System32\yv12vfw.dll
+ 2004-01-25 15:18:44 217,088 ----a-w c:\windows\System32\yv12vfw.dll
- 2008-09-17 02:48:11 32,303,905 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-26 00:03:28 49,715,462 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-08-06 03:28:23 864,256 ----a-w c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16724_none_d9ab5d3ed1ce7791\ehepg.dll
+ 2008-08-06 03:22:33 864,256 ----a-w c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20889_none_d9f91bf3eb183db4\ehepg.dll
+ 2008-08-06 03:28:25 135,168 ----a-w c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\ehexthost.exe
+ 2008-08-06 03:22:34 135,168 ----a-w c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20889_none_bd3e98a9db07a0ff\ehexthost.exe
+ 2008-08-06 03:28:27 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16724_none_fbd3e0d909c338d1\ehiExtens.dll
+ 2008-08-06 03:22:36 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20889_none_fc219f8e230cfef4\ehiExtens.dll
+ 2008-08-06 03:28:32 4,374,528 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16724_none_899e787f448205e3\ehshell.dll
+ 2008-08-06 03:22:41 4,382,720 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20889_none_89ec37345dcbcc06\ehshell.dll
+ 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18115_none_8b90875b419f943a\ehshell.dll
+ 2008-08-06 04:03:14 4,046,848 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22237_none_8c0684e25acb9e94\ehshell.dll
+ 2008-08-06 03:28:49 1,196,032 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16724_none_4e9c1c3698c67c79\Microsoft.MediaCenter.Shell.dll
+ 2008-08-06 03:22:59 1,269,760 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20889_none_4ee9daebb210429c\Microsoft.MediaCenter.Shell.dll
+ 2008-08-06 03:28:50 2,342,912 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16724_none_312a6ae65a1a7993\Microsoft.MediaCenter.UI.dll
+ 2008-08-06 03:23:00 2,351,104 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20889_none_3178299b73643fb6\Microsoft.MediaCenter.UI.dll
+ 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18115_none_331c79c2573807ea\Microsoft.MediaCenter.UI.dll
+ 2008-08-06 04:03:38 1,957,888 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22237_none_3392774970641244\Microsoft.MediaCenter.UI.dll
+ 2008-08-06 03:28:48 217,088 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16724_none_2385c3d9cf32e5a9\Microsoft.MediaCenter.dll
+ 2008-08-06 03:22:59 217,088 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20889_none_23d3828ee87cabcc\Microsoft.MediaCenter.dll
+ 2008-08-06 03:28:43 136,704 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe
+ 2008-08-06 03:22:54 136,704 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe
+ 2008-08-05 09:51:47 140,288 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe
+ 2008-08-06 04:03:31 140,288 ----a-w c:\windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe
+ 2008-10-02 03:49:01 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\advpack.dll
+ 2008-10-02 03:25:49 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\advpack.dll
+ 2008-08-06 03:27:39 252,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16724_none_12bf9ca3a298d741\ehReplay.dll
+ 2008-08-06 03:18:00 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20889_none_130d5b58bbe29d64\ehReplay.dll
+ 2008-08-05 09:49:54 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18115_none_14b1ab7f9fb66598\ehReplay.dll
+ 2008-08-06 03:56:06 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22237_none_1527a906b8e26ff2\ehReplay.dll
+ 2008-08-06 03:27:40 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.dll
+ 2008-08-06 03:27:11 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.exe
+ 2008-08-06 03:19:18 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.dll
+ 2008-08-06 02:50:30 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.exe
+ 2008-01-18 20:34:46 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.dll
+ 2008-08-05 09:49:28 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.exe
+ 2008-08-06 03:57:56 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.dll
+ 2008-08-06 03:27:54 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.exe
+ 2008-08-06 03:27:39 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16724_none_2de5dbb18528130f\ehdebug.dll
+ 2008-08-06 03:17:56 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20889_none_2e339a669e71d932\ehdebug.dll
+ 2008-08-06 03:27:39 372,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16724_none_2d43ff096d0817ea\ehglid.dll
+ 2008-08-06 03:17:58 372,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20889_none_2d91bdbe8651de0d\ehglid.dll
+ 2008-08-05 09:49:54 373,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18115_none_2f360de56a25a641\ehglid.dll
+ 2008-08-06 03:56:06 373,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22237_none_2fac0b6c8351b09b\ehglid.dll
+ 2008-08-06 03:27:39 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16724_none_24d0bc2864e02dde\ehPresenter.dll
+ 2008-08-06 03:17:59 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20889_none_251e7add7e29f401\ehPresenter.dll
+ 2008-08-05 09:49:54 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18115_none_26c2cb0461fdbc35\ehPresenter.dll
+ 2008-08-06 03:56:06 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22237_none_2738c88b7b29c68f\ehPresenter.dll
+ 2008-08-06 03:21:59 10,094,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16724_none_50142885535e3590\ehres.dll
+ 2008-08-06 03:18:12 10,103,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20889_none_5061e73a6ca7fbb3\ehres.dll
+ 2008-08-06 03:27:39 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16724_none_36c4edb116c5f8a5\ehtrace.dll
+ 2008-08-06 03:18:12 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20889_none_3712ac66300fbec8\ehtrace.dll
+ 2008-08-06 03:27:39 517,632 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16724_none_cccc40dbcc4dcbaa\ehui.dll
+ 2008-08-06 03:18:12 521,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20889_none_cd19ff90e59791cd\ehui.dll
+ 2008-08-05 09:49:54 522,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18115_none_cebe4fb7c96b5a01\ehui.dll
+ 2008-08-06 03:56:08 522,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22237_none_cf344d3ee297645b\ehui.dll
+ 2008-08-06 03:27:39 1,497,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16724_none_3a1333122e23804c\ehuihlp.dll
+ 2008-08-06 03:18:13 1,498,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20889_none_3a60f1c7476d466f\ehuihlp.dll
+ 2008-09-18 04:56:02 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\Faultrep.dll
+ 2008-01-18 20:33:36 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe
+ 2008-01-18 20:33:36 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFaultSecure.exe
+ 2008-09-20 04:00:23 147,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\Faultrep.dll
+ 2008-09-20 04:00:16 217,088 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe
+ 2008-09-20 04:00:16 860,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFaultSecure.exe
+ 2008-09-18 04:56:07 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\wersvc.dll
+ 2008-09-20 04:00:26 125,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.22271_none_7a0ae2e8aa3b1988\wersvc.dll
+ 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
+ 2008-10-21 05:06:53 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
+ 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
+ 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
+ 2008-10-02 03:49:05 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\pngfilt.dll
+ 2008-10-02 03:30:07 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\pngfilt.dll
+ 2008-10-02 03:49:06 1,159,680 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\urlmon.dll
+ 2008-10-02 03:30:37 1,162,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\urlmon.dll
+ 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\urlmon.dll
+ 2008-10-02 03:34:49 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\urlmon.dll
+ 2008-10-02 03:49:04 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\mstime.dll
+ 2008-10-02 03:28:20 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\mstime.dll
+ 2008-10-02 03:49:16 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\mstime.dll
+ 2008-10-02 03:34:46 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\mstime.dll
+ 2008-10-02 03:49:02 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\jsproxy.dll
+ 2008-10-02 03:49:06 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
+ 2008-10-02 03:49:06 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\WininetPlugin.dll
+ 2008-10-02 03:27:01 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\jsproxy.dll
+ 2008-10-02 03:30:45 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
+ 2008-10-02 03:30:45 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\WininetPlugin.dll
+ 2008-10-02 03:49:14 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\jsproxy.dll
+ 2008-10-02 03:49:19 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
+ 2008-05-13 17:45:03 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WininetPlugin.dll
+ 2008-10-02 03:34:46 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\jsproxy.dll
+ 2008-10-02 03:34:49 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
+ 2008-10-02 03:34:49 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\WininetPlugin.dll
+ 2008-05-13 17:45:16 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dat
+ 2008-10-02 03:49:02 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dll
+ 2008-05-13 17:45:16 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dat
+ 2008-10-02 03:26:47 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dll
+ 2008-10-02 03:49:02 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\dxtmsft.dll
+ 2008-10-02 03:49:02 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\dxtrans.dll
+ 2008-10-02 03:26:19 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\dxtmsft.dll
+ 2008-10-02 03:26:20 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\dxtrans.dll
+ 2008-10-02 03:49:03 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\mshtmled.dll
+ 2008-10-02 03:27:54 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\mshtmled.dll
+ 2008-10-02 03:49:03 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\mshtml.dll
+ 2008-10-02 03:27:54 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\mshtml.dll
+ 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\mshtml.dll
+ 2008-10-02 03:34:46 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\mshtml.dll
+ 2008-10-02 03:49:02 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\icardie.dll
+ 2008-10-02 03:26:46 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\icardie.dll
+ 2008-10-02 03:48:32 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\ieUnatt.exe
+ 2008-10-02 03:50:01 633,632 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
+ 2008-10-02 01:18:42 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\ieUnatt.exe
+ 2008-10-02 03:32:01 633,632 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
+ 2008-10-02 03:49:02 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\iertutil.dll
+ 2008-10-02 03:49:06 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\sqmapi.dll
+ 2008-10-02 03:26:48 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\iertutil.dll
+ 2008-10-02 03:30:30 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\sqmapi.dll
+ 2008-10-02 03:49:14 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\iertutil.dll
