Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Winupgro virus....ran RSIT and combofix already


  • This topic is locked This topic is locked
10 replies to this topic

#1 amohamed

amohamed

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 20 December 2008 - 12:10 AM

Here's the log from RSIT
====================================================
Logfile of random's system information tool 1.05 (written by random/random)
Run by AmrM at 2008-12-20 07:26:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 31 GB
Total RAM: 2014 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27, on 2008-12-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ULTRAE~1\uedit32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\MsiExec.exe
D:\download\Autoruns\RSIT.exe
C:\Program Files\trend micro\AmrM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qu.edu.qa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qu.edu.qa/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\VISIO2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188441625687
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://wusav.qu.edu.qa/sav/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\Software\..\Telephony: DomainName = qu.edu.qa
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5CD1A84-A942-4813-99B5-B82C19B0FCDC}: Domain = qu.edu.qa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = qu.edu.qa
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 16452 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-08 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-08 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-08 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-08 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-18 8433664]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2007-03-08 49168]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2008-06-09 165208]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-03-26 59680]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-05-06 115560]
"LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [2008-06-09 124248]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-24 1036288]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-18 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-08 39408]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-08-15 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-03-08 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=Qatar University LAPTOP Owner Only
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80dd-b601-11dd-aa2c-001b7740faa1}]
shell\Auto\command - sal.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80e6-b601-11dd-aa2c-001b7740faa1}]
shell\??\command - taipingtianguov1.1.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ba4e5a-7fc0-11dd-aa14-001b7740faa1}]
shell\AutoRun\command - wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a8df48-5639-11dc-9665-b1781edd8380}]
shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa85-5a24-11dd-aa01-001b7740faa1}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa86-5a24-11dd-aa01-001b7740faa1}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa87-5a24-11dd-aa01-001b7740faa1}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8a-6185-11dd-aa02-001c25102b3f}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8b-6185-11dd-aa02-001c25102b3f}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b18f81-3f4c-11dd-a9ec-001c25102b3f}]
shell\AutoRun\command - olb1iimw.bat
shell\explore\command - olb1iimw.bat
shell\open\command - olb1iimw.bat


======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-20 07:26:46 ----D---- C:\Program Files\trend micro
2008-12-20 07:26:45 ----D---- C:\rsit
2008-12-20 07:25:13 ----SHD---- C:\Config.Msi
2008-12-20 07:03:11 ----D---- C:\WINDOWS\temp
2008-12-20 07:03:08 ----A---- C:\ComboFix.txt
2008-12-20 05:56:45 ----A---- C:\Boot.bak
2008-12-20 05:46:37 ----RASHD---- C:\cmdcons
2008-12-19 09:32:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\zip.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\sed.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\grep.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 08:21:20 ----D---- C:\WINDOWS\ERDNT
2008-12-19 08:21:20 ----D---- C:\Qoobox
2008-12-19 07:56:17 ----A---- C:\FindyKill.txt
2008-12-19 07:40:29 ----D---- C:\Program Files\FindyKill
2008-12-19 06:43:02 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-18 21:09:01 ----D---- C:\SAV7
2008-12-18 18:05:51 ----D---- C:\Program Files\Zone Labs
2008-12-18 18:05:43 ----D---- C:\WINDOWS\Internet Logs
2008-12-17 13:27:04 ----A---- C:\WINDOWS\system32\IPSCtrl.TMP
2008-12-17 13:24:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 08:01:51 ----D---- D:\Documents and Settings\amrm\Application Data\vlc
2008-12-14 07:30:33 ----D---- C:\Program Files\VideoLAN
2008-12-08 07:37:39 ----A---- C:\yrjeyshe.exe
2008-12-08 07:37:32 ----A---- C:\goev.exe
2008-12-08 07:37:26 ----A---- C:\vviwgifg.exe
2008-12-08 05:39:00 ----D---- D:\Documents and Settings\amrm\Application Data\Google
2008-12-08 05:33:57 ----D---- D:\Documents and Settings\All Users\Application Data\Google
2008-12-08 05:33:43 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-08 05:33:42 ----D---- C:\Program Files\Google
2008-12-07 21:21:46 ----D---- D:\Documents and Settings\amrm\Application Data\GARMIN
2008-12-02 07:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-12-01 21:16:37 ----D---- C:\Program Files\Western Digital
2008-11-29 05:47:13 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-28 20:00:14 ----D---- C:\Program Files\PostgreSQL
2008-11-28 20:00:02 ----D---- C:\Program Files\Crossbow
2008-11-28 17:35:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-28 17:35:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-28 17:35:08 ----A---- C:\WINDOWS\system32\java.exe
2008-11-28 08:20:57 ----D---- C:\Program Files\PuTTY
2008-11-28 08:19:50 ----D---- C:\Program Files\ATT
2008-11-28 08:14:09 ----D---- C:\Crossbow
2008-11-21 07:57:41 ----D---- C:\Program Files\TortoiseCVS
2008-11-21 07:54:50 ----D---- D:\Documents and Settings\amrm\Application Data\Echo Software

======List of files/folders modified in the last 1 months======

2008-12-20 07:26:46 ----RD---- C:\Program Files
2008-12-20 07:25:37 ----SHD---- C:\WINDOWS\Installer
2008-12-20 07:03:15 ----D---- C:\WINDOWS\system32
2008-12-20 07:03:14 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 07:03:11 ----D---- C:\WINDOWS
2008-12-20 07:02:37 ----D---- C:\WINDOWS\repair
2008-12-20 06:59:46 ----A---- C:\Log.txt
2008-12-20 06:59:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 06:54:43 ----A---- C:\WINDOWS\system.ini
2008-12-20 06:54:42 ----D---- C:\WINDOWS\Prefetch
2008-12-20 06:54:06 ----A---- C:\WINDOWS\smscfg.ini
2008-12-20 06:51:53 ----D---- C:\Program Files\Symantec AntiVirus
2008-12-20 06:51:41 ----A---- C:\WINDOWS\system32\PROCDB.INI
2008-12-20 06:49:23 ----D---- C:\WINDOWS\system32\config
2008-12-20 06:47:47 ----D---- C:\WINDOWS\AppPatch
2008-12-20 06:47:47 ----D---- C:\Program Files\Common Files
2008-12-20 06:43:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 06:36:47 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 05:58:35 ----RASH---- C:\boot.ini
2008-12-19 17:40:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 15:58:04 ----A---- C:\WINDOWS\UEDIT32.INI
2008-12-19 06:52:51 ----D---- D:\Documents and Settings\All Users\Application Data\Symantec
2008-12-19 06:43:58 ----D---- C:\Program Files\Symantec
2008-12-19 06:35:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-19 05:53:35 ----SHD---- C:\WINDOWS\CSC
2008-12-18 21:08:53 ----D---- C:\temp
2008-12-18 20:12:01 ----D---- C:\WINDOWS\Registration
2008-12-18 19:41:11 ----D---- C:\Program Files\eMule
2008-12-18 19:32:41 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-18 05:25:02 ----D---- C:\Program Files\Mozilla Firefox
2008-12-17 17:06:16 ----D---- C:\WINDOWS\Minidump
2008-12-17 17:06:00 ----D---- C:\WINDOWS\Help
2008-12-17 17:05:59 ----D---- C:\WINDOWS\nview
2008-12-17 16:52:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 16:52:30 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-17 13:20:58 ----HD---- C:\WINDOWS\inf
2008-12-17 07:16:38 ----D---- C:\WINDOWS\security
2008-12-16 12:39:18 ----D---- D:\Documents and Settings\amrm\Application Data\Skype
2008-12-16 12:38:43 ----D---- C:\WINDOWS\system32\VPCache
2008-12-16 12:36:54 ----D---- D:\Documents and Settings\amrm\Application Data\skypePM
2008-12-08 10:07:15 ----D---- C:\Garmin
2008-12-08 07:38:27 ----D---- D:\Documents and Settings\amrm\Application Data\uTorrent
2008-12-02 17:37:09 ----D---- C:\CISCO_CCNA
2008-12-02 07:08:08 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-02 07:07:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-02 07:07:32 ----D---- C:\WINDOWS\system32\wbem
2008-11-29 05:46:39 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-28 20:23:07 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-28 20:22:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-28 17:35:07 ----D---- C:\Program Files\Java
2008-11-28 08:12:10 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-26 14:47:19 ----D---- C:\Program Files\Common Files\Lenovo
2008-11-26 14:47:18 ----D---- C:\Program Files\Lenovo
2008-11-24 13:37:35 ----D---- D:\Documents and Settings\All Users\Application Data\FLEXnet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-08-15 11520]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-05-06 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-05-06 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-05-06 191544]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-03-26 4608]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-19 21361]
R2 GiveIO;GiveIO Port Access; C:\WINDOWS\system32\drivers\giveio.sys [2008-11-28 5248]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-08-14 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-11-20 12288]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2008-05-06 38248]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-10-12 252048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081218.022\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081218.022\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-18 6346720]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-09-24 21376]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-05-06 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-05 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-08 40848]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-05-06 49024]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-04-06 44800]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-11-28 88960]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys []
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-05-06 317616]
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-08-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-08-15 212992]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-05-06 108392]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-05-06 108392]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-08 168432]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-18 163908]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-19 1183744]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2008-05-06 2189240]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-17 654848]
S2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2008-05-06 2569600]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2008-05-06 234888]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2008-12-20 07:27:09

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AFPL Ghostscript 8.50-->C:\gs\uninstgs.exe "C:\gs\gs8.50\uninstal.txt"
AFPL Ghostscript Fonts-->C:\gs\uninstgs.exe "C:\gs\fonts\uninstal.txt"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Beyond Compare Version 2.2.5-->"C:\Program Files\Beyond Compare 2\unins000.exe"
Cisco Networking Academy curriculum 4.0.0.0-->"C:\CISCO_CCNA\unins000.exe"
City Navigator Middle East v3-->MsiExec.exe /X{541FB2B9-30D7-4C29-B8F3-559E5A81A6AE}
DriveImage XML-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Garmin City Navigator Europe NT 2008-->MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
Garmin City Navigator Europe NT v9-->MsiExec.exe /X{200B415D-7CC6-4818-8624-9E43EDF19D9C}
Garmin City Navigator Middle East 2008-->MsiExec.exe /X{C9F09FEA-569C-44D6-97A7-312681D79091}
Garmin MapSource-->MsiExec.exe /X{4ACBBFC6-3F39-48DE-8D85-182736B2749B}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graphviz-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
GrindEQ LaTeX-to-Word (remove only)-->"C:\Program Files\GrindEQ\latex2word\Uninstalll2w.exe"
GrindEQ Math Utilities (remove only)-->"C:\Program Files\GrindEQ\main\Uninstall.exe"
GSview 4.6-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Img2gps v2.81-->"C:\Program Files\Img2gps\unins000.exe"
Intel® Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Arabic User Interface Pack-->MsiExec.exe /I{901E0401-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MiKTeX 2.6-->"C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MoteConfig 2.0.E-->"C:\Crossbow\MoteConfig\unins000.exe"
MoteView 2.0.1-->"C:\Program Files\Crossbow\MoteView\unins000.exe"
MoteWorks 2.0.F rc21-->"C:\Crossbow\unins000.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Packet Tracer 4.11-->"C:\Program Files\Packet Tracer 4.11\unins000.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
PostgreSQL Database Server 8.0.0-rc1-->C:\WINDOWS\unins000.exe
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
Programmer's Notepad 2 (Version 2.0.6)-->"D:\senior projects\smart industry\Crossbow\MoteView\unins001.exe"
psqlODBC-->MsiExec.exe /X{BD868C41-BB9B-4AA7-A3F1-DB1FA1A02610}
PuTTY version 0.58-->"C:\Program Files\PuTTY\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Symantec Endpoint Protection-->MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
TeXnicCenter Version 1 Beta 7.01 (Greengrass)-->"C:\Program Files\TeXnicCenter\unins000.exe"
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
TortoiseCVS 1.8.22-->"C:\Program Files\TortoiseCVS\unins000.exe"
UltraEdit-32 Uninstall-->C:\PROGRA~1\ULTRAE~1\UEDIT32.EXE /UNINSTALL
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Runtime Components-->MsiExec.exe /X{B2974D26-9080-4FA4-B344-DA2D314F41DC}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Intel (NETw4x32) net (06/20/2007 11.1.1.16)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4x32_E0FE06D1ECA9E65F55CA9E5396616665E1612479\netw4x32.inf
Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\w29n51_02092897E25039DF89C96EBB4841ACF0590117AE\w29n51.inf
Windows Driver Package - Intel net (06/20/2007 11.1.1.16)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4k32_EB4BD78BC68C739D52433B4AE5118A1E9BA411EE\netw4k32.inf
Windows Driver Package - Intel net (06/20/2007 11.1.1.16)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4x64_D00438F1609E4BE0CA92CB654F2E659E71635541\netw4x64.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XSniffer 1.0.3-->"C:\Crossbow\XSniffer\unins000.exe"

======Security center information======

AV: Symantec Endpoint Protection

System event log

Computer Name: MCOELAMRMOHAMED
Event Code: 26
Message: Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \Device\HarddiskVolume2\Documents and Settings\amrm\Local Settings\Temp. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 16363
Source Name: Application Popup
Time Written: 20080718152126.000000+180
Event Type: information
User:

Computer Name: MCOELAMRMOHAMED
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 16362
Source Name: Ntfs
Time Written: 20080718152126.000000+180
Event Type: warning
User:

Computer Name: MCOELAMRMOHAMED
Event Code: 26
Message: Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \Device\HarddiskVolume1\WINDOWS\system32. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 16361
Source Name: Application Popup
Time Written: 20080718152114.000000+180
Event Type: information
User:

Computer Name: MCOELAMRMOHAMED
Event Code: 26
Message: Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \Device\HarddiskVolume1\WINDOWS\Registration. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 16360
Source Name: Application Popup
Time Written: 20080718152113.000000+180
Event Type: information
User:

Computer Name: MCOELAMRMOHAMED
Event Code: 26
Message: Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \Device\HarddiskVolume1\$Mft. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 16359
Source Name: Application Popup
Time Written: 20080718152112.000000+180
Event Type: information
User:

Application event log

Computer Name: MCOELAMRMOHAMED
Event Code: 35
Message:
Record Number: 5
Source Name: ccEvtMgr
Time Written: 20080617084838.000000+180
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MCOELAMRMOHAMED
Event Code: 34
Message:
Record Number: 4
Source Name: ccEvtMgr
Time Written: 20080617084838.000000+180
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MCOELAMRMOHAMED
Event Code: 35
Message:
Record Number: 3
Source Name: ccSetMgr
Time Written: 20080617084838.000000+180
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MCOELAMRMOHAMED
Event Code: 34
Message:
Record Number: 2
Source Name: ccSetMgr
Time Written: 20080617084837.000000+180
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MCOELAMRMOHAMED
Event Code: 0
Message:
Record Number: 1
Source Name: btwdins
Time Written: 20080617084836.000000+180
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MiKTeX 2.6\miktex\bin;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Lenovo;C:\PROGRA~1\ULTRAE~1;C:\PROGRA~1\ATT\Graphviz\bin;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"SWSHARE"=C:\SWSHARE
"TVT"=C:\Program Files\Lenovo

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 amohamed

amohamed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 20 December 2008 - 01:23 AM

Here's also the HIJackThis log, looking forward to your help.
===============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20, on 2008-12-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Symantec AntiVirus\SNAC.EXE
C:\Program Files\Symantec AntiVirus\SymCorpUI.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qu.edu.qa/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qu.edu.qa/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\VISIO2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188441625687
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://wusav.qu.edu.qa/sav/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\Software\..\Telephony: DomainName = qu.edu.qa
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5CD1A84-A942-4813-99B5-B82C19B0FCDC}: Domain = qu.edu.qa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = qu.edu.qa
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 16729 bytes

#3 amohamed

amohamed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 20 December 2008 - 02:48 AM

Here's the comboFix log
-----------------------------------------------
ComboFix 08-12-18.01 - AmrM 2008-12-20 6:44:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1381 [GMT 3:00]
Running from: d:\download\Autoruns\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSmtve.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\amrm\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url
.
---- Previous Run -------
.
c:\windows\Downloaded Program Files\setup.inf

----- BITS: Possible infected sites -----

hxxp://ITSMS03SMS:80
hxxp://wusav.qu.edu.qa
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_TDSSSERV.SYS
-------\Service_sK9Ou0s
-------\Service_srosa
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-19 07:40 . 2008-12-19 08:10 <DIR> d-------- c:\program files\FindyKill
2008-12-19 06:43 . 2008-12-19 06:43 136,496 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-19 06:43 . 2008-12-19 06:43 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-19 06:43 . 2008-12-19 06:43 10,652 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-19 06:43 . 2008-12-19 06:43 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-18 21:25 . 2008-05-06 08:25 38,248 --a------ c:\windows\system32\drivers\WGX.SYS
2008-12-18 21:09 . 2008-05-06 14:52 <DIR> d-------- C:\SAV7
2008-12-18 21:08 . 2008-12-19 06:15 <DIR> d-------- c:\temp\SAV7
2008-12-18 18:05 . 2008-12-18 18:08 <DIR> d-------- c:\windows\Internet Logs
2008-12-18 18:05 . 2008-12-18 18:05 <DIR> d-------- c:\program files\Zone Labs
2008-12-17 13:27 . 2008-12-17 13:27 2 --a------ c:\windows\system32\IPSCtrl.TMP
2008-12-14 08:01 . 2008-12-14 09:35 <DIR> d-------- d:\documents and settings\amrm\Application Data\vlc
2008-12-14 07:30 . 2008-12-14 07:30 <DIR> d-------- c:\program files\VideoLAN
2008-12-08 09:09 . 2006-02-20 19:25 17,536 --a------ c:\windows\system32\drivers\grmn0200.sys
2008-12-08 09:09 . 2003-09-23 15:42 17,024 --a------ c:\windows\system32\drivers\grmngen.sys
2008-12-08 09:09 . 2006-04-11 20:51 16,512 --a------ c:\windows\system32\drivers\grmn0400.sys
2008-12-08 09:09 . 2006-07-11 20:50 11,776 --a------ c:\windows\system32\drivers\grmn1200.sys
2008-12-08 09:09 . 2003-09-23 15:42 7,296 --a------ c:\windows\system32\drivers\grmnusb.sys
2008-12-08 07:37 . 2008-12-08 07:37 8,192 --a------ C:\vviwgifg.exe
2008-12-08 07:37 . 2008-12-08 07:37 705 --a------ C:\yrjeyshe.exe
2008-12-08 07:37 . 2008-12-08 07:37 705 --a------ C:\goev.exe
2008-12-08 07:37 . 2008-12-08 07:37 2 --a------ C:\604966882
2008-12-08 05:33 . 2008-12-16 12:38 <DIR> d-------- d:\documents and settings\All Users\Application Data\Google Updater
2008-12-08 05:33 . 2008-12-08 05:38 <DIR> d-------- c:\program files\Google
2008-12-07 21:21 . 2008-12-08 05:29 <DIR> d-------- d:\documents and settings\amrm\Application Data\GARMIN
2008-12-01 21:16 . 2008-12-01 21:16 <DIR> d-------- c:\program files\Western Digital
2008-11-29 05:47 . 2008-11-29 05:47 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-29 05:46 . 2007-08-30 05:39 <DIR> d--hs---- d:\documents and settings\asalema\UserData
2008-11-29 05:46 . 2007-08-30 04:54 <DIR> d-------- d:\documents and settings\asalema\Bluetooth Software
2008-11-29 05:46 . 2008-11-29 05:46 <DIR> d-------- d:\documents and settings\asalema\Application Data\Windows Desktop Search
2008-11-29 05:46 . 2007-09-08 12:24 <DIR> d-------- d:\documents and settings\asalema\Application Data\Sonic
2008-11-29 05:46 . 2008-11-29 05:46 <DIR> d-------- d:\documents and settings\asalema\Application Data\Lenovo
2008-11-29 05:46 . 2007-09-24 14:15 <DIR> d-------- d:\documents and settings\asalema\Application Data\InterVideo
2008-11-29 05:46 . 2008-06-19 08:01 <DIR> d-------- d:\documents and settings\asalema\Application Data\Intel
2008-11-29 05:46 . 2007-09-01 18:47 <DIR> d-------- d:\documents and settings\asalema\Application Data\InstallShield
2008-11-29 05:46 . 2007-09-08 11:46 <DIR> d-------- d:\documents and settings\asalema\Application Data\Apple Computer
2008-11-29 05:46 . 2008-11-29 05:46 <DIR> d-------- d:\documents and settings\asalema
2008-11-28 20:00 . 2008-11-28 20:00 <DIR> d-------- c:\program files\PostgreSQL
2008-11-28 20:00 . 2008-11-28 20:00 <DIR> d-------- c:\program files\Crossbow
2008-11-28 20:00 . 2008-11-29 06:16 2,608 --a------ c:\windows\unins000.dat
2008-11-28 08:20 . 2008-11-28 08:20 <DIR> d-------- c:\program files\PuTTY
2008-11-28 08:19 . 2008-11-28 08:19 <DIR> d-------- c:\program files\ATT
2008-11-28 08:18 . 2008-11-28 08:18 5,248 --a------ c:\windows\system32\drivers\giveio.sys
2008-11-28 08:14 . 2008-11-28 19:44 <DIR> d-------- C:\Crossbow
2008-11-21 07:57 . 2008-11-21 07:57 <DIR> d-------- c:\program files\TortoiseCVS
2008-11-21 07:54 . 2008-11-21 07:54 <DIR> d-------- d:\documents and settings\amrm\Application Data\Echo Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 03:51 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-20 03:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-19 03:52 --------- d-----w d:\documents and settings\All Users\Application Data\Symantec
2008-12-19 03:43 --------- d-----w c:\program files\Symantec
2008-12-18 16:41 --------- d-----w c:\program files\eMule
2008-12-16 09:39 --------- d-----w d:\documents and settings\amrm\Application Data\Skype
2008-12-16 09:36 --------- d-----w d:\documents and settings\amrm\Application Data\skypePM
2008-12-08 04:38 --------- d-----w d:\documents and settings\amrm\Application Data\uTorrent
2008-12-02 04:08 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-28 17:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-28 14:35 --------- d-----w c:\program files\Java
2008-11-26 11:47 --------- d-----w c:\program files\Lenovo
2008-11-26 11:47 --------- d-----w c:\program files\Common Files\Lenovo
2008-11-24 10:37 --------- d-----w d:\documents and settings\All Users\Application Data\FLEXnet
2008-11-13 17:08 --------- d-----w d:\documents and settings\amrm\Application Data\Download Manager
2008-11-06 09:16 --------- d-----w d:\documents and settings\amrm\Application Data\GrindEQ
2008-11-06 09:06 --------- d-----w c:\program files\GrindEQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:51 --------- d-----w d:\documents and settings\amrm\Application Data\Leadertech
2008-09-24 22:47 16,384 ------w c:\windows\PWMBTHLP.EXE
2007-09-05 09:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-09-14 03:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091420080915\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-18 8433664]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-03-08 49168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-05-06 115560]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-18 81920]
"nwiz"="nwiz.exe" [2007-05-18 c:\windows\system32\nwiz.exe]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-19 50688]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-08 18:08 89600 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 21:37 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=logon.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-08-30 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2007-08-30 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2007-08-30 4442]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-26 94208]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-08 11152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-05-06 23888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80dd-b601-11dd-aa2c-001b7740faa1}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80e6-b601-11dd-aa2c-001b7740faa1}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ba4e5a-7fc0-11dd-aa14-001b7740faa1}]
\Shell\AutoRun\command - wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a8df48-5639-11dc-9665-b1781edd8380}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa85-5a24-11dd-aa01-001b7740faa1}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa86-5a24-11dd-aa01-001b7740faa1}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa87-5a24-11dd-aa01-001b7740faa1}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8a-6185-11dd-aa02-001c25102b3f}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8b-6185-11dd-aa02-001c25102b3f}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b18f81-3f4c-11dd-a9ec-001c25102b3f}]
\Shell\AutoRun\command - olb1iimw.bat
\Shell\explore\Command - olb1iimw.bat
\Shell\open\Command - olb1iimw.bat
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2008-06-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 17:09]

2008-12-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 01:47]

2008-12-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 07:29]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-DriverUpdaterPro - c:\program files\mousedriver\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-IBM RecordNow! - (no file)
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.qu.edu.qa/
uInternet Connection Wizard,ShellNext = hxxp://www.qu.edu.qa/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\acpir2.dll
O16 -: {2DAD3559-2923-4935-AD49-B673D2539944}
hxxp://www-307.ibm.com/pc/support/acpir.cab
c:\windows\Downloaded Program Files\acpir.inf

O16 -: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://www.qurancomplex.org/downloads/FontDown.cab
c:\windows\Downloaded Program Files\FontDownATL.inf

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

c:\windows\Downloaded Program Files\FontSmooth.dll - O16 -: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061}
hxxp://www.qurancomplex.org/Downloads/FontSmooth.cab
c:\windows\Downloaded Program Files\FontSmooth.inf

c:\windows\Downloaded Program Files\WebInst.Dll - O16 -: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC}
hxxp://wusav.qu.edu.qa/sav/webinst.cab
FF - ProfilePath - d:\documents and settings\amrm\Application Data\Mozilla\Firefox\Profiles\mqfuw9nm.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1425.4532\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 06:54:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1492)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\msiexec.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-12-20 7:03:04 - machine was rebooted [AmrM]
ComboFix-quarantined-files.txt 2008-12-20 04:03:01

Pre-Run: 2,971,496,448 bytes free
Post-Run: 2,721,382,400 bytes free

344 --- E O F --- 2008-12-02 04:08:08

#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:33 PM

Posted 28 December 2008 - 02:04 AM

Hi amohamed,
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

Please respond to this post so I know you still need help.