+ 2008-01-18 20:36:36 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\sqmapi.dll
+ 2008-10-02 03:34:45 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\iertutil.dll
+ 2008-10-02 03:34:48 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\sqmapi.dll
+ 2008-10-02 03:48:32 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\ie4uinit.exe
+ 2008-10-02 03:49:02 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\iernonce.dll
+ 2008-10-02 03:49:02 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\iesetup.dll
+ 2008-10-02 01:18:33 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\ie4uinit.exe
+ 2008-10-02 03:26:48 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\iernonce.dll
+ 2008-10-02 03:26:48 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\iesetup.dll
+ 2008-10-02 03:49:02 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\iebrshim.dll
+ 2008-10-02 03:26:47 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\iebrshim.dll
+ 2008-10-02 03:49:02 6,066,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\ieframe.dll
+ 2008-10-02 03:49:02 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\ieui.dll
+ 2008-10-02 03:26:48 6,068,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\ieframe.dll
+ 2008-10-02 03:26:48 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\ieui.dll
+ 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieframe.dll
+ 2008-01-18 20:34:32 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieui.dll
+ 2008-10-02 03:34:45 6,069,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\ieframe.dll
+ 2008-10-02 03:34:45 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\ieui.dll
+ 2008-10-02 03:48:32 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\ieinstal.exe
+ 2008-10-02 01:18:55 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\ieinstal.exe
+ 2008-10-02 03:48:32 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\ieuser.exe
+ 2008-10-02 01:18:56 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\ieuser.exe
+ 2008-08-06 03:27:40 1,244,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16724_none_3d328dcd626a3334\mcmde.dll
+ 2008-08-06 03:19:18 1,244,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20889_none_3d804c827bb3f957\mcmde.dll
+ 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll
+ 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll
+ 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll
+ 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll
+ 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll
+ 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll
+ 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll
+ 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll
+ 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll
+ 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll
+ 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll
+ 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll
+ 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll
+ 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll
+ 2008-10-16 04:40:36 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.16764_none_8b10fff30496576a\netapi32.dll
+ 2008-10-16 04:22:27 425,984 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6000.20937_none_8bbe0f461d98ec8d\netapi32.dll
+ 2008-10-16 04:47:33 466,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\netapi32.dll
+ 2008-10-16 04:38:26 466,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.22288_none_8d6f3cb41ae72563\netapi32.dll
+ 2008-09-03 03:56:52 465,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6000.16743_none_0f67cfc253a03fb2\newdev.dll
+ 2008-09-03 03:56:29 74,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6000.16743_none_0f67cfc253a03fb2\newdev.exe
+ 2008-09-03 03:33:46 465,408 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6000.20908_none_1021af956c98eb92\newdev.dll
+ 2008-09-03 00:57:59 74,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6000.20908_none_1021af956c98eb92\newdev.exe
+ 2008-09-03 03:59:19 468,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18134_none_1159de9e50bdce09\newdev.dll
+ 2008-09-03 03:58:27 74,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18134_none_1159de9e50bdce09\newdev.exe
+ 2008-09-03 03:54:12 468,992 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.22256_none_11cfdc2569e9d863\newdev.dll
+ 2008-09-03 03:53:48 74,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.22256_none_11cfdc2569e9d863\newdev.exe
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat
+ 2008-09-18 04:35:05 3,505,208 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntkrnlpa.exe
+ 2008-09-18 04:35:07 3,470,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe
+ 2008-09-18 04:27:45 3,506,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntkrnlpa.exe
+ 2008-09-18 04:27:44 3,472,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe
+ 2008-09-18 05:09:10 3,601,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntkrnlpa.exe
+ 2008-09-18 05:09:09 3,549,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe
+ 2008-09-18 04:54:44 3,601,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntkrnlpa.exe
+ 2008-09-18 04:54:49 3,549,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe
+ 2008-08-12 03:29:17 37,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\printcom.dll
+ 2008-08-12 03:29:18 441,856 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\win32spl.dll
+ 2008-08-12 03:17:47 37,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\printcom.dll
+ 2008-08-12 03:18:17 444,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\win32spl.dll
+ 2008-01-18 20:36:08 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\printcom.dll
+ 2008-08-12 03:39:08 443,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\win32spl.dll
+ 2008-08-12 03:25:35 37,888 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\printcom.dll
+ 2008-08-12 03:25:37 443,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\win32spl.dll
+ 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photodatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotodataHandler.dll
+ 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photodatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotodataHandler.dll
+ 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photodatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotodataHandler.dll
+ 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photodatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotodataHandler.dll
+ 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
+ 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
+ 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
+ 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
+ 2008-08-26 01:12:30 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\srv.sys
+ 2008-08-27 00:49:12 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\srv.sys
+ 2008-08-27 01:06:25 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\srv.sys
+ 2008-08-27 00:53:21 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\srv.sys
+ 2008-08-06 03:27:39 428,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16724_none_de803b00914caa46\EncDec.dll
+ 2008-08-06 03:18:16 428,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20889_none_decdf9b5aa967069\EncDec.dll
+ 2008-08-05 09:49:58 428,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18115_none_e07249dc8e6a389d\EncDec.dll
+ 2008-08-06 04:00:35 428,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22237_none_e0e84763a79642f7\EncDec.dll
+ 2008-08-06 03:27:43 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16724_none_da055cba59f5adf1\psisdecd.dll
+ 2008-08-06 03:21:05 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20889_none_da531b6f733f7414\psisdecd.dll
+ 2008-08-05 09:49:58 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\psisdecd.dll
+ 2008-08-06 04:00:45 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22237_none_dc6d691d703f46a2\psisdecd.dll
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 10:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 11:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-09-18 02:03:07 2,027,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys
+ 2008-09-20 01:13:20 2,029,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys
+ 2008-09-18 02:16:28 2,032,640 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys
+ 2008-09-20 01:21:50 2,033,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys
+ 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
+ 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
+ 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
+ 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
+ 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
+ 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
+ 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
+ 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
+ 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
+ 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
+ 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
+ 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
+ 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
+ 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
+ 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
+ 2008-01-18 20:36:08 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2008-01-18 20:36:08 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
+ 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
+ 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
+ 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
+ 2008-11-13 00:02:16 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll
+ 2008-11-13 00:02:20 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 22:56 1987544 --a------ c:\progra~1\OOVOOT~1\OOVOOT~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{a6dd9dea-70f3-4b24-917a-985a11827efd}]
2008-07-21 20:31 1603608 --a------ c:\program files\alahli_sa\tbalah.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6dd9dea-70f3-4b24-917a-985a11827efd}"= "c:\program files\alahli_sa\tbalah.dll" [2008-07-21 1603608]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "c:\progra~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "c:\progra~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]
"{A6DD9DEA-70F3-4B24-917A-985A11827EFD}"= "c:\program files\alahli_sa\tbalah.dll" [2008-07-21 1603608]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{a6dd9dea-70f3-4b24-917a-985a11827efd}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2008-11-20 14202672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]
"Athan"="c:\program files\Athan\Athan.exe" [2008-08-18 1089536]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-04-23 1443072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-11 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{492F0418-80AB-499C-8D5E-4366E3100735}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{016241FF-4C06-4D14-96D8-230FB4E7FEDD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF0B6C40-FEBE-4751-AD44-46DA8D3895B0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D46779CD-C588-46A5-953D-6589EF878A69}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{500541EC-9830-48FB-8FBE-398CAC71E9CB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{970CD166-2BAC-492D-8090-66CBAC8E1B7C}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe

altalkScene
"UDP Query User{43DCD848-2164-406E-B347-8F6E2347A8AE}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe

altalkScene
"TCP Query User{7B219719-57B8-41EC-AEEF-9264FDB81F78}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe

oVoo
"UDP Query User{F302AD9C-D207-4DB0-A35D-56C93A87A127}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe

oVoo
"{D202E22A-B572-4FAE-8D1A-72A2A583D4BF}"= UDP:443

oVoo TCP port 443
"{D3242F4C-0A09-46B1-9333-C736A86B9A8F}"= TCP:443

oVoo UDP port 443
"{0D677ACA-71BA-49E8-AFC9-25BF0641EB3F}"= UDP:37674

oVoo TCP port 37674
"{D36CC8E8-F79C-486A-A0F8-955A9649853E}"= TCP:37674

oVoo UDP port 37674
"{1AD118DF-EE9F-417C-8F97-24EFE76098D1}"= TCP:37675

oVoo UDP port 37675
"{403E452C-B2C2-488E-9F4A-1FA0A141E07A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{56EC608E-01E4-4E63-87C4-9AB68BCF7DF8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B0AE8E10-F62B-465B-9F38-77117DEF5E69}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6D379F4-0CDA-4208-9356-B3256CD8A021}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{80DB33CF-BA0C-4710-8970-E8C0870AE708}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6FBCCE80-CB3C-4714-858C-A20970BCA797}"= Disabled:UDP:443

oVoo TCP port 443
"{47CA8EC1-8C3A-4C40-9AEE-CCBA4BDD9C4C}"= Disabled:TCP:443

oVoo UDP port 443
"{E8E927E7-C4E9-4AD9-A387-53A55DE8AE22}"= Disabled:UDP:37674

oVoo TCP port 37674
"{08D9EF11-F987-4A5E-AE8D-886B23895F0D}"= Disabled:TCP:37674

oVoo UDP port 37674
"{6A7C2E7A-744D-4A8A-A162-2D6350EE9DEC}"= Disabled:TCP:37675

oVoo UDP port 37675
"TCP Query User{18F43336-78A8-49B7-B6A2-53107C270F41}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe

oVoo
"UDP Query User{54669C3F-2308-44F0-BE8D-DF6493127649}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe

oVoo
"{2DB22FCE-9BDF-4884-A440-E94556F3C5C8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{50D4FDBF-137D-4E57-842D-1BF66D637425}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{10EEE235-63BD-4670-BB79-28ABD579B653}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7434816A-0F06-4C12-BC6F-52041AD219B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0B8EB46C-77F8-4DED-9A72-0A26146E2CD5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F5472FFB-89F0-4DF7-A360-2B5A8CA663BA}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe"= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"UDP Query User{CCD3856F-EECA-443E-989F-CC8086176FD2}c:\\program files\\huawei technologies\\huawei umts data card\\3 usb modem.exe"= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem
"TCP Query User{5D3DF876-9E7F-49F7-BD6A-518FD39E07A2}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{3D736BB1-049A-4F13-83DB-CCB654F98CD2}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{1899215F-BD0F-4159-95A7-9F103729846C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{2D108209-B459-42B2-80C6-6F67FC488582}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{D84F919B-0AD9-44B6-A6C2-E042713063C0}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{9AABBC23-EE07-4BDF-8B8B-BD190A5051F7}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0FEC9FEB-4781-434E-AE80-8D7BB796AA61}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ACA93DA8-4E7A-4E36-9161-914AA0FED32F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{451713F8-318E-4122-A25C-C810D0AD74BD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8A409978-09CD-48F1-9522-D091A822DB45}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{555A675A-2D02-4401-B125-1EC1D729C163}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{44DE5528-E2D1-46B0-AF9C-71EA09ED23E8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C922B65C-91C2-4C40-B97B-CD03602044F8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A182F178-A5BB-4C8E-9644-F200D65D2447}c:\\program files\\microsoft office\\office12\\groove.exe"= UDP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"UDP Query User{0B207665-9CEF-4B3A-9150-61A2A66DB6DE}c:\\program files\\microsoft office\\office12\\groove.exe"= TCP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-05-11 28120]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-05-15 7424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144fa8ea-9885-11dd-8c87-001c23b646d8}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{144fa922-9885-11dd-8c87-001c23b646d8}]
\shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198a622e-7461-11dd-ac4c-001dd9e7bc0e}]
\shell\AutoRun\command - I:\PMB_P.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294dbc07-ba35-11dd-ae27-001c23b646d8}]
\SHeLl\AutoPlAy\CoMMaNd - mlmgj.pif
\SHeLl\AutoRun\command - mlmgj.pif
\SHeLl\ExplOre\CoMmand - mlmgj.pif
\SHeLl\opeN\COmmAnD - mlmgj.pif
.
s of the 'Scheduled Tasks' folder
2008-11-28 c:\windows\Tasks\User_Feed_Synchronization-{38C222D0-E0B9-4040-8F48-F0CB86DCEC65}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\alyami\AppData\Roaming\Mozilla\Firefox\Profiles\25xv30tw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-28 22:43:01
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-28 22:45:58
ComboFix-quarantined-files.txt 2008-11-28 19:45:49
ComboFix2.txt 2008-10-02 17:34:01
Pre-Run: 74,003,496,960 bytes free
Post-Run: 73,902,813,184 bytes free
879 --- E O F --- 2008-11-27 20:16:40

الشووووق · 28 نوفمبر 2008

وهذا تقرير برنامجHijack

Logfile of HijackThis v1.99.1
Scan saved at 10:49:27 PM, on 11/28/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\alyami\Downloads\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

MAAX · 28 نوفمبر 2008

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها بدبل كلك ،، ثواني يظهر المفكرة وفيها تقرير ،، اعمل تحديد الكل وانسخه والصقه بمشاركتك القادمة