Thanks
maranatha

Now, a word to the wise...
It is not a good idea to run any tools we use here on your own !
Different tools are meant for different infections and just running them at random could harm your system.

Edited by maranatha, 28 December 2008 - 02:05 AM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#5 amohamed

amohamed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 03 January 2009 - 12:07 AM

Hi Maranatha,
I almost lost hope my topic will be noticed.
Thanks very much for your reply, I am still here and waiting of your appreciated guidance on what tool I need to run.

Regards,

#6 amohamed

amohamed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 January 2009 - 08:04 AM

Hey Maranatha, are you still there? waiting for your guidance on what to run on my machine.

#7 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:33 PM

Posted 05 January 2009 - 09:57 PM

Hi amohamed
Yes I'm here

Sorry for the delay. My wife has been in and out of the hospital.

I have posted a fix, waiting for the OK from a expert, should not be long now.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#8 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:33 PM

Posted 08 January 2009 - 09:18 PM

Hi amohamed

First, a word to the wise...
It is not a good idea to run any tools we use here on your own !
Different tools are meant for different infections and just running them at random could harm your system.

I see you have P2P software ( Limewire, BitTorrent uTorrent, eMule etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,


Please do the following.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

File::
C:\vviwgifg.exe
C:\yrjeyshe.exe
C:\goev.exe
C:\604966882

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80dd-b601-11dd-aa2c-001b7740faa1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80e6-b601-11dd-aa2c-001b7740faa1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b18f81-3f4c-11dd-a9ec-001c25102b3f}]


Your flash drive. (USB thumb drives) are infected.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/s...Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Hold down the Shift key and insert your flash drive. (USB thumb drives)
It is important to hold the shift key while plugging in flash drive so the virus does not run and re-infect system.Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program.
Repeat this step if you have more than one flash drives.

We need to find the exact file path for these.....

sal.xls.exe

taipingtianguov1.1.exe



To do this
Click on Start – Search – All Files and Folders – Put, sal.xls.exe in “All or part of the file name” spot. Scroll down and click on “More advanced options” Put a check on “Search system folders”, Search hidden files and Folder” Search SubFolders. Click Search.
Write down the folder path that is given on the right side so you can find it and delete it, in the deleting folders step below.

Now do the same for this one.

taipingtianguov1.1.exe

Please post the Combofix log a new RSIT log and the file paths to those files..

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#9 amohamed

amohamed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 09 January 2009 - 11:35 AM

1- I uninstalled eMule, I don't have any other P2P file sharing software.

2- I ran comboFix against the script as you described, here is the log
ComboFix 08-12-18.01 - AmrM 2009-01-09 8:51:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1195 [GMT 3:00]
Running from: d:\download\Autoruns\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-09 08:49 . 2009-01-09 08:49 <DIR> d-------- C:\32788R22FWJFW
2009-01-09 08:31 . 2009-01-09 08:31 <DIR> d-------- d:\documents and settings\amrm\Tracing
2009-01-09 08:28 . 2009-01-09 08:29 <DIR> d-------- c:\windows\LastGood
2009-01-09 08:27 . 2009-01-09 08:27 <DIR> d-------- c:\program files\Microsoft
2009-01-09 08:26 . 2009-01-09 08:26 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-08 12:46 . 2009-01-08 12:46 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-12-31 12:58 . 2008-12-31 12:58 <DIR> d-------- c:\windows\SQLTools9_KB954606_ENU
2008-12-31 12:55 . 2008-12-31 12:55 <DIR> d-------- c:\windows\SQL9_KB954606_ENU
2008-12-28 14:46 . 2008-12-28 14:46 <DIR> d-------- d:\documents and settings\NetworkService\Application Data\Avaya
2008-12-28 14:38 . 2008-12-28 14:38 <DIR> d-------- d:\documents and settings\NetworkService\Application Data\Intel
2008-12-28 14:26 . 2008-12-31 12:58 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-28 14:25 . 2008-12-28 14:25 <DIR> d-------- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2008-12-28 14:25 . 2008-12-28 14:25 <DIR> d-------- c:\program files\Microsoft Device Emulator
2008-12-28 14:12 . 2008-12-28 14:12 <DIR> d-------- d:\documents and settings\All Users\Application Data\PreEmptive Solutions
2008-12-28 14:12 . 2008-12-28 14:12 <DIR> d-------- c:\windows\Symbols
2008-12-28 14:12 . 2008-12-28 14:19 <DIR> d-------- c:\program files\HTML Help Workshop
2008-12-28 14:12 . 2008-12-28 14:18 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-12-28 14:12 . 2008-12-28 14:13 <DIR> d-------- c:\program files\Common Files\Business Objects
2008-12-28 14:12 . 2008-12-28 14:12 <DIR> d-------- c:\program files\CE Remote Tools
2008-12-28 14:10 . 2008-12-28 14:10 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-27 21:10 . 2008-12-28 14:42 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2008-12-27 21:10 . 2008-12-27 21:10 <DIR> d-------- d:\documents and settings\All Users\Application Data\SpeedBit
2008-12-27 21:10 . 2008-12-27 21:10 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-12-27 21:10 . 2008-12-27 21:10 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-12-27 21:10 . 2008-12-27 21:10 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-12-23 07:51 . 2008-12-23 07:51 <DIR> d-------- d:\documents and settings\amrm\Application Data\Windows Search
2008-12-21 13:56 . 2008-12-21 13:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-21 13:56 . 2008-12-21 13:56 1,409 --a------ c:\windows\QTFont.for
2008-12-21 08:15 . 2008-03-21 03:19 175,763 --a------ c:\windows\system32\nvapps.nvb
2008-12-21 08:14 . 2008-12-21 08:14 <DIR> d-------- d:\documents and settings\amrm\Application Data\Windows Desktop Search
2008-12-21 08:13 . 2008-03-07 20:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-21 08:13 . 2008-03-07 20:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-21 08:13 . 2008-03-07 20:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-20 19:26 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-20 07:26 . 2008-12-20 07:27 <DIR> d-------- C:\rsit
2008-12-20 07:26 . 2008-12-20 07:27 <DIR> d-------- c:\program files\trend micro
2008-12-19 06:43 . 2008-12-20 07:48 136,496 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-19 06:43 . 2008-12-20 07:48 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-19 06:43 . 2008-12-20 07:48 10,652 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-19 06:43 . 2008-12-20 07:48 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-18 21:25 . 2008-05-06 08:25 38,248 --a------ c:\windows\system32\drivers\WGX.SYS
2008-12-18 21:09 . 2008-05-06 14:52 <DIR> d-------- C:\SAV7
2008-12-18 18:05 . 2008-12-18 18:08 <DIR> d-------- c:\windows\Internet Logs
2008-12-18 18:05 . 2008-12-18 18:05 <DIR> d-------- c:\program files\Zone Labs
2008-12-17 13:27 . 2008-12-17 13:27 2 --a------ c:\windows\system32\IPSCtrl.TMP
2008-12-14 08:01 . 2008-12-14 09:35 <DIR> d-------- d:\documents and settings\amrm\Application Data\vlc
2008-12-14 07:30 . 2008-12-14 07:30 <DIR> d-------- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 05:30 --------- d-----w c:\program files\Windows Live
2009-01-09 04:34 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-07 05:21 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater
2009-01-04 05:06 --------- d-----w d:\documents and settings\All Users\Application Data\FLEXnet
2009-01-01 04:59 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-28 11:29 --------- d-----w c:\program files\Microsoft.NET
2008-12-26 04:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-21 05:32 --------- d-----w c:\program files\Windows Desktop Search
2008-12-20 04:48 --------- d-----w c:\program files\Symantec
2008-12-20 04:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-19 03:52 --------- d-----w d:\documents and settings\All Users\Application Data\Symantec
2008-12-16 09:39 --------- d-----w d:\documents and settings\amrm\Application Data\Skype
2008-12-16 09:36 --------- d-----w d:\documents and settings\amrm\Application Data\skypePM
2008-12-08 04:38 --------- d-----w d:\documents and settings\amrm\Application Data\uTorrent
2008-12-08 04:37 705 ----a-w C:\yrjeyshe.exe
2008-12-08 04:37 705 ----a-w C:\goev.exe
2008-12-08 02:38 --------- d-----w c:\program files\Google
2008-12-08 02:29 --------- d-----w d:\documents and settings\amrm\Application Data\GARMIN
2008-12-04 19:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 19:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 18:16 --------- d-----w c:\program files\Western Digital
2008-11-29 02:46 --------- d-----w d:\documents and settings\asalema\Application Data\Windows Desktop Search
2008-11-29 02:46 --------- d-----w d:\documents and settings\asalema\Application Data\Lenovo
2008-11-28 17:00 --------- d-----w c:\program files\PostgreSQL
2008-11-28 14:35 --------- d-----w c:\program files\Java
2008-11-28 05:20 --------- d-----w c:\program files\PuTTY
2008-11-28 05:18 5,248 ----a-w c:\windows\system32\drivers\giveio.sys
2008-11-26 11:47 --------- d-----w c:\program files\Lenovo
2008-11-26 11:47 --------- d-----w c:\program files\Common Files\Lenovo
2008-11-21 04:57 --------- d-----w c:\program files\TortoiseCVS
2008-11-13 17:08 --------- d-----w d:\documents and settings\amrm\Application Data\Download Manager
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:07 208,744 ----a-w c:\windows\system32\muweb.dll
2007-09-05 09:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-09-14 03:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091420080915\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-20_ 6.59.44.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-05 12:38:30 259,072 -c--a-w c:\windows\$NtUninstallKB917013$\spuninst\wss_SpCustom.dll
+ 2008-05-26 19:18:42 261,120 -c--a-w c:\windows\$NtUninstallKB917013$\spuninst\wss_SpCustom.dll
- 2007-09-01 16:48:35 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-12-28 11:19:10 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-12-28 11:13:46 81,920 ----a-w c:\windows\assembly\GAC\CrystalDecisions.Enterprise.Desktop.Report\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Enterprise.Desktop.Report.dll
+ 2008-12-28 11:13:46 45,056 ----a-w c:\windows\assembly\GAC\CrystalDecisions.Enterprise.Framework\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Enterprise.Framework.dll
+ 2008-12-28 11:13:46 86,016 ----a-w c:\windows\assembly\GAC\CrystalDecisions.Enterprise.InfoStore\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Enterprise.InfoStore.dll
+ 2008-12-28 11:13:46 32,768 ----a-w c:\windows\assembly\GAC\CrystalDecisions.Enterprise.PluginManager\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Enterprise.PluginManager.dll
+ 2008-12-28 11:13:46 6,656 ----a-w c:\windows\assembly\GAC\CrystalDecisions.Enterprise.Viewing.ReportSource\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Enterprise.Viewing.ReportSource.dll
+ 2009-01-09 04:34:52 65,536 ----a-w c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2008-12-28 11:10:10 245,760 ----a-w c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll
+ 2008-12-28 11:10:13 135,168 ----a-w c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2008-12-28 11:19:47 69,632 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll
+ 2008-12-28 11:10:12 176,128 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll
+ 2008-12-28 11:19:03 8,704 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll
+ 2008-12-28 11:10:12 118,784 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
+ 2008-12-28 11:10:12 167,936 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll
+ 2008-12-28 11:10:11 249,856 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll
+ 2008-12-28 11:10:12 57,344 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2008-12-28 11:10:11 114,688 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll
+ 2008-12-28 11:19:05 106,496 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VCCodeModel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCCodeModel.dll
+ 2008-12-28 11:19:06 12,288 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VCProject\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCProject.dll
+ 2008-12-28 11:19:06 139,264 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VCProjectEngine\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VCProjectEngine.dll
+ 2008-12-28 11:10:09 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2008-12-28 11:10:13 8,704 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2008-12-28 11:19:05 53,248 ----a-w c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2008-12-28 11:18:53 19,968 ----a-w c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll
+ 2008-12-28 11:19:27 73,728 ----a-w c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll
+ 2008-12-28 11:18:10 49,152 ----a-w c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
- 2007-08-30 13:12:31 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-12-20 17:04:48 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-08-30 13:12:39 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-12-20 17:04:53 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-12-28 11:24:52 53,248 ----a-w c:\windows\assembly\GAC_32\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll
+ 2008-12-30 08:30:47 363,376 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
+ 2008-12-30 08:30:48 78,192 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
+ 2008-12-30 08:31:07 1,626,480 ----a-w c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
- 2007-08-30 03:31:43 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-12-20 17:07:08 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-12-28 11:19:06 93,696 ----a-w c:\windows\assembly\GAC_32\Microsoft.VisualC.VSCodeParser\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.VSCodeParser.dll
+ 2008-12-28 11:19:22 815,104 ----a-w c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.dll
+ 2008-12-28 11:19:14 1,662,976 ----a-w c:\windows\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2007-08-30 13:12:39 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-20 17:04:33 4,444,160 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-08-30 03:32:12 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-12-20 17:07:14 4,174,336 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-12-28 11:19:06 12,800 ----a-w c:\windows\assembly\GAC_32\soapsudscode\2.0.0.0__b03f5f7f11d50a3a\SoapSudsCode.dll
- 2007-08-30 13:12:41 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-12-20 17:04:55 483,840 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-08-30 13:12:38 2,902,016 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-12-20 17:04:41 3,036,160 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-08-30 13:12:27 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-12-20 17:04:57 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-08-30 13:12:27 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-12-20 17:04:57 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-08-30 03:32:13 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-12-20 17:07:13 346,624 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2007-08-30 13:12:43 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-12-20 17:04:54 261,120 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-08-30 13:12:33 5,156,864 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-12-20 17:04:39 5,431,296 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-12-28 11:24:52 16,384 ----a-w c:\windows\assembly\GAC_32\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll
+ 2008-12-28 11:24:53 57,344 ----a-w c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL
+ 2008-12-28 11:24:53 12,288 ----a-w c:\windows\assembly\GAC_32\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll
+ 2008-12-28 11:24:54 3,661,824 ----a-w c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll
+ 2008-12-28 11:24:54 28,672 ----a-w c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2008-12-28 11:24:54 921,600 ----a-w c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll
+ 2008-12-28 11:24:55 36,864 ----a-w c:\windows\assembly\GAC_32\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll
+ 2008-12-28 11:24:55 3,411,968 ----a-w c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2008-12-28 11:24:52 9,728 ----a-w c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2008-12-28 11:24:56 185,856 ----a-w c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2008-12-28 11:24:56 1,196,032 ----a-w c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2008-12-28 11:18:05 53,248 ----a-w c:\windows\assembly\GAC_32\WebDev.WebHost\8.0.0.0__b03f5f7f11d50a3a\WebDev.WebHost.dll
- 2007-08-30 13:12:31 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-12-20 17:04:45 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-08-30 13:12:27 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-12-20 17:04:40 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-12-28 11:19:24 102,400 ----a-w c:\windows\assembly\GAC_MSIL\CppCodeProvider\8.0.0.0__b03f5f7f11d50a3a\CppCodeProvider.dll
+ 2008-12-28 11:13:40 14,336 ----a-w c:\windows\assembly\GAC_MSIL\CRVsPackageLib\10.2.3600.0__692fbea5521e1304\CRVsPackageLib.dll
+ 2008-12-28 11:13:41 90,112 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.CrystalReports.Design\10.2.3600.0__692fbea5521e1304\CrystalDecisions.CrystalReports.Design.dll
+ 2008-12-28 11:13:44 376,832 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.CrystalReports.Engine\10.2.3600.0__692fbea5521e1304\CrystalDecisions.CrystalReports.Engine.dll
+ 2008-12-28 11:13:46 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.Data.AdoDotNetInterop\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Data.AdoDotNetInterop.dll
+ 2008-12-28 11:13:45 19,456 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.KeyCode\10.2.3600.0__692fbea5521e1304\CrystalDecisions.KeyCode.dll
+ 2008-12-28 11:13:45 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.ClientDoc\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.ClientDoc.dll
+ 2008-12-28 11:13:45 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CommLayer\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CommLayer.dll
+ 2008-12-28 11:13:45 135,168 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CommonControls\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CommonControls.dll
+ 2008-12-28 11:13:45 36,864 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CommonObjectModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CommonObjectModel.dll
+ 2008-12-28 11:13:45 159,744 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.Controllers\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.Controllers.dll
+ 2008-12-28 11:13:45 36,864 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CubeDefModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CubeDefModel.dll
+ 2008-12-28 11:13:46 225,280 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.DataDefModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.DataDefModel.dll
+ 2008-12-28 11:13:46 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.DataSetConversion\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.DataSetConversion.dll
+ 2008-12-28 11:13:46 5,120 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.ObjectFactory\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.ObjectFactory.dll
+ 2008-12-28 11:13:46 315,392 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.ReportDefModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.ReportDefModel.dll
+ 2008-12-28 11:13:46 15,872 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.XmlSerialize\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.XmlSerialize.dll
+ 2008-12-28 11:13:44 102,400 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportSource\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportSource.dll
+ 2008-12-28 11:13:44 692,224 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.Shared\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Shared.dll
+ 2008-12-28 11:13:41 303,104 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.VSDesigner\10.2.3600.0__692fbea5521e1304\CrystalDecisions.VSDesigner.dll
+ 2008-12-28 11:13:44 323,584 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.Web\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Web.dll
+ 2008-12-28 11:13:45 245,760 ----a-w c:\windows\assembly\GAC_MSIL\CrystalDecisions.Windows.Forms\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Windows.Forms.dll
- 2007-08-30 13:12:29 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-12-20 17:04:48 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-08-30 13:12:38 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-12-20 17:04:51 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-08-30 13:12:39 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-12-20 17:04:52 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-08-30 13:12:39 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-12-20 17:04:52 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-12-28 11:19:24 7,168 ----a-w c:\windows\assembly\GAC_MSIL\MFCMIFC80\1.0.0.0__b03f5f7f11d50a3a\mfcmifc80.dll
+ 2008-12-30 08:30:50 546,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2008-12-30 08:30:48 140,656 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
+ 2008-12-30 08:30:48 1,217,904 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2008-12-28 11:19:22 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.dll
- 2007-08-30 13:12:29 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-12-20 17:04:58 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-08-30 13:12:30 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-12-20 17:04:58 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-08-30 13:12:30 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-12-20 17:04:59 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-08-30 13:12:31 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-12-20 17:05:01 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-12-28 11:18:55 860,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Build.Tasks\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Build.Tasks.dll
+ 2008-12-28 11:14:04 131,072 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.Model\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.Model.dll