الشووووق · 28 نوفمبر 2008

هذا اللي طلبته اخوي

.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:07 PM, on 11/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Users\alyami\AppData\Local\Temp\bntoz\runn.exe
C:\Windows\system32\cmd.exe
C:\Users\alyami\AppData\Local\Temp\bntoz\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8841 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : Dwm.exe
ProcessID : 1744
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Desktop Window Manager
Company : Microsoft Corporation
Window Title :
File Size : 81,920
File Created Date : 14/05/29 08:12:34 م
File Modified Date : 09/01/29 08:33:10 م
Filename : C:\Windows\system32\Dwm.exe
Base Address : 0x00720000
Created On : 30/11/29 08:22:18 م
Visible Windows : 0
Hidden Windows : 1
User Name : alyami-PC\alyami
Mem Usage : 71060 K
Mem Usage Peak : 90100 K
Page Faults : 213298
Pagefile Usage : 56524 K
Pagefile Peak Usage : 64492 K
File Attributes : A
==================================================
==================================================
Process Name : issch.exe
ProcessID : 2040
Priority : Normal
Product Name : Macrovision FLEXnet Connect
Version : 3, 20, 100, 1123
Description : Macrovision FLEXnet Connect Scheduler
Company : Macrovision Corporation
Window Title :
File Size : 81,920
File Created Date : 10/09/27 10:37:04 ص
File Modified Date : 10/09/27 10:37:04 ص
Filename : C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 1852 K
Mem Usage Peak : 2096 K
Page Faults : 537
Pagefile Usage : 616 K
Pagefile Peak Usage : 616 K
File Attributes : A
==================================================
==================================================
Process Name : taskeng.exe
ProcessID : 204
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Task Scheduler Engine
Company : Microsoft Corporation
Window Title :
File Size : 169,472
File Created Date : 14/05/29 08:11:00 م
File Modified Date : 09/01/29 08:33:34 م
Filename : C:\Windows\system32\taskeng.exe
Base Address : 0x00D60000
Created On : 30/11/29 08:22:26 م
Visible Windows : 0
Hidden Windows : 14
User Name : alyami-PC\alyami
Mem Usage : 10456 K
Mem Usage Peak : 11016 K
Page Faults : 7157
Pagefile Usage : 10180 K
Pagefile Peak Usage : 11092 K
File Attributes : A
==================================================
==================================================
Process Name : RoxWatchTray9.exe
ProcessID : 332
Priority : Normal
Product Name : CommonSDK
Version : 9.0.1.64
Description : RoxMMTrayApp Module
Company : Sonic Solutions
Window Title :
File Size : 221,184
File Created Date : 14/10/27 10:22:16 ص
File Modified Date : 14/10/27 10:22:16 ص
Filename : C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:26 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 20388 K
Mem Usage Peak : 29144 K
Page Faults : 11533
Pagefile Usage : 30596 K
Pagefile Peak Usage : 32220 K
File Attributes : A
==================================================
==================================================
Process Name : OEM02Mon.exe
ProcessID : 372
Priority : Normal
Product Name :
Version : 1.01.01.00
Description : Live! Cam Console Auto Launcher
Company : Creative Technology Ltd.
Window Title :
File Size : 36,864
File Created Date : 22/04/28 02:01:00 م
File Modified Date : 22/04/28 02:01:00 م
Filename : C:\Windows\OEM02Mon.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:27 م
Visible Windows : 0
Hidden Windows : 3
User Name : alyami-PC\alyami
Mem Usage : 4436 K
Mem Usage Peak : 4940 K
Page Faults : 6305041
Pagefile Usage : 2636 K
Pagefile Peak Usage : 2744 K
File Attributes : A
==================================================
==================================================
Process Name : rundll32.exe
ProcessID : 784
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows host process (Rundll32)
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 11/10/27 08:48:33 ص
File Modified Date : 11/10/27 09:45:37 ص
Filename : C:\Windows\System32\rundll32.exe
Base Address : 0x00870000
Created On : 30/11/29 08:22:28 م
Visible Windows : 0
Hidden Windows : 3
User Name : alyami-PC\alyami
Mem Usage : 4160 K
Mem Usage Peak : 9168 K
Page Faults : 3417
Pagefile Usage : 3236 K
Pagefile Peak Usage : 16596 K
File Attributes : A
==================================================
==================================================
Process Name : rundll32.exe
ProcessID : 568
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows host process (Rundll32)
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 11/10/27 08:48:33 ص
File Modified Date : 11/10/27 09:45:37 ص
Filename : C:\Windows\System32\rundll32.exe
Base Address : 0x00870000
Created On : 30/11/29 08:22:28 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 3024 K
Mem Usage Peak : 3764 K
Page Faults : 1078
Pagefile Usage : 2432 K
Pagefile Peak Usage : 2492 K
File Attributes : A
==================================================
==================================================
Process Name : Athan.exe
ProcessID : 656
Priority : Normal
Product Name : Athan
Version : 3.04
Description : Automatic Athan (Azan) five times a day for every prayer time. It covers more than 5 million cities, towns, and villages all o
Company :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Window Title : Athan
File Size : 1,089,536
File Created Date : 25/06/29 10:46:22 م
File Modified Date : 17/08/29 01:02:34 ص
Filename : C:\Program Files\Athan\Athan.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:28 م
Visible Windows : 1
Hidden Windows : 29
User Name : alyami-PC\alyami
Mem Usage : 18000 K
Mem Usage Peak : 34412 K
Page Faults : 22156
Pagefile Usage : 44124 K
Pagefile Peak Usage : 50196 K
File Attributes : A
==================================================
==================================================
Process Name : egui.exe
ProcessID : 1708
Priority : Normal
Product Name : ESET Smart Security
Version : 3.0.657
Description : Eset GUI
Company : ESET
Window Title :
File Size : 1,443,072
File Created Date : 17/04/29 11:57:06 ص
File Modified Date : 17/04/29 11:57:06 ص
Filename : C:\Program Files\ESET\ESET Smart Security\egui.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:28 م
Visible Windows : 0
Hidden Windows : 3
User Name : alyami-PC\alyami
Mem Usage : 9200 K
Mem Usage Peak : 11544 K
Page Faults : 5773
Pagefile Usage : 3668 K
Pagefile Peak Usage : 3720 K
File Attributes : A
==================================================
==================================================
Process Name : sttray.exe
ProcessID : 1772
Priority : Normal
Product Name : C-Major Audio
Version : 1.0.5511.0 nd595 cp1
Description : Sigmatel Audio system tray application
Company : SigmaTel, Inc.
Window Title :
File Size : 405,504
File Created Date : 07/05/29 02:48:24 م
File Modified Date : 19/04/28 02:10:44 م
Filename : C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:28 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 5100 K
Mem Usage Peak : 9940 K
Page Faults : 3086
Pagefile Usage : 4260 K
Pagefile Peak Usage : 6272 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1800
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.4279
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 27/07/29 02:20:40 ص
File Modified Date : 11/10/29 06:51:59 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:29 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 264 K
Mem Usage Peak : 4664 K
Page Faults : 8011
Pagefile Usage : 1596 K
Pagefile Peak Usage : 2156 K
File Attributes : A
==================================================
==================================================
Process Name : GrooveMonitor.exe
ProcessID : 1796
Priority : Normal
Product Name : GrooveMonitor Utility
Version : 12.0.6211.1000
Description : GrooveMonitor Utility
Company : Microsoft Corporation
Window Title :
File Size : 33,648
File Created Date : 11/08/28 04:00:48 ص
File Modified Date : 11/08/28 04:00:48 ص
Filename : C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:29 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 5452 K
Mem Usage Peak : 6232 K
Page Faults : 1788
Pagefile Usage : 1956 K
Pagefile Peak Usage : 1956 K
File Attributes : A
==================================================
==================================================
Process Name : iTunesHelper.exe
ProcessID : 1564
Priority : Normal
Product Name : iTunes
Version : 8.0.2.20
Description : iTunesHelper Module
Company : Apple Inc.
Window Title :
File Size : 290,088
File Created Date : 22/11/29 10:20:54 ص
File Modified Date : 22/11/29 10:20:54 ص
Filename : C:\Program Files\iTunes\iTunesHelper.exe
Base Address : 0x00C70000
Created On : 30/11/29 08:22:30 م