+ 2008-12-28 11:14:03 192,512 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.PocketPC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.PocketPC.dll
+ 2008-12-28 11:14:04 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.PocketPC2004\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.PocketPC2004.dll
+ 2008-12-28 11:17:15 40,960 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.PocketPCV1\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.PocketPCV1.dll
+ 2008-12-28 11:14:04 159,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.SmartPhone\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.SmartPhone.dll
+ 2008-12-28 11:14:04 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.SmartPhone2004\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.SmartPhone2004.dll
+ 2008-12-28 11:14:03 180,224 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design.WindowsCE\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.WindowsCE.dll
+ 2008-12-28 11:14:03 684,032 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.CompactFramework.Design\8.0.0.0__b03f5f7f11d50a3a\Microsoft.CompactFramework.Design.dll
+ 2008-12-30 08:30:47 38,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
+ 2008-12-28 11:30:52 133,848 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.ExceptionMessageBox.dll
- 2007-08-30 13:12:29 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-12-20 17:04:52 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-12-28 11:10:13 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2008-12-30 08:28:32 136,560 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2008-12-28 11:19:26 3,612,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ReportViewer.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.ReportViewer.Common.dll
+ 2008-12-28 11:19:12 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ReportViewer.Design\8.0.0.0__b03f5f7f11d50a3a\Microsoft.ReportViewer.Design.dll
+ 2008-12-28 11:19:27 49,152 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ReportViewer.ProcessingObjectModel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.ReportViewer.ProcessingObjectModel.dll
+ 2008-12-28 11:19:12 114,688 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ReportViewer.WebDesign\8.0.0.0__b03f5f7f11d50a3a\Microsoft.ReportViewer.WebDesign.dll
+ 2008-12-28 11:19:26 532,480 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ReportViewer.WebForms\8.0.0.0__b03f5f7f11d50a3a\Microsoft.ReportViewer.WebForms.dll
+ 2008-12-28 11:19:26 331,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.ReportViewer.WinForms\8.0.0.0__b03f5f7f11d50a3a\Microsoft.ReportViewer.WinForms.dll
+ 2008-12-30 08:30:47 157,040 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2008-12-30 08:28:32 46,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2008-12-30 08:28:32 202,096 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2008-12-28 11:29:00 16,600 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Instapi\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.InstApi.dll
+ 2008-12-30 08:30:47 71,024 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
+ 2008-12-28 11:29:13 47,832 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Replication.BusinessLogicSupport\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll
+ 2008-12-30 08:30:48 558,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
+ 2008-12-30 08:30:47 42,352 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
+ 2008-12-28 11:26:38 289,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll
+ 2008-12-30 08:30:47 1,598,832 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2008-12-30 08:30:47 222,576 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
+ 2008-12-30 08:30:47 906,608 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2008-12-28 11:28:59 43,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlTDiagM\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlTDiagM.dll
+ 2008-12-28 11:28:58 20,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SString\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SString.dll
+ 2008-12-30 08:28:32 595,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2008-12-30 08:30:47 46,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
- 2007-08-30 03:31:43 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-12-20 17:07:08 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2007-08-30 13:12:45 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-12-20 17:04:51 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-08-30 13:12:44 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-12-20 17:04:50 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-08-30 13:12:25 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-12-20 17:04:55 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-08-30 13:12:44 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-12-20 17:04:50 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-12-28 11:19:06 49,152 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.VSCodeProvider\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.VSCodeProvider.dll
- 2007-08-30 13:12:45 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-12-20 17:04:35 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-12-28 11:10:12 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
+ 2008-12-28 11:19:03 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll
+ 2008-12-28 11:19:45 49,152 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
+ 2008-12-28 11:19:03 434,176 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2008-12-28 11:14:04 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DeviceConnectivity.Interop\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DeviceConnectivity.Interop.dll
+ 2008-12-28 11:19:07 1,859,584 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll
+ 2008-12-28 11:19:10 905,216 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.dll
+ 2008-12-28 11:19:21 462,848 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.EnterpriseTools.Shell\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.EnterpriseTools.Shell.dll
+ 2008-12-28 11:19:10 1,499,136 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.EnterpriseTools.TypeSystem\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.dll
+ 2008-12-28 11:19:21 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.EnterpriseTools\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.EnterpriseTools.dll
+ 2008-12-28 11:19:44 24,576 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
+ 2008-12-28 11:19:44 49,152 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll
+ 2008-12-28 11:19:47 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
+ 2008-12-28 11:19:22 1,290,240 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.dll
+ 2008-12-28 11:19:22 266,240 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.ArtifactMapper\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.ArtifactMapper.dll
+ 2008-12-28 11:19:22 651,264 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Diagrams\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Diagrams.dll
+ 2008-12-28 11:19:22 761,856 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.dll
+ 2008-12-28 11:19:04 344,064 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll
+ 2008-12-28 11:19:05 4,096 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
+ 2008-12-28 11:19:08 806,912 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll
+ 2008-12-28 11:19:04 249,856 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll
+ 2008-12-28 11:10:14 376,832 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
+ 2008-12-28 11:18:44 15,872 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
+ 2008-12-28 11:19:26 315,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VirtualTreeGrid\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VirtualTreeGrid.dll
+ 2008-12-28 11:10:14 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
+ 2008-12-28 11:19:04 360,448 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll
+ 2008-12-28 11:18:02 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
+ 2008-12-28 11:10:14 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
+ 2008-12-28 11:19:04 294,912 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll
- 2007-08-30 13:12:27 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-12-20 17:04:57 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-08-30 13:12:26 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-12-20 17:04:49 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-12-28 11:19:05 4,202,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
- 2007-08-30 13:12:26 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-12-20 17:04:49 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-12-28 11:28:59 84,696 ----a-w c:\windows\assembly\GAC_MSIL\MSClusterLib\1.0.0.0__89845dcd8080cc91\MSClusterLib.dll
+ 2008-12-28 11:18:58 40,960 ----a-w c:\windows\assembly\GAC_MSIL\msddslmp\8.0.0.0__b03f5f7f11d50a3a\msddslmp.dll
+ 2008-12-28 11:18:58 139,264 ----a-w c:\windows\assembly\GAC_MSIL\msddsp\8.0.0.0__b03f5f7f11d50a3a\msddsp.dll
- 2007-08-30 03:32:11 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-12-20 17:07:04 602,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2007-08-30 03:32:11 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-12-20 17:07:14 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2007-08-30 03:32:13 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-12-20 17:07:11 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2007-08-30 03:32:12 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-12-20 17:07:11 131,072 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2007-08-30 03:32:13 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-12-20 17:07:11 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2007-08-30 03:32:13 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-12-20 17:07:11 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2007-08-30 03:32:12 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-12-20 17:07:10 5,210,112 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2007-08-30 03:32:12 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-12-20 17:07:09 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2007-08-30 03:32:13 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-12-20 17:07:13 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2007-08-30 03:31:43 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-12-20 17:07:08 102,400 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2007-08-30 13:12:42 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-12-20 17:04:53 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-08-30 13:12:32 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-12-20 17:04:53 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-08-30 13:12:42 413,696 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-12-20 17:04:40 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-08-30 13:12:41 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-12-20 17:04:42 741,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-08-30 13:12:28 888,832 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-12-20 17:04:42 933,888 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-08-30 13:12:38 5,001,216 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-12-20 17:05:04 5,070,848 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-08-30 13:12:32 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-12-20 17:04:59 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-08-30 13:12:32 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-12-20 17:04:46 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-08-30 13:12:33 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-12-20 17:04:56 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-08-30 13:12:43 577,536 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-12-20 17:04:35 630,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-08-30 03:31:44 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-12-20 17:07:16 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2007-08-30 03:31:44 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-12-20 17:07:16 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2007-08-30 03:31:44 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-12-20 17:07:08 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2007-08-30 13:12:41 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-12-20 17:04:57 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-08-30 13:12:43 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-12-20 17:04:56 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-08-30 13:12:41 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-12-20 17:04:54 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-08-30 13:12:42 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-12-20 17:04:54 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-08-30 03:31:44 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-12-20 17:07:07 929,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2007-08-30 13:12:31 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-12-20 17:04:36 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-08-30 03:31:47 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-12-20 17:07:04 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2007-08-30 03:31:47 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-12-20 17:07:04 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2007-08-30 03:31:45 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-12-20 17:07:05 5,971,968 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2007-08-30 13:12:33 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-12-20 17:04:36 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-08-30 03:32:13 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-12-20 17:07:04 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2007-08-30 13:12:44 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-12-20 17:04:45 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-08-30 13:12:34 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-12-20 17:04:45 90,112 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-08-30 13:12:34 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-12-20 17:04:44 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-08-30 13:12:34 5,152,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-12-20 17:04:47 5,013,504 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-08-30 03:36:01 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-12-20 17:07:15 1,152,040 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2007-08-30 03:36:01 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-12-20 17:07:15 1,635,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2007-08-30 03:36:01 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-12-20 17:07:15 578,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2007-08-30 13:12:35 2,027,520 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-12-20 17:04:37 2,068,480 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-08-30 13:12:43 2,940,928 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-12-20 17:04:43 3,076,096 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2007-08-30 03:32:12 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-12-20 17:07:03 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2007-08-30 03:32:12 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-12-20 17:07:03 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2007-08-30 03:32:12 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-12-20 17:07:12 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2007-08-30 03:32:12 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-12-20 17:07:12 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2007-08-30 03:32:11 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-12-20 17:07:12 1,204,224 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2007-08-30 03:32:13 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-12-20 17:07:03 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-12-20 17:11:37 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-12-20 17:19:54 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-12-20 17:21:16 503,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
+ 2008-12-20 17:21:42 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-12-20 17:21:12 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-12-28 11:40:10 589,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\afd14e699e99ce00e420ef889a717168\EnvDTE.ni.dll
+ 2008-12-29 02:52:11 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\e5ff1ac14e40f15cbcdb29aec2b443dd\EnvDTE80.ni.dll
+ 2008-12-20 17:21:45 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-12-20 17:21:46 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-12-20 17:21:51 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-12-20 17:21:52 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-12-29 02:52:15 122,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Vis#\d0e362fb3f519833bb02a486ff2751e1\Microsoft.Build.VisualJSharp.ni.dll
+ 2008-12-29 02:52:20 471,040 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\6e162bb1a61bf67df6fd80a28f802578\Microsoft.CompactFramework.Design.WindowsCE.ni.dll
+ 2008-12-29 02:52:18 499,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\b45cd1b23bbc7b43e810c2ab2106ab40\Microsoft.CompactFramework.Design.PocketPC.ni.dll
+ 2008-12-29 02:52:09 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\da8b819b3670df28873625edf27903b9\Microsoft.CompactFramework.Design.SmartPhone.ni.dll
+ 2008-12-29 02:52:06 1,912,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\de500e9d0e0baa8771bd5e8deffb664f\Microsoft.CompactFramework.Design.ni.dll
+ 2008-12-28 11:31:58 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\c851efbcdb133ac214b09ae51ff54b55\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2008-12-30 08:36:49 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\d62b526d1272eeaecfd853c43e71aa4f\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2008-12-28 11:32:12 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\03ce0e72242f28dd261fda698be2d448\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2008-12-28 11:32:06 561,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\057d6ab1c1f71152ad954bb83ad6b59a\Microsoft.SqlServer.GridControl.ni.dll
+ 2008-12-30 08:36:52 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\12e799894c1489f12ca14adcbbb211a1\Microsoft.SqlServer.CustomControls.ni.dll
+ 2008-12-28 11:32:01 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\381b42660e8097a1dc02baa71c7c1b15\Microsoft.SqlServer.CustomControls.ni.dll
+ 2008-12-30 08:36:55 561,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84d53b2db1d75c1e776fcf7b77493836\Microsoft.SqlServer.GridControl.ni.dll
+ 2008-12-30 08:36:58 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bef302ed13baa690c3333ffe54a14f1d\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2008-12-28 11:32:11 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c75e7a5cfb419c775303e167902da13d\Microsoft.SqlServer.Setup.ni.dll
+ 2008-12-31 10:07:20 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d7b4b5139c4f2ba122b5c92493806fae\Microsoft.SqlServer.Setup.ni.dll
+ 2008-12-20 17:21:24 1,232,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll
+ 2008-12-20 17:21:27 401,408 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-12-20 17:44:09 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-12-20 17:11:44 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-12-29 02:53:03 798,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\078788b87665d8cfc83ccb9b7e487740\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2008-12-29 02:52:30 2,011,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3796def4270f354abc34710ab0365c7b\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2008-12-29 02:53:37 315,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\39d36c3299b9a8a771e491fd50a73181\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2008-12-29 02:52:44 4,063,232 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5d4f668d716947cfeb40aef027a7c167\Microsoft.VisualStudio.Editors.ni.dll
+ 2008-12-29 02:53:01 905,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5daf472325e0f988711e5943b1707e50\Microsoft.VisualStudio.Shell.ni.dll
+ 2008-12-29 02:53:09 1,847,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6285409df689df61fbbe8d3c2e9ce12a\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
+ 2008-12-29 02:52:55 2,269,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\648b675136ea409ad7f4d3f06b01dfe0\Microsoft.VisualStudio.Modeling.ni.dll
+ 2008-12-29 02:53:17 3,035,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\75ade65b5b398e557226cc8f425e40e6\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
+ 2008-12-29 02:52:50 1,044,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7ed35ba682b73881d655b55fb2d38c40\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2008-12-29 02:52:32 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8599fc303951ee6d202b9e53b1fc5770\Microsoft.VisualStudio.Configuration.ni.dll
+ 2008-12-29 02:52:36 23,040 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8acff37d1532e69ddd3d18c091f52541\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2008-12-29 02:53:41 372,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8da786ed57087f3f38b4a962ba0c2790\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2008-12-29 02:53:36 4,096,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a764a892b481c97e6fd94c5c024cd343\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2008-12-29 02:53:12 1,114,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ae6a519331b728503d69f393ba14dcdf\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
+ 2008-12-29 02:52:36 1,200,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bdbee11cffce633fc0a8c0f557ba65af\Microsoft.VisualStudio.Design.ni.dll
+ 2008-12-29 02:52:25 708,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c3165e7ae2373b14bf4ae9ce077a4dc0\Microsoft.VisualStudio.ni.dll
+ 2008-12-29 02:53:05 1,720,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c8ca445682df8bfb95bd6444682c5cff\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
+ 2008-12-29 02:53:39 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ccce5aec2a7bf73bcfccac6b0952bb88\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2008-12-29 02:53:24 2,334,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cffbcb973e039887155ce7e735be67e4\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2008-12-29 02:53:44 868,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d8dbacfaf193d7b5795df636419ff3de\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2008-12-29 02:52:56 192,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\eccb2761be36ad7b7d3ed46fbff865bc\Microsoft.VisualStudio.EnterpriseTools.ni.dll
+ 2008-12-20 17:09:01 11,722,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-12-28 11:22:47 987,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\msvcm80\34065dbb6e3fe3b2dac619fb8d9b8651\msvcm80.ni.dll
+ 2008-12-20 17:44:13 1,581,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2008-12-20 17:13:38 40,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2008-12-20 17:13:31 12,570,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
+ 2008-12-20 17:09:37 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2008-12-20 17:18:19 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2008-12-20 17:18:28 552,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2008-12-20 17:15:27 15,036,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2008-12-20 17:18:29 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2008-12-20 17:18:23 245,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2008-12-20 17:15:34 2,035,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2008-12-20 17:15:47 2,416,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2008-12-20 17:21:30 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
+ 2008-12-20 17:21:31 299,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll
+ 2008-12-20 17:21:36 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
+ 2008-12-20 17:44:33 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-12-20 17:10:27 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-12-20 17:09:49 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-12-20 17:18:09 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-12-20 17:10:20 2,756,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-12-20 17:16:17 7,049,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-12-20 17:11:43 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-12-20 17:18:01 10,969,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-12-20 17:15:56 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-12-20 17:18:12 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-12-20 17:18:03 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-12-20 17:10:38 1,667,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-12-20 17:16:26 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-12-20 17:16:26 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-12-20 17:20:02 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll
+ 2008-12-20 17:20:00 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll
+ 2008-12-20 17:20:04 417,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll
+ 2008-12-20 17:44:54 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-12-20 17:15:51 1,134,592 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2008-12-20 17:16:30 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-12-20 17:10:33 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-12-20 17:20:12 2,445,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll
+ 2008-12-20 17:10:25 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-12-20 17:21:09 18,071,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll
+ 2008-12-20 17:09:43 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-12-20 17:44:33 2,039,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2008-12-20 17:16:20 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-12-20 17:44:39 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-12-20 17:18:10 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-12-20 17:17:33 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-12-20 17:17:24 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-12-20 17:11:35 13,193,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-12-20 17:44:45 3,084,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2008-12-20 17:44:50 4,579,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll
+ 2008-12-20 17:44:53 2,088,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll
+ 2008-12-20 17:10:07 5,771,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-12-20 17:09:34 8,265,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2008-12-20 17:44:56 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll
+ 2008-12-20 17:44:59 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll
+ 2008-12-20 17:13:33 50,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll
+ 2008-12-20 17:13:36 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll
+ 2008-12-29 02:54:12 33,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\3ec6ad2c76a5f150415c0262df1c6a61\vjscor.ni.dll
+ 2008-12-29 02:54:13 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\200bb0de6d7ca7451fe6eb83ed1d66d1\VJSharpCodeProvider.ni.dll
+ 2008-12-29 02:54:14 34,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\d4f226ec3f3048fad662c91f982db186\vjsjbc.ni.dll
+ 2008-12-29 02:54:27 8,429,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\706a48380549750ee1305b7b57b38148\vjslib.ni.dll
+ 2008-12-29 02:54:28 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\c93f9cf51ac036bdbe48948a3691f74a\vjslibcw.ni.dll
+ 2008-12-29 02:54:31 2,674,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\b4fd86614b1a4dd0c11a6ad53e60d335\VJSSupUILib.ni.dll
+ 2008-12-29 02:54:34 50,176 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\aed9094b087f3adcb8a2b84e5247f612\vjsvwaux.ni.dll
+ 2008-12-29 02:54:45 7,368,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\0dd7002c5591b5ca694be863d4965989\vjswfc.ni.dll
+ 2008-12-29 02:54:47 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\d8845b6d3de41990b475af94e7b0bac1\VjsWfcBrowserStubLib.ni.dll
+ 2008-12-29 02:54:48 450,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\20fa8c7ad96c7f1d2f35b00ccf0f20dc\vjswfccw.ni.dll
+ 2008-12-29 02:54:54 3,633,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\b5c541fc2f3a1d684157edc29a701bbb\vjswfchtml.ni.dll
+ 2008-12-29 02:54:55 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\8f8f295b5590323c3e2b414078a3848d\VSLangProj.ni.dll
+ 2008-12-20 17:12:02 3,395,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll
+ 2008-12-20 17:45:03 270,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll
+ 2008-12-20 17:21:39 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-16 23:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2008-10-16 23:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2009-01-09 05:26:22 62,288 ----a-r c:\windows\Installer\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}\IconWlc.exe
+ 2009-01-09 05:31:31 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-01-09 05:28:23 58,945 ----a-r c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
- 2008-11-13 00:05:34 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-20 17:14:28 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 00:05:34 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-20 17:14:28 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 00:05:34 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-20 17:14:28 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-13 00:05:34 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-20 17:14:28 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-13 00:05:34 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-20 17:14:28 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 00:05:34 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-20 17:14:28 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 00:05:34 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-20 17:14:28 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 00:05:34 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-20 17:14:28 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 00:05:34 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-20 17:14:28 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 00:05:34 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-20 17:14:28 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 00:05:34 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-20 17:14:28 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 00:05:34 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-20 17:14:28 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-11-13 00:02:24 135,168 ----a-r c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-20 17:12:19 135,168 ----a-r c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-13 00:02:24 4,096 ----a-r c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-20 17:12:19 4,096 ----a-r c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-13 00:02:24 147,456 ----a-r c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-12-20 17:12:19 147,456 ----a-r c:\windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2009-01-09 05:30:20 132,096 ----a-r c:\windows\Installer\{F73A5B18-EB75-4B2C-B32D-9457576E2417}\WLXPhotoGalleryIcon.exe
- 2008-12-19 03:45:03 21,446 ----a-r c:\windows\Installer\{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}\ARPPRODUCTICON.exe
+ 2008-12-20 04:48:30 21,446 ----a-r c:\windows\Installer\{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}\ARPPRODUCTICON.exe
+ 2006-11-29 10:06:18 3,426,072 ----a-w c:\windows\LastGood\system32\d3dx9_32.dll
- 2005-09-23 04:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-23 22:47:38 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 04:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-23 22:47:38 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 04:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-23 22:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 04:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-23 22:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 04:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-23 22:47:40 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 04:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-23 22:47:38 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 04:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-23 22:47:26 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 04:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-23 22:47:30 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 04:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-23 22:47:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 04:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-23 22:47:48 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 00:40:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll
+ 2005-09-23 00:41:18 39,424 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll
- 2005-09-23 04:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-23 22:47:20 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 04:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-23 22:47:40 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 04:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-23 22:47:42 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 04:01:18 68,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\al.exe
- 2005-09-23 04:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-23 22:47:26 99,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 00:21:18 58,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-23 22:47:42 59,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 04:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-23 22:47:22 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 00:20:52 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-23 22:47:22 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 00:20:52 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-23 22:47:22 17,928 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 00:20:52 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-23 22:47:22 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 00:20:50 75,264 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-23 22:47:22 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 04:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-23 22:47:22 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 00:20:52 32,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-23 22:47:22 32,776 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 04:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-23 22:47:22 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 00:20:52 33,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-23 22:47:22 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 00:20:52 32,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-23 22:47:22 33,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 00:20:52 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-23 22:47:22 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 04:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-23 22:47:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 00:21:16 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-23 22:47:40 101,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 04:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-23 22:47:30 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 04:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-23 22:47:30 1,162,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 04:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-23 22:47:30 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 04:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-23 22:47:42 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 04:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-23 22:47:40 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 04:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-23 22:47:30 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 04:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-23 22:47:28 66,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 00:20:58 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-23 22:47:28 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 04:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-23 22:47:54 572,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 04:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-23 22:47:40 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 04:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-23 22:47:36 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 00:21:16 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-23 22:47:40 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 04:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-23 22:47:40 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 04:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-23 22:47:40 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 04:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-23 22:47:40 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 00:21:16 228,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-23 22:47:40 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 00:21:16 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-23 22:47:40 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 04:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-23 22:47:40 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 04:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-23 22:47:40 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 04:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-23 22:47:34 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 04:01:16 609,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
+ 2005-09-23 03:32:24 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1028.dll
+ 2005-09-23 03:34:44 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1031.dll
+ 2005-09-23 00:46:14 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1033.dll
+ 2005-09-23 03:38:52 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1036.dll
+ 2005-09-23 03:40:56 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1040.dll
+ 2005-09-23 03:42:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1041.dll
+ 2005-09-23 03:44:58 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1042.dll
+ 2005-09-23 03:47:04 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1046.dll