Visible Windows : 0
Hidden Windows : 7
User Name : alyami-PC\alyami
Mem Usage : 5404 K
Mem Usage Peak : 9616 K
Page Faults : 2682
Pagefile Usage : 6296 K
Pagefile Peak Usage : 6300 K
File Attributes : A
==================================================
==================================================
Process Name : GoogleToolbarNotifier.exe
ProcessID : 1016
Priority : Normal
Product Name : GoogleToolbarNotifier
Version : 2, 0, 301, 1654
Description : GoogleToolbarNotifier
Company : Google Inc.
Window Title :
File Size : 68,856
File Created Date : 19/07/29 07:55:39 م
File Modified Date : 19/07/29 07:55:39 م
Filename : C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:31 م
Visible Windows : 0
Hidden Windows : 4
User Name : alyami-PC\alyami
Mem Usage : 400 K
Mem Usage Peak : 7024 K
Page Faults : 7337
Pagefile Usage : 3508 K
Pagefile Peak Usage : 3544 K
File Attributes : A
==================================================
==================================================
Process Name : sidebar.exe
ProcessID : 456
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Description : Windows Sidebar
Company : Microsoft Corporation
Window Title : AppBar Bullet
File Size : 1,233,920
File Created Date : 14/05/29 08:13:20 م
File Modified Date : 09/01/29 08:33:32 م
Filename : C:\Program Files\Windows Sidebar\sidebar.exe
Base Address : 0x00290000
Created On : 30/11/29 08:22:31 م
Visible Windows : 4
Hidden Windows : 9
User Name : alyami-PC\alyami
Mem Usage : 16284 K
Mem Usage Peak : 17704 K
Page Faults : 73456
Pagefile Usage : 8424 K
Pagefile Peak Usage : 9344 K
File Attributes : A
==================================================
==================================================
Process Name : ehtray.exe
ProcessID : 612
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Description : Media Center Tray Applet
Company : Microsoft Corporation
Window Title :
File Size : 125,952
File Created Date : 14/05/29 08:12:43 م
File Modified Date : 09/01/29 08:33:10 م
Filename : C:\Windows\ehome\ehtray.exe
Base Address : 0x01390000
Created On : 30/11/29 08:22:32 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 1136 K
Mem Usage Peak : 5540 K
Page Faults : 1846
Pagefile Usage : 1624 K
Pagefile Peak Usage : 1664 K
File Attributes : A
==================================================
==================================================
Process Name : ooVoo.exe
ProcessID : 1452
Priority : Normal
Product Name : ooVoo
Version : 1, 7, 1, 59
Description : ooVoo
Company : ooVoo
Window Title :
File Size : 14,202,672
File Created Date : 29/11/29 09:11:03 م
File Modified Date : 22/11/29 11:45:36 ص
Filename : C:\Program Files\ooVoo\ooVoo.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:32 م
Visible Windows : 0
Hidden Windows : 47
User Name : alyami-PC\alyami
Mem Usage : 22808 K
Mem Usage Peak : 36180 K
Page Faults : 750370
Pagefile Usage : 25236 K
Pagefile Peak Usage : 26912 K
File Attributes : A
==================================================
==================================================
Process Name : mobsync.exe
ProcessID : 2508
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Description : Microsoft Sync Center
Company : Microsoft Corporation
Window Title :
File Size : 95,744
File Created Date : 14/05/29 08:13:21 م
File Modified Date : 09/01/29 08:33:16 م
Filename : C:\Windows\System32\mobsync.exe
Base Address : 0x00580000
Created On : 30/11/29 08:22:38 م
Visible Windows : 0
Hidden Windows : 1
User Name : alyami-PC\alyami
Mem Usage : 4300 K
Mem Usage Peak : 5556 K
Page Faults : 1545
Pagefile Usage : 2788 K
Pagefile Peak Usage : 2972 K
File Attributes : A
==================================================
==================================================
Process Name : rundll32.exe
ProcessID : 2584
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows host process (Rundll32)
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 11/10/27 08:48:33 ص
File Modified Date : 11/10/27 09:45:37 ص
Filename : C:\Windows\System32\rundll32.exe
Base Address : 0x00870000
Created On : 30/11/29 08:22:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 4176 K
Mem Usage Peak : 5404 K
Page Faults : 1554
Pagefile Usage : 3244 K
Pagefile Peak Usage : 3304 K
File Attributes : A
==================================================
==================================================
Process Name : ehmsas.exe
ProcessID : 2904
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Media Center Media Status Aggregator Service
Company : Microsoft Corporation
Window Title :
File Size : 37,376
File Created Date : 14/05/29 08:12:40 م
File Modified Date : 09/01/29 08:33:10 م
Filename : C:\Windows\ehome\ehmsas.exe
Base Address : 0x01350000
Created On : 30/11/29 08:22:46 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 3436 K
Mem Usage Peak : 4144 K
Page Faults : 1136
Pagefile Usage : 1144 K
Pagefile Peak Usage : 1184 K
File Attributes : A
==================================================
==================================================
Process Name : ymsgr_tray.exe
ProcessID : 3572
Priority : Normal
Product Name : Yahoo! Messenger
Version : 8,1,0,0
Description : Yahoo! Messenger Tray
Company : Yahoo! Inc.
Window Title :
File Size : 103,664
File Created Date : 26/05/29 11:03:40 م
File Modified Date : 17/08/28 02:43:18 م
Filename : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Base Address : 0x00400000
Created On : 30/11/29 08:22:53 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 3700 K
Mem Usage Peak : 5648 K
Page Faults : 1694
Pagefile Usage : 2208 K
Pagefile Peak Usage : 4752 K
File Attributes : A
==================================================
==================================================
Process Name : CPSHelpRunner.exe
ProcessID : 1520
Priority : Normal
Product Name : CommonSDK
Version : 9.0.1.64
Description : ROXHelpRunner Module
Company : Sonic Solutions
Window Title :
File Size : 10,752
File Created Date : 14/10/27 09:55:48 ص
File Modified Date : 14/10/27 09:55:48 ص
Filename : C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
Base Address : 0x00400000
Created On : 30/11/29 08:23:47 م
Visible Windows : 0
Hidden Windows : 5
User Name : alyami-PC\alyami
Mem Usage : 3472 K
Mem Usage Peak : 4084 K
Page Faults : 1044
Pagefile Usage : 1216 K
Pagefile Peak Usage : 1232 K
File Attributes : A
==================================================
==================================================
Process Name : unsecapp.exe
ProcessID : 3552
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Description : Sink to receive asynchronous callbacks for WMI client application
Company : Microsoft Corporation
Window Title :
File Size : 37,888
File Created Date : 14/05/29 08:10:51 م
File Modified Date : 09/01/29 08:33:34 م
Filename : C:\Windows\system32\wbem\unsecapp.exe
Base Address : 0x00E50000
Created On : 30/11/29 08:24:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 5144 K
Mem Usage Peak : 5320 K
Page Faults : 4154
Pagefile Usage : 2324 K
Pagefile Peak Usage : 2364 K
File Attributes : A
==================================================
==================================================
Process Name : ieuser.exe
ProcessID : 1616
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 299,520
File Created Date : 14/05/29 08:11:56 م
File Modified Date : 09/01/29 08:33:14 م
Filename : C:\Program Files\Internet Explorer\ieuser.exe
Base Address : 0x00510000
Created On : 30/11/29 08:24:44 م
Visible Windows : 0
Hidden Windows : 2
User Name : alyami-PC\alyami
Mem Usage : 21176 K
Mem Usage Peak : 24460 K
Page Faults : 32130
Pagefile Usage : 8988 K
Pagefile Peak Usage : 11604 K
File Attributes : A
==================================================
==================================================
Process Name : Skype.exe
ProcessID : 4600
Priority : Normal
Product Name : Skype
Version : 3.8.0.180
Description : Skype
Company : Skype Technologies S.A.
Window Title :
File Size : 21,755,688
File Created Date : 23/09/29 11:17:06 ص
File Modified Date : 23/09/29 11:17:06 ص
Filename : C:\Program Files\Skype\Phone\Skype.exe
Base Address : 0x00400000
Created On : 30/11/29 08:49:44 م
Visible Windows : 0
Hidden Windows : 38
User Name : alyami-PC\alyami
Mem Usage : 53100 K
Mem Usage Peak : 80208 K
Page Faults : 452858
Pagefile Usage : 52596 K
Pagefile Peak Usage : 58876 K
File Attributes : AR
==================================================
==================================================
Process Name : skypePM.exe
ProcessID : 4948
Priority : Normal
Product Name :
Version : 2.0.0.58
Description : Skype Extras Manager
Company : Skype Technologies
Window Title :
File Size : 76,744
File Created Date : 25/05/29 12:54:16 م
File Modified Date : 25/05/29 12:54:16 م
Filename : C:\Program Files\Skype\Plugin Manager\skypePM.exe
Base Address : 0x00400000
Created On : 30/11/29 08:50:29 م
Visible Windows : 0
Hidden Windows : 76
User Name : alyami-PC\alyami
Mem Usage : 18752 K
Mem Usage Peak : 25060 K
Page Faults : 42102
Pagefile Usage : 17976 K
Pagefile Peak Usage : 18152 K
File Attributes : AR
==================================================
==================================================
Process Name : Explorer.exe
ProcessID : 5396
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Start
File Size : 2,927,104
File Created Date : 14/05/29 08:12:38 م
File Modified Date : 09/01/29 08:33:12 م
Filename : C:\Windows\Explorer.exe
Base Address : 0x00550000
Created On : 30/11/29 10:45:51 م
Visible Windows : 4
Hidden Windows : 86
User Name : alyami-PC\alyami
Mem Usage : 65024 K
Mem Usage Peak : 68316 K
Page Faults : 83796
Pagefile Usage : 48052 K
Pagefile Peak Usage : 53156 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 4804
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title : !ـ !ـ !ـ i L?vé y?u...} - محادثة
File Size : 5,724,184
File Created Date : 06/10/28 08:34:42 ص
File Modified Date : 06/10/28 08:34:42 ص
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 30/11/29 10:46:21 م
Visible Windows : 4
Hidden Windows : 56
User Name : alyami-PC\alyami
Mem Usage : 89156 K
Mem Usage Peak : 91072 K
Page Faults : 276341
Pagefile Usage : 64164 K
Pagefile Peak Usage : 94312 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 4656
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16386 (vista_rtm.061101-2205)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : المعالجان يعملان 100% - زيزوووم للأمن والحمايه#post639529 - Windows Internet Explorer
File Size : 625,664
File Created Date : 14/05/29 08:11:56 م
File Modified Date : 09/01/29 08:33:14 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00920000
Created On : 30/11/29 10:46:24 م
Visible Windows : 1
Hidden Windows : 124
User Name : alyami-PC\alyami
Mem Usage : 109728 K
Mem Usage Peak : 118912 K
Page Faults : 65456
Pagefile Usage : 109232 K
Pagefile Peak Usage : 115404 K
File Attributes : A
==================================================
==================================================
Process Name : GoogleToolbarUser.exe
ProcessID : 676
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 239,216
File Created Date : 05/10/29 08:00:58 م
File Modified Date : 17/11/29 04:58:31 ص
Filename : C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
Base Address : 0x00390000
Created On : 30/11/29 10:46:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 6556 K
Mem Usage Peak : 6572 K
Page Faults : 1811
Pagefile Usage : 4636 K
Pagefile Peak Usage : 4652 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 3564
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title : Windows Live Messenger
File Size : 5,724,184
File Created Date : 06/10/28 08:34:42 ص
File Modified Date : 06/10/28 08:34:42 ص
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 30/11/29 10:46:58 م
Visible Windows : 2
Hidden Windows : 44
User Name : alyami-PC\alyami
Mem Usage : 68096 K
Mem Usage Peak : 68548 K
Page Faults : 43918
Pagefile Usage : 45816 K
Pagefile Peak Usage : 50348 K
File Attributes : A
==================================================
==================================================
Process Name : FlashUtil10a.exe
ProcessID : 5316
Priority : Normal
Product Name : Flash Player Helper
Version : 10,0,12,36
Description : Adobe Flash Player Helper 10.0 r12
Company : Adobe Systems, Inc.
Window Title :
File Size : 235,936
File Created Date : 05/10/29 03:16:26 ص
File Modified Date : 05/10/29 03:16:26 ص
Filename : C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
Base Address : 0x00400000
Created On : 30/11/29 10:50:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 5144 K
Mem Usage Peak : 5180 K
Page Faults : 1385
Pagefile Usage : 1584 K
Pagefile Peak Usage : 1616 K
File Attributes : AR
==================================================
==================================================
Process Name : rundll32.exe
ProcessID : 4720
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows host process (Rundll32)
Company : Microsoft Corporation
Window Title : Dell Webcam Console
File Size : 44,544
File Created Date : 11/10/27 08:48:33 ص
File Modified Date : 11/10/27 09:45:37 ص
Filename : C:\Windows\system32\rundll32.exe
Base Address : 0x00870000
Created On : 30/11/29 11:01:11 م
Visible Windows : 1
Hidden Windows : 8
User Name : alyami-PC\alyami
Mem Usage : 23404 K
Mem Usage Peak : 23424 K
Page Faults : 22272
Pagefile Usage : 20836 K
Pagefile Peak Usage : 20856 K
File Attributes : A
==================================================
==================================================
Process Name : StartFX.exe
ProcessID : 2176
Priority : Normal
Product Name :
Version : 2.01.04.00
Description : Start Advanced Video FX Engine Application
Company : Creative Technology Ltd.
Window Title :
File Size : 20,480
File Created Date : 09/05/29 12:19:32 ص
File Modified Date : 21/05/28 08:27:56 ص
Filename : C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
Base Address : 0x00400000
Created On : 30/11/29 11:01:18 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 13988 K
Mem Usage Peak : 19164 K
Page Faults : 6814
Pagefile Usage : 16164 K
Pagefile Peak Usage : 20212 K
File Attributes :
==================================================
==================================================
Process Name : runn.exe
ProcessID : 452
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 30/11/29 08:12:45 م
File Modified Date : 22/01/29 10:24:25 م
Filename : C:\Users\alyami\AppData\Local\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 30/11/29 11:12:46 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 3068 K
Mem Usage Peak : 3136 K
Page Faults : 793
Pagefile Usage : 968 K
Pagefile Peak Usage : 976 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 744
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 318,976
File Created Date : 14/05/29 08:12:47 م
File Modified Date : 09/01/29 08:33:06 م
Filename : C:\Windows\system32\cmd.exe
Base Address : 0x4A540000
Created On : 30/11/29 11:12:46 م
Visible Windows : 0
Hidden Windows : 1
User Name : alyami-PC\alyami
Mem Usage : 2368 K
Mem Usage Peak : 2608 K
Page Faults : 797
Pagefile Usage : 1672 K
Pagefile Peak Usage : 1780 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 2292
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 30/11/29 08:12:41 م
File Modified Date : 08/06/26 04:46:34 ص
Filename : C:\Users\alyami\AppData\Local\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 30/11/29 11:13:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : alyami-PC\alyami
Mem Usage : 3844 K
Mem Usage Peak : 3856 K
Page Faults : 1303
Pagefile Usage : 1372 K
Pagefile Peak Usage : 2372 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\autochk.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.6001.18000
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSPM Startup
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Macrovision FLEXnet Connect Software Manager
Macrovision Corporation
3.20.0100.1123
c:\program files\common files\installshield\updateservice\isuspm.exe
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Macrovision FLEXnet Connect Scheduler
Macrovision Corporation
3.20.0100.1123
c:\program files\common files\installshield\updateservice\issch.exe
RoxWatchTray
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
RoxMMTrayApp Module
Sonic Solutions
9.00.0001.0064
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
OEM02Mon.exe
C:\Windows\OEM02Mon.exe
Live! Cam Console Auto Launcher
Creative Technology Ltd.
1.01.0001.0000
c:\windows\oem02mon.exe
NvSvc
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NVIDIA Driver Helper Service, Version 174.31
NVIDIA Corporation
7.15.0011.7431
c:\windows\system32\nvsvc.dll
NvCplDaemon
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NVIDIA Display Properties Extension
NVIDIA Corporation
7.15.0011.7431
c:\windows\system32\nvcpl.dll
NvMediaCenter
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NVIDIA Media Center Library
NVIDIA Corporation
7.15.0011.7431
c:\windows\system32\nvmctray.dll
NVHotkey
rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
NVIDIA Hotkey Service, Version 174.31
NVIDIA Corporation
7.15.0011.7431
c:\windows\system32\nvhotkey.dll
Athan
C:\Program Files\Athan\Athan.exe
Automatic Athan (Azan) five times a day for every prayer time. It covers more than 5 million cities, towns, and villages all over the world.