+ 2005-09-23 03:47:30 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1049.dll
+ 2005-09-23 03:30:18 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.2052.dll
+ 2005-09-23 03:36:48 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.3082.dll
+ 2005-09-23 04:57:06 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\unicows.dll
+ 2005-09-23 03:32:24 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1028.dll
+ 2005-09-23 03:34:44 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1031.dll
+ 2005-09-23 00:48:06 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1033.dll
+ 2005-09-23 03:38:52 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1036.dll
+ 2005-09-23 03:40:56 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1040.dll
+ 2005-09-23 03:42:58 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1041.dll
+ 2005-09-23 03:45:00 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1042.dll
+ 2005-09-23 03:47:04 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1046.dll
+ 2005-09-23 03:47:30 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1049.dll
+ 2005-09-23 03:30:18 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.2052.dll
+ 2005-09-23 03:36:48 42,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.3082.dll
+ 2005-09-23 03:56:22 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Conversion.dll
- 2007-04-13 00:21:10 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-23 22:47:36 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 04:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-23 22:47:36 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 00:21:10 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-23 22:47:36 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 04:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-23 22:47:36 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 03:56:42 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll
+ 2005-09-23 03:56:16 860,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.CompactFramework.Build.Tasks.dll
- 2007-04-13 00:21:08 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-23 22:47:34 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 04:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-23 22:47:52 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 04:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-23 22:47:52 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 04:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-23 22:47:50 671,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 04:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-23 22:47:20 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 04:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-23 22:47:52 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 04:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-23 22:47:20 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 04:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-23 22:47:20 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 04:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-23 22:47:20 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 00:20:52 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-23 22:47:22 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 04:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-23 22:47:36 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 00:21:18 802,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-23 22:47:40 822,280 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 04:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-23 22:47:40 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 04:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-23 22:47:40 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 00:21:16 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-23 22:47:40 47,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 00:21:16 326,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-23 22:47:40 348,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 04:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-23 22:47:40 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 00:21:16 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-23 22:47:40 4,444,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 00:21:16 102,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-23 22:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 04:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-23 22:47:44 340,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 04:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-23 22:47:40 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 04:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-23 22:47:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 00:21:18 227,328 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-23 22:47:40 242,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 00:21:18 68,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-23 22:47:40 70,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 04:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-23 22:47:40 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 00:21:12 5,634,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-23 22:47:36 5,814,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 04:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-23 22:47:44 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 00:21:16 99,152 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-23 22:47:40 101,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 00:21:18 15,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-23 22:47:40 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 04:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-23 22:47:40 89,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 00:21:12 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-23 22:47:36 144,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 04:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-23 22:47:40 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 04:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-23 22:47:40 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 04:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-23 22:47:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 04:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-23 22:47:42 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 04:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-23 22:47:40 119,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 04:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-23 22:47:44 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 00:21:18 382,464 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-23 22:47:40 392,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 00:21:18 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-23 22:47:40 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 00:21:18 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-23 22:47:42 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 04:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-23 22:47:40 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 00:21:16 2,902,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-23 22:47:40 3,036,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 00:21:18 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-23 22:47:40 483,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 00:21:18 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-23 22:47:40 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 00:20:58 888,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-23 22:47:28 933,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 00:21:16 5,001,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-23 22:47:40 5,070,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 04:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-23 22:47:40 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 00:21:18 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-23 22:47:40 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 00:21:16 2,940,928 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-23 22:47:40 3,076,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 04:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-23 22:47:40 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 00:21:16 577,536 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-23 22:47:40 630,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 00:21:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-23 22:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 00:21:18 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-23 22:47:40 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 00:21:18 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-23 22:47:40 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 00:21:16 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-23 22:47:40 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 04:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-23 22:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 00:21:16 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-23 22:47:40 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 04:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-23 22:47:40 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 04:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-23 22:47:40 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 04:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-23 22:47:40 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 00:21:18 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-23 22:47:40 261,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 00:21:16 5,156,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-23 22:47:40 5,431,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 04:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-23 22:47:40 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 04:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-23 22:47:40 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 04:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-23 22:47:40 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 00:21:16 5,152,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-23 22:47:40 5,013,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 00:21:16 2,027,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-23 22:47:40 2,068,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 04:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-23 22:47:40 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 00:21:28 1,166,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-23 22:47:48 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 04:01:18 13,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe
+ 2005-09-23 01:49:26 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll
+ 2005-09-23 03:56:56 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll
+ 2005-09-23 03:56:34 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL
+ 2005-09-23 03:56:44 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll
+ 2005-09-23 03:56:16 3,661,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
+ 2005-09-23 03:56:36 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll
+ 2005-09-23 00:41:48 176,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll
+ 2005-09-23 03:56:40 921,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll
+ 2005-09-23 03:56:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll
+ 2005-09-23 03:56:22 3,411,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll
+ 2005-09-23 03:56:22 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll
+ 2005-09-23 03:56:44 185,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll
+ 2005-09-23 03:56:36 1,196,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll
- 2007-04-13 00:20:50 1,330,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-23 22:47:20 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 03:56:16 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE
- 2007-04-13 00:20:52 406,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-23 22:47:22 434,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 04:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-23 22:47:40 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2006-10-30 00:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2007-10-11 06:55:14 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2006-10-30 00:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-11 06:55:10 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2006-10-30 00:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2007-10-11 06:55:12 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
- 2006-10-30 00:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-11 06:55:12 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
- 2006-10-30 00:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2007-10-11 06:55:14 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
- 2006-10-30 00:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2007-10-11 06:55:14 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2006-10-30 00:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2007-10-11 06:55:14 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
- 2006-10-30 00:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2007-10-11 06:55:14 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
- 2006-10-30 00:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-11 06:55:14 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2006-10-30 00:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2007-10-11 06:55:14 929,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2006-10-30 00:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2007-10-11 06:55:14 5,971,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2006-10-30 00:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2007-10-11 06:55:14 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
- 2006-10-30 00:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2007-10-11 06:55:14 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2006-10-30 00:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-11 06:55:14 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2006-07-25 18:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2007-10-06 00:18:12 16,936 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
- 2006-10-20 18:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2007-10-09 10:03:00 76,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
- 2006-10-20 18:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2007-10-09 09:58:12 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2006-10-20 18:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 09:58:12 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-20 18:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2007-10-09 10:03:08 121,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2006-10-20 18:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2007-10-09 09:58:14 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
- 2006-10-20 18:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2007-10-09 09:58:20 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2005-09-23 00:41:50 2,560 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2005-09-23 00:40:48 94,208 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll
+ 2005-09-23 00:41:50 68,608 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
+ 2007-02-10 03:09:12 127,856 ----a-w c:\windows\SQL9_KB954606_ENU\batchparser90.dll
+ 2007-02-10 03:09:20 1,039,728 ----a-w c:\windows\SQL9_KB954606_ENU\dbghelp.dll
+ 2007-02-10 03:15:30 1,160,560 ----a-w c:\windows\SQL9_KB954606_ENU\dumpdatastore.dll
+ 2008-08-05 14:58:48 2,536,976 ----a-w c:\windows\SQL9_KB954606_ENU\hotfix.exe
+ 2005-10-13 21:26:42 548,864 ----a-w c:\windows\SQL9_KB954606_ENU\msvcp80.dll
+ 2005-10-13 21:26:42 626,688 ----a-w c:\windows\SQL9_KB954606_ENU\msvcr80.dll
+ 2007-02-10 03:29:52 143,728 ----a-w c:\windows\SQL9_KB954606_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52 533,872 ----a-w c:\windows\SQL9_KB954606_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54 230,256 ----a-w c:\windows\SQL9_KB954606_ENU\sqlsetupvista.dll
+ 2007-02-10 03:09:12 127,856 ----a-w c:\windows\SQLTools9_KB954606_ENU\batchparser90.dll
+ 2007-02-10 03:09:20 1,039,728 ----a-w c:\windows\SQLTools9_KB954606_ENU\dbghelp.dll
+ 2007-02-10 03:15:30 1,160,560 ----a-w c:\windows\SQLTools9_KB954606_ENU\dumpdatastore.dll
+ 2008-08-05 14:58:48 2,536,976 ----a-w c:\windows\SQLTools9_KB954606_ENU\hotfix.exe
+ 2005-10-13 21:26:42 548,864 ----a-w c:\windows\SQLTools9_KB954606_ENU\msvcp80.dll
+ 2005-10-13 21:26:42 626,688 ----a-w c:\windows\SQLTools9_KB954606_ENU\msvcr80.dll
+ 2007-02-10 03:29:52 143,728 ----a-w c:\windows\SQLTools9_KB954606_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52 533,872 ----a-w c:\windows\SQLTools9_KB954606_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54 230,256 ----a-w c:\windows\SQLTools9_KB954606_ENU\sqlsetupvista.dll
+ 2005-09-22 23:55:58 8,704 ----a-w c:\windows\system32\1033\vsjitdebuggerui.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-31 10:35:43 3,987 ----a-w c:\windows\system32\config\systemprofile\Application Data\Intel\Wireless\Settings\AlertHistory.bin
- 2008-12-19 03:49:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-05 17:03:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-19 03:49:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-05 17:03:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-19 03:49:35 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-05 17:03:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-09-23 04:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
+ 2007-10-23 22:47:28 96,760 ----a-w c:\windows\system32\dfshim.dll
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-07-18 19:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 11:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c--a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c--a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 17:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-17 22:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 00:12:27 3,558,912 -c--a-w c:\windows\system32\dllcache\moviemk.exe
- 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-05-17 21:53:00 6,346,720 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
+ 2008-03-21 00:19:00 6,547,936 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 00:12:09 167,936 -c--a-w c:\windows\system32\dllcache\wmm2ae.dll
+ 2008-04-14 00:12:09 4,096 -c--a-w c:\windows\system32\dllcache\wmm2eres.dll
+ 2008-04-14 00:12:09 7,680 -c--a-w c:\windows\system32\dllcache\wmm2ext.dll
+ 2008-04-14 00:12:09 402,432 -c--a-w c:\windows\system32\dllcache\wmm2filt.dll
+ 2008-04-14 00:12:09 502,272 -c--a-w c:\windows\system32\dllcache\wmm2fxa.dll
+ 2008-04-14 00:12:09 325,632 -c--a-w c:\windows\system32\dllcache\wmm2fxb.dll
+ 2008-04-14 00:12:09 4,256,768 -c--a-w c:\windows\system32\dllcache\wmm2res.dll
+ 2008-04-14 00:12:09 5,632 -c--a-w c:\windows\system32\dllcache\wmm2res2.dll