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

3.04.0000.0000
c:\program files\athan\athan.exe
egui
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
Eset GUI
ESET
3.00.0657.0000
c:\program files\eset\eset smart security\egui.exe
SigmatelSysTrayApp
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
Sigmatel Audio system tray application
SigmaTel, Inc.
1.00.5511.0000
c:\program files\sigmatel\c-major audio\wdm\sttray.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.4279
c:\program files\common files\real\update_ob\realsched.exe
GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
GrooveMonitor Utility
Microsoft Corporation
12.00.6211.1000
c:\program files\microsoft office\office12\groovemonitor.exe
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated
8.00.0000.0000
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
AppleSyncNotifier
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
AppleSyncNotifier
Apple Inc.
1.02.0000.2116
c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
QuickTime Task
Apple Inc.
7.55.0090.0070
c:\program files\quicktime\qttask.exe
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"
iTunesHelper Module
Apple Inc.
8.00.0002.0020
c:\program files\itunes\ituneshelper.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Windows Live Messenger
Microsoft Corporation
8.05.1302.1018
c:\program files\windows live\messenger\msnmsgr.exe
swg
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
GoogleToolbarNotifier
Google Inc.
2.00.0301.1654
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Windows Sidebar
Microsoft Corporation
6.00.6001.18000
c:\program files\windows sidebar\sidebar.exe
Yahoo! Pager
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yahoo! Messenger
Yahoo! Inc.
8.01.0000.0421
c:\program files\yahoo!\messenger\yahoomessenger.exe
ehTray.exe
C:\Windows\ehome\ehTray.exe
Media Center Tray Applet
Microsoft Corporation
6.00.6001.18000
c:\windows\ehome\ehtray.exe
oovoo.exe
C:\Program Files\ooVoo\oovoo.exe /minimized
ooVoo
ooVoo
1.07.0001.0059
c:\program files\oovoo\oovoo.exe
Task Scheduler
\RunAsStdUser Task
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VistaRunAsStdUser
File not found: C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
\RunAsStdUser Task for VeohWebPlayer
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /VistaRunAsStdUser
File not found: C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
\User_Feed_Synchronization-{38C222D0-E0B9-4040-8F48-F0CB86DCEC65}
C:\Windows\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
7.00.6001.18000
c:\windows\system32\msfeedssync.exe
\{5D4C1088-E493-4F2F-954C-85F877112B35}
C:\Windows\system32\pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d C:\Users\alyami\Downloads -c "C:\Users\alyami\Downloads\WINRAR4BYSPHAK.zip"
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{6E776C19-28A5-488F-B37B-09FAF81B53FC}
C:\Windows\system32\pcalua.exe -a C:\Users\alyami\Downloads\alahli_sa.exe -d C:\Users\alyami\Downloads
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{7806806B-A200-4DDF-9198-437F5E01FE2D}
C:\Windows\system32\pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{86850F49-82F4-401D-B47E-0AE3F2E00AFB}
C:\Windows\system32\pcalua.exe -a "C:\Users\alyami\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\LNC5ADH3\kingooo_realplayer_v11[1].exe" -d C:\Users\alyami
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{921783AA-524B-4181-B625-23024B84EE7E}
C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\ALAHLI~1\UNWISE.EXE -c C:\PROGRA~1\ALAHLI~1\INSTALL.LOG
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{A3B76F53-A267-43EF-A88D-87487F090908}
C:\Windows\system32\pcalua.exe -a C:\Users\alyami\Downloads\GoogleToolbarInstaller.exe -d C:\Users\alyami\Downloads
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{B6DFEA8B-42B5-4A5E-B2CA-FA78F9F8772E}
C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe" -c RealNetworks|RealPlayer|6.0
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{C26B0850-4ACF-4C25-8A64-FE21EAE5B273}
C:\Windows\system32\pcalua.exe -a "C:\Users\alyami\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\A8ETZAQA\msjavx86[1].exe" -d C:\Users\alyami
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{D07841B2-1D92-408D-89BA-B2C8ECD7DD2C}
C:\Windows\system32\pcalua.exe -a "C:\Users\alyami\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\223NT9KG\msjavx86[1].exe" -d C:\Users\alyami
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\Apple\AppleSoftwareUpdate
C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
Apple Software Update
Apple Inc.
2.01.0001.0116
c:\program files\apple software update\softwareupdate.exe
[DISABLED] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
HKCR\CLSID\{CF2CF428-325B-48D3-8CA8-7633E36E5A32}
Windows Rights Management client
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\msdrm.dll
\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
HKCR\CLSID\{BF5CB148-7C77-4D8A-A53E-D81C70CF743C}
Windows Rights Management client
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\msdrm.dll
\Microsoft\Windows\Bluetooth\UninstallDeviceTask
BthUdTask.exe $(Arg0)
Bluetooth Uninstall Device Task
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\bthudtask.exe
\Microsoft\Windows\CertificateServicesClient\UserTask
HKCR\CLSID\{58FB76B9-AC85-4E55-AC04-427593B1D060}
DIMS Job DLL
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\dimsjob.dll
\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
HKCR\CLSID\{58FB76B9-AC85-4E55-AC04-427593B1D060}
DIMS Job DLL
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\dimsjob.dll
\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
%SystemRoot%\System32\wsqmcons.exe
Windows SQM Consolidator
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\wsqmcons.exe
\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
Windows SQM Consolidator
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\wsqmcons.exe
\Microsoft\Windows\Customer Experience Improvement Program\Uploader
%windir%\system32\WSqmCons.exe -u
Windows SQM Consolidator
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\wsqmcons.exe
\Microsoft\Windows\Defrag\ScheduledDefrag
%windir%\system32\defrag.exe -c -i
Disk Defragmenter Module
Microsoft Corp.
6.00.6001.18000
c:\windows\system32\defrag.exe
[DISABLED] \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
%windir%\system32\DFDWiz.exe
Windows Disk Diagnostic User Resolver
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\dfdwiz.exe
\Microsoft\Windows\Media Center\ehDRMInit
%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
Digital Cable device registration application.
Microsoft Corporation
6.00.6001.18000
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\Media Center\mcupdate
%SystemRoot%\ehome\mcupdate $(Arg0) -gc
Windows Media Center Store Update Manager
Microsoft Corporation
6.00.6001.18115
c:\windows\ehome\mcupdate.exe
\Microsoft\Windows\Media Center\OCURActivate
%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
Digital Cable device registration application.
Microsoft Corporation
6.00.6001.18000
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\Media Center\OCURDiscovery
%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
Digital Cable device registration application.
Microsoft Corporation
6.00.6001.18000
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\Media Center\UpdateRecordPath
%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
Digital Cable device registration application.
Microsoft Corporation
6.00.6001.18000
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\MobilePC\HotStart
HKCR\CLSID\{06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Microsoft Windows HotStart User Agent
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\hotstartuseragent.dll
\Microsoft\Windows\MobilePC\TMM
HKCR\CLSID\{35EF4182-F900-4632-B072-8639E4478A61}
Microsoft Transient Multi-Monitor Manager
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\tmm.dll
\Microsoft\Windows\MUI\LPRemove
%windir%\system32\lpremove.exe
MUI Language pack cleanup
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\lpremove.exe
\Microsoft\Windows\Multimedia\SystemSoundsService
HKCR\CLSID\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}
PlaySound Service
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\playsndsrv.dll
\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
HKCR\CLSID\{F09878A1-4652-4292-AA63-8C7D4FD7648F}
Quarantine Agent Proxy
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\qagent.dll
\Microsoft\Windows\RAC\RACAgent
%windir%\system32\RacAgent.exe
Reliability analysis metrics calculation executable
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\racagent.exe
\Microsoft\Windows\Shell\CrawlStartPages
HKCR\CLSID\{51653423-E62D-4FF7-894A-DABB2B8E21E2}
Indexing Options
Microsoft Corporation
7.00.6001.16503
c:\windows\system32\srchadmin.dll
[DISABLED] \Microsoft\Windows\SideShow\AutoWake
HKCR\CLSID\{E51DFD48-AA36-4B45-BB52-E831F02E8316}
Microsoft Windows SideShow services
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\auxiliarydisplayservices.dll
\Microsoft\Windows\SideShow\GadgetManager
HKCR\CLSID\{FF87090D-4A9A-4F47-879B-29A80C355D61}
Microsoft Windows SideShow services
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\auxiliarydisplayservices.dll
[DISABLED] \Microsoft\Windows\SideShow\SessionAgent
HKCR\CLSID\{45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Microsoft Windows SideShow services
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\auxiliarydisplayservices.dll
[DISABLED] \Microsoft\Windows\SideShow\SystemDataProviders
HKCR\CLSID\{7CCA6768-8373-4D28-8876-83E8B4E3A969}
Microsoft Windows SideShow services
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\auxiliarydisplayservices.dll
\Microsoft\Windows\SystemRestore\SR
%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Microsoft® Windows System Protection Configuration Library
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\srrstr.dll
\Microsoft\Windows\Tcpip\IpAddressConflict1
rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Network Diagnostic Framework Client API
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\ndfapi.dll
\Microsoft\Windows\Tcpip\IpAddressConflict2
rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Network Diagnostic Framework Client API
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\ndfapi.dll
\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
HKCR\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
MsCtfMonitor DLL
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\msctfmonitor.dll
\Microsoft\Windows\UPnP\UPnPHostConfig
sc.exe config upnphost start= auto
A tool to aid in developing services for WindowsNT
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\sc.exe
\Microsoft\Windows\WDI\ResolutionHost
HKCR\CLSID\{900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
Windows Diagnostic Infrastructure
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\wdi.dll
\Microsoft\Windows\Windows Error Reporting\QueueReporting
%windir%\system32\wermgr.exe -queuereporting
Windows Problem Reporting
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\wermgr.exe
\Microsoft\Windows\WindowsBackup\AutomaticBackup
%systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Microsoft® Windows Backup Engine
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\sdengin2.dll
\Microsoft\Windows\WindowsBackup\CheckFull
sdclt.exe /CHECKFULL
Microsoft® Windows Backup
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\sdclt.exe
\Microsoft\Windows\WindowsBackup\Windows Backup Monitor
sdclt.exe /DETECTFAILURE
Microsoft® Windows Backup
Microsoft Corporation
6.00.6001.18000
c:\windows\system32\sdclt.exe
\Microsoft\Windows\WindowsCalendar\Reminders - alyami
C:\Program Files\Windows Calendar\WinCal.exe /reminder
Windows Calendar
Microsoft Corporation
6.00.6001.18000
c:\program files\windows calendar\wincal.exe
\Microsoft\Windows\Wired\GatherWiredInfo
%windir%\system32\gatherWiredInfo.vbs
c:\windows\system32\gatherwiredinfo.vbs
\Microsoft\Windows\Wireless\GatherWirelessInfo
%windir%\system32\gatherWirelessInfo.vbs
c:\windows\system32\gatherwirelessinfo.vbs
\Microsoft\Windows Defender\MP Scheduled Scan
c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges
Windows Defender Command Line Utility
Microsoft Corporation
1.01.1600.0000
c:\program files\windows defender\mpcmdrun.exe
.
.
----------- End Report ---------------

السّاجد لله · 28 نوفمبر 2008

اعمل التالي باذن الغالي ماكس

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من كل الخيارات عدا الانتي فايروس الذي تستخدمة فقط
والمثال على الكاسبر هنا وانت قيس عليه

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الشووووق · 28 نوفمبر 2008

وين الردود احتاج الحل ضروري

جزاكم الله خير

MAAX · 28 نوفمبر 2008

حدد القيم التالية واحذفها

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O2 - BHO: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file

O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نظف جهازك كما هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وتوجه لهذا المضوع واطلب المساعدة بتعطيل بعض برامج بدء التشغيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

موفق

الشووووق · 28 نوفمبر 2008

اخوي المشكله مو بس عند بداية التشغيل المشكله دايم طول ما انا مشغل الجهاز وصارت معي هالمشكله قبل وحلوها لي الشباب بس جربت وماضبط الحل السابق وهذا الفرابط للموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الشووووق · 29 نوفمبر 2008

الووو ياناس احد يرد علي ضروري

السّاجد لله · 29 نوفمبر 2008

عطني تقرير هاي جاك جديد حبيب قلبي

السّاجد لله · 29 نوفمبر 2008

وعطني صورة من ادارة المهام

كما في الصورة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الشووووق · 29 نوفمبر 2008

طفيت الجهاز وشغلته ورجع طبيعي وهذا التقرير

Logfile of HijackThis v1.99.1

Scan saved at 1:35:32 AM, on 11/29/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\alyami\Downloads\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O2 - BHO: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

السّاجد لله · 29 نوفمبر 2008

حدد واحذف القيم التالية

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll

O3 - Toolbar: alahli_sa Toolbar - {a6dd9dea-70f3-4b24-917a-985a11827efd} - C:\Program Files\alahli_sa\tbalah.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

طريقة الحذف

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم ادخل على ازالة البرامج واحذف كل التولبار لديك وتقرير جديد

الشووووق · 29 نوفمبر 2008

هذا التقرير بعد ازالة التول بار

Logfile of HijackThis v1.99.1
Scan saved at 5:52:59 AM, on 11/29/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\alyami\Downloads\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Corporation · 29 نوفمبر 2008

باقي هذه القيمة أخوي

O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)

ياغالي ,,, حمل هذه الاداة ,,

واتبع الشرح التالي ,,

و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

وسوي رستارت للجهاز

وارجع وسوي تقرير للهايجاك

وخبرنا بالحالة

زيزوومي نشيط

عضوشرف

زيزوومي جديد

زيزوومي نشيط

زيزوومي نشيط

عضوشرف

زيزوومي نشيط

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي نشيط

عضوشرف

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي نشيط

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي نشيط

زيزوومى فضى

توقيع : Corporation