- 2006-10-18 18:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 02:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 18:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 02:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-18 19:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 11:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 19:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 11:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 19:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 11:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 19:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 11:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 19:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 11:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 19:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 11:12:24 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2007-05-17 21:53:00 6,346,720 ----a-w c:\windows\system32\drivers\nv4_mini.sys
+ 2008-03-21 00:19:00 6,547,936 ----a-w c:\windows\system32\drivers\nv4_mini.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2006-10-20 18:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll
+ 2007-10-09 10:03:00 73,752 ----a-w c:\windows\system32\dxva2.dll
- 2006-10-20 18:30:00 478,496 ----a-w c:\windows\system32\evr.dll
+ 2007-10-09 10:03:12 493,080 ----a-w c:\windows\system32\evr.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-16 06:39:16 366,504 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-28 11:33:43 368,096 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2005-09-23 06:20:28 837,904 ----a-w c:\windows\system32\hha.dll
- 2006-10-30 00:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe
+ 2007-10-11 06:55:10 579,584 ----a-w c:\windows\system32\icardagt.exe
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2006-10-30 00:33:58 9,480 ----a-w c:\windows\system32\icardres.dll
+ 2007-10-11 06:55:10 11,776 ----a-w c:\windows\system32\icardres.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2006-10-30 00:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll
+ 2007-10-11 06:55:10 88,576 ----a-w c:\windows\system32\infocardapi.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2007-05-17 21:53:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2008-03-21 00:19:00 425,984 ----a-w c:\windows\system32\keystone.exe
- 2006-10-18 17:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-17 22:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2006-10-20 18:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll
+ 2007-10-09 10:03:14 1,986,072 ----a-w c:\windows\system32\milcore.dll
- 2008-04-14 00:11:57 29,696 ----a-w c:\windows\system32\mimefilt.dll
+ 2008-03-07 17:02:08 29,696 ----a-w c:\windows\system32\mimefilt.dll
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2007-04-13 00:21:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2007-10-23 22:47:38 282,112 ----a-w c:\windows\system32\mscoree.dll
- 2005-09-23 04:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
+ 2007-10-23 22:47:38 158,720 ----a-w c:\windows\system32\mscorier.dll
- 2005-09-23 04:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
+ 2007-10-23 22:47:38 84,480 ----a-w c:\windows\system32\mscories.dll
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2007-02-05 12:30:16 23,552 ------w c:\windows\system32\msscb.dll
+ 2008-05-26 19:17:44 34,816 ------w c:\windows\system32\msscb.dll
- 2007-02-05 12:29:24 51,200 ------w c:\windows\system32\msscntrs.dll
+ 2008-05-26 19:17:26 60,416 ------w c:\windows\system32\msscntrs.dll
+ 2008-05-26 19:17:38 11,776 ------w c:\windows\system32\msshooks.dll
- 2007-02-05 12:35:38 248,320 ------w c:\windows\system32\msshsq.dll
+ 2008-05-26 19:18:34 231,936 ----a-w c:\windows\system32\msshsq.dll
- 2007-02-05 12:29:14 98,816 ------w c:\windows\system32\mssitlb.dll
+ 2008-05-26 19:17:26 87,552 ------w c:\windows\system32\mssitlb.dll
- 2007-02-05 12:33:54 331,776 ------w c:\windows\system32\mssph.dll
+ 2008-05-26 19:18:26 350,208 ------w c:\windows\system32\mssph.dll
- 2007-02-05 12:35:24 167,424 ------w c:\windows\system32\mssphtb.dll
+ 2008-05-26 19:18:56 203,776 ----a-w c:\windows\system32\mssphtb.dll
- 2007-02-05 12:28:56 32,256 ------w c:\windows\system32\mssprxy.dll
+ 2008-05-26 19:17:28 32,768 ----a-w c:\windows\system32\mssprxy.dll
- 2007-02-05 12:43:06 1,481,728 ------w c:\windows\system32\mssrch.dll
+ 2008-05-26 19:21:26 1,418,240 ------w c:\windows\system32\mssrch.dll
- 2000-05-23 19:45:58 118,784 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2005-09-23 06:20:30 118,784 ----a-w c:\windows\system32\msstdfmt.dll
- 2007-02-05 12:36:48 52,224 ------w c:\windows\system32\msstrc.dll
+ 2008-05-26 19:18:42 44,032 ------w c:\windows\system32\msstrc.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2006-12-22 10:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2007-10-23 22:47:44 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll
- 2008-04-14 00:12:02 98,304 ----a-w c:\windows\system32\nlhtml.dll
+ 2008-03-07 17:02:08 98,304 ----a-w c:\windows\system32\nlhtml.dll
- 2007-05-17 21:53:00 5,466,240 ----a-w c:\windows\system32\nv4_disp.dll
+ 2008-03-21 00:19:00 5,975,296 ----a-w c:\windows\system32\nv4_disp.dll
- 2007-05-17 21:53:00 344,064 ----a-w c:\windows\system32\nvapi.dll
+ 2008-03-21 00:19:00 417,792 ----a-w c:\windows\system32\nvapi.dll
- 2007-05-17 21:53:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
+ 2008-03-21 00:19:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
- 2007-05-17 21:53:00 36,864 ----a-w c:\windows\system32\nvcod.dll
+ 2008-03-21 00:19:00 35,840 ----a-w c:\windows\system32\nvcod.dll
- 2007-05-17 21:53:00 36,864 ----a-w c:\windows\system32\nvcodins.dll
+ 2008-03-21 00:19:00 35,840 ----a-w c:\windows\system32\nvcodins.dll
- 2007-05-17 21:53:00 8,433,664 ----a-w c:\windows\system32\nvcpl.dll
+ 2008-03-21 00:19:00 13,524,992 ----a-w c:\windows\system32\nvcpl.dll
- 2008-03-21 05:49:00 764,448 ----a-w c:\windows\system32\nvcplui.exe
+ 2008-03-21 00:19:00 764,448 ----a-w c:\windows\system32\nvcplui.exe
- 2008-03-21 05:49:00 1,079,840 ----a-w c:\windows\system32\nvcpluir.dll
+ 2008-03-21 00:19:00 1,079,840 ----a-w c:\windows\system32\nvcpluir.dll
- 2008-03-21 05:49:00 1,126,400 ----a-w c:\windows\system32\nvcuda.dll
+ 2008-03-21 00:19:00 1,126,400 ----a-w c:\windows\system32\nvcuda.dll
- 2007-05-17 21:53:00 6,074,368 ----a-w c:\windows\system32\nvdisps.dll
+ 2008-03-21 00:19:00 6,582,272 ----a-w c:\windows\system32\nvdisps.dll
- 2007-05-17 21:53:00 5,427,200 ----a-w c:\windows\system32\nvdispsr.dll
+ 2008-03-21 00:19:00 5,783,552 ----a-w c:\windows\system32\nvdispsr.dll
- 2007-05-17 21:53:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
+ 2008-03-21 00:19:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
- 2008-03-21 05:49:00 313,888 ----a-w c:\windows\system32\nvexpbar.dll
+ 2008-03-21 00:19:00 313,888 ----a-w c:\windows\system32\nvexpbar.dll
- 2007-05-17 21:53:00 3,145,728 ----a-w c:\windows\system32\nvgames.dll
+ 2008-03-21 00:19:00 3,469,312 ----a-w c:\windows\system32\nvgames.dll
- 2007-05-17 21:53:00 3,235,840 ----a-w c:\windows\system32\nvgamesr.dll
+ 2008-03-21 00:19:00 3,444,736 ----a-w c:\windows\system32\nvgamesr.dll
- 2007-05-17 21:53:00 1,474,560 ----a-w c:\windows\system32\nview.dll
+ 2008-03-21 00:19:00 1,486,848 ----a-w c:\windows\system32\nview.dll
- 2007-05-17 21:53:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
+ 2008-03-21 00:19:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
- 2007-05-17 21:53:00 458,752 ----a-w c:\windows\system32\nvmccssr.dll
+ 2008-03-21 00:19:00 458,752 ----a-w c:\windows\system32\nvmccssr.dll
- 2007-05-17 21:53:00 81,920 ----a-w c:\windows\system32\nvmctray.dll
+ 2008-03-21 00:19:00 86,016 ----a-w c:\windows\system32\nvmctray.dll
- 2007-05-17 21:53:00 958,464 ----a-w c:\windows\system32\nvmobls.dll
+ 2008-03-21 00:19:00 1,257,472 ----a-w c:\windows\system32\nvmobls.dll
- 2007-05-17 21:53:00 2,854,912 ----a-w c:\windows\system32\nvmoblsr.dll
+ 2008-03-21 00:19:00 2,854,912 ----a-w c:\windows\system32\nvmoblsr.dll
- 2008-12-17 03:57:05 432,492 ----a-w c:\windows\system32\nvModes.dat
+ 2009-01-08 07:46:17 214,970 ----a-w c:\windows\system32\nvModes.dat
- 2007-05-17 21:53:00 6,660,096 ----a-w c:\windows\system32\nvoglnt.dll
+ 2008-03-21 00:19:00 8,634,368 ----a-w c:\windows\system32\nvoglnt.dll
- 2007-05-17 21:53:00 327,680 ----a-w c:\windows\system32\nvrsar.dll
+ 2008-03-21 00:19:00 327,680 ----a-w c:\windows\system32\nvrsar.dll
- 2007-05-17 21:53:00 245,760 ----a-w c:\windows\system32\nvrscs.dll
+ 2008-03-21 00:19:00 249,856 ----a-w c:\windows\system32\nvrscs.dll
- 2007-05-17 21:53:00 253,952 ----a-w c:\windows\system32\nvrsda.dll
+ 2008-03-21 00:19:00 253,952 ----a-w c:\windows\system32\nvrsda.dll
- 2007-05-17 21:53:00 278,528 ----a-w c:\windows\system32\nvrsde.dll
+ 2008-03-21 00:19:00 278,528 ----a-w c:\windows\system32\nvrsde.dll
- 2007-05-17 21:53:00 282,624 ----a-w c:\windows\system32\nvrsel.dll
+ 2008-03-21 00:19:00 282,624 ----a-w c:\windows\system32\nvrsel.dll
- 2007-05-17 21:53:00 245,760 ----a-w c:\windows\system32\nvrseng.dll
+ 2008-03-21 00:19:00 249,856 ----a-w c:\windows\system32\nvrseng.dll
- 2007-05-17 21:53:00 282,624 ----a-w c:\windows\system32\nvrses.dll
+ 2008-03-21 00:19:00 282,624 ----a-w c:\windows\system32\nvrses.dll
- 2007-05-17 21:53:00 274,432 ----a-w c:\windows\system32\nvrsesm.dll
+ 2008-03-21 00:19:00 274,432 ----a-w c:\windows\system32\nvrsesm.dll
- 2007-05-17 21:53:00 249,856 ----a-w c:\windows\system32\nvrsfi.dll
+ 2008-03-21 00:19:00 249,856 ----a-w c:\windows\system32\nvrsfi.dll
- 2007-05-17 21:53:00 282,624 ----a-w c:\windows\system32\nvrsfr.dll
+ 2008-03-21 00:19:00 286,720 ----a-w c:\windows\system32\nvrsfr.dll
- 2007-05-17 21:53:00 327,680 ----a-w c:\windows\system32\nvrshe.dll
+ 2008-03-21 00:19:00 327,680 ----a-w c:\windows\system32\nvrshe.dll
- 2007-05-17 21:53:00 258,048 ----a-w c:\windows\system32\nvrshu.dll
+ 2008-03-21 00:19:00 258,048 ----a-w c:\windows\system32\nvrshu.dll
- 2007-05-17 21:53:00 278,528 ----a-w c:\windows\system32\nvrsit.dll
+ 2008-03-21 00:19:00 282,624 ----a-w c:\windows\system32\nvrsit.dll
- 2007-05-17 21:53:00 266,240 ----a-w c:\windows\system32\nvrsja.dll
+ 2008-03-21 00:19:00 266,240 ----a-w c:\windows\system32\nvrsja.dll
- 2007-05-17 21:53:00 262,144 ----a-w c:\windows\system32\nvrsko.dll
+ 2008-03-21 00:19:00 258,048 ----a-w c:\windows\system32\nvrsko.dll
- 2007-05-17 21:53:00 274,432 ----a-w c:\windows\system32\nvrsnl.dll
+ 2008-03-21 00:19:00 274,432 ----a-w c:\windows\system32\nvrsnl.dll
- 2007-05-17 21:53:00 253,952 ----a-w c:\windows\system32\nvrsno.dll
+ 2008-03-21 00:19:00 253,952 ----a-w c:\windows\system32\nvrsno.dll
- 2007-05-17 21:53:00 253,952 ----a-w c:\windows\system32\nvrspl.dll
+ 2008-03-21 00:19:00 258,048 ----a-w c:\windows\system32\nvrspl.dll
- 2007-05-17 21:53:00 270,336 ----a-w c:\windows\system32\nvrspt.dll
+ 2008-03-21 00:19:00 274,432 ----a-w c:\windows\system32\nvrspt.dll
- 2007-05-17 21:53:00 266,240 ----a-w c:\windows\system32\nvrsptb.dll
+ 2008-03-21 00:19:00 266,240 ----a-w c:\windows\system32\nvrsptb.dll
- 2007-05-17 21:53:00 266,240 ----a-w c:\windows\system32\nvrsru.dll
+ 2008-03-21 00:19:00 270,336 ----a-w c:\windows\system32\nvrsru.dll
- 2007-05-17 21:53:00 258,048 ----a-w c:\windows\system32\nvrssk.dll
+ 2008-03-21 00:19:00 258,048 ----a-w c:\windows\system32\nvrssk.dll
- 2007-05-17 21:53:00 253,952 ----a-w c:\windows\system32\nvrssl.dll
+ 2008-03-21 00:19:00 258,048 ----a-w c:\windows\system32\nvrssl.dll
- 2007-05-17 21:53:00 253,952 ----a-w c:\windows\system32\nvrssv.dll
+ 2008-03-21 00:19:00 253,952 ----a-w c:\windows\system32\nvrssv.dll
+ 2008-03-21 00:19:00 253,952 ----a-w c:\windows\system32\nvrsth.dll
- 2007-05-17 21:53:00 253,952 ----a-w c:\windows\system32\nvrstr.dll
+ 2008-03-21 00:19:00 258,048 ----a-w c:\windows\system32\nvrstr.dll
- 2007-05-17 21:53:00 225,280 ----a-w c:\windows\system32\nvrszhc.dll
+ 2008-03-21 00:19:00 225,280 ----a-w c:\windows\system32\nvrszhc.dll
- 2007-05-17 21:53:00 122,880 ----a-w c:\windows\system32\nvrszht.dll
+ 2008-03-21 00:19:00 126,976 ----a-w c:\windows\system32\nvrszht.dll
- 2007-05-17 21:53:00 466,944 ----a-w c:\windows\system32\nvshell.dll
+ 2008-03-21 00:19:00 466,944 ----a-w c:\windows\system32\nvshell.dll
- 2007-05-17 21:53:00 163,908 ----a-w c:\windows\system32\nvsvc32.exe
+ 2008-03-21 00:19:00 155,716 ----a-w c:\windows\system32\nvsvc32.exe
- 2007-05-17 21:53:00 3,395,584 ----a-w c:\windows\system32\nvvitvs.dll
+ 2008-03-21 00:19:00 3,776,512 ----a-w c:\windows\system32\nvvitvs.dll
- 2007-05-17 21:53:00 3,620,864 ----a-w c:\windows\system32\nvvitvsr.dll
+ 2008-03-21 00:19:00 4,136,960 ----a-w c:\windows\system32\nvvitvsr.dll
- 2007-05-17 21:53:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
+ 2008-03-21 00:19:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
- 2007-05-17 21:53:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll
+ 2008-03-21 00:19:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll
- 2007-05-17 21:53:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
+ 2008-03-21 00:19:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
- 2007-05-17 21:53:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
+ 2008-03-21 00:19:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
- 2007-05-17 21:53:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
+ 2008-03-21 00:19:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
- 2007-05-17 21:53:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
+ 2008-03-21 00:19:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
- 2007-05-17 21:53:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
+ 2008-03-21 00:19:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
- 2007-05-17 21:53:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
+ 2008-03-21 00:19:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
- 2007-05-17 21:53:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
+ 2008-03-21 00:19:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
- 2007-05-17 21:53:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
+ 2008-03-21 00:19:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
- 2007-05-17 21:53:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
+ 2008-03-21 00:19:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
- 2007-05-17 21:53:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
+ 2008-03-21 00:19:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
- 2007-05-17 21:53:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
+ 2008-03-21 00:19:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
- 2007-05-17 21:53:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
+ 2008-03-21 00:19:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
- 2007-05-17 21:53:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
+ 2008-03-21 00:19:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
- 2007-05-17 21:53:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
+ 2008-03-21 00:19:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
- 2007-05-17 21:53:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
+ 2008-03-21 00:19:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
- 2007-05-17 21:53:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
+ 2008-03-21 00:19:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
- 2007-05-17 21:53:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
+ 2008-03-21 00:19:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
- 2007-05-17 21:53:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
+ 2008-03-21 00:19:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
- 2007-05-17 21:53:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
+ 2008-03-21 00:19:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
- 2007-05-17 21:53:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
+ 2008-03-21 00:19:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
- 2007-05-17 21:53:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
+ 2008-03-21 00:19:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
- 2007-05-17 21:53:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
+ 2008-03-21 00:19:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
- 2007-05-17 21:53:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
+ 2008-03-21 00:19:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
- 2007-05-17 21:53:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
+ 2008-03-21 00:19:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
- 2007-05-17 21:53:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
+ 2008-03-21 00:19:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
+ 2008-03-21 00:19:00 290,816 ----a-w c:\windows\system32\nvwrsth.dll
- 2007-05-17 21:53:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
+ 2008-03-21 00:19:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
- 2007-05-17 21:53:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
+ 2008-03-21 00:19:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
- 2007-05-17 21:53:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
+ 2008-03-21 00:19:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
- 2007-05-17 21:53:00 2,113,536 ----a-w c:\windows\system32\nvwss.dll
+ 2008-03-21 00:19:00 2,629,632 ----a-w c:\windows\system32\nvwss.dll
- 2007-05-17 21:53:00 2,379,776 ----a-w c:\windows\system32\nvwssr.dll
+ 2008-03-21 00:19:00 2,670,592 ----a-w c:\windows\system32\nvwssr.dll
- 2007-05-17 21:53:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe
+ 2008-03-21 00:19:00 1,630,208 ----a-w c:\windows\system32\nwiz.exe
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2007-05-17 21:53:00 217,088 ----a-w c:\windows\system32\oemdspif.dll
+ 2008-03-21 00:19:00 217,088 ----a-w c:\windows\system32\oemdspif.dll
- 2007-02-05 12:40:56 260,096 ------w c:\windows\system32\oeph.dll
+ 2008-05-26 19:19:36 273,408 ------w c:\windows\system32\oeph.dll
- 2007-02-05 12:24:36 11,264 ------w c:\windows\system32\oephRes.dll
+ 2008-05-26 19:19:16 11,264 ------w c:\windows\system32\oephRes.dll
- 2008-04-14 00:12:02 192,000 ----a-w c:\windows\system32\offfilt.dll
+ 2008-03-07 17:02:08 192,000 ----a-w c:\windows\system32\offfilt.dll
- 2008-09-17 08:49:04 79,518 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-31 09:57:02 98,344 ----a-w c:\windows\system32\perfc009.dat
- 2008-09-17 08:49:04 463,474 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-31 09:57:02 515,446 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2006-10-20 18:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2007-10-09 10:03:04 106,520 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
- 2006-10-20 18:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe
+ 2007-10-09 10:03:08 350,744 ----a-w c:\windows\system32\PresentationHost.exe
- 2006-10-20 18:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll
+ 2007-10-09 10:03:02 33,304 ----a-w c:\windows\system32\PresentationHostProxy.dll
- 2006-10-20 18:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll
+ 2007-10-09 10:03:12 779,800 ----a-w c:\windows\system32\PresentationNative_v0300.dll
- 2007-02-05 12:32:02 65,536 ------w c:\windows\system32\propdefs.dll
+ 2008-05-26 19:18:08 71,680 ------w c:\windows\system32\propdefs.dll
- 2007-02-05 12:28:46 733,696 ------w c:\windows\system32\propsys.dll
+ 2008-05-26 19:17:48 754,176 ----a-w c:\windows\system32\propsys.dll
- 2007-02-05 12:36:08 27,136 ------w c:\windows\system32\rtffilt.dll
+ 2008-05-26 19:18:32 38,400 ------w c:\windows\system32\rtffilt.dll
- 2007-02-05 12:31:10 76,800 ------w c:\windows\system32\searchfilterhost.exe
+ 2008-05-26 19:17:56 87,552 ------w c:\windows\system32\searchfilterhost.exe
- 2007-02-05 12:34:38 300,032 ------w c:\windows\system32\searchindexer.exe
+ 2008-05-26 19:18:44 439,808 ------w c:\windows\system32\searchindexer.exe
- 2007-02-05 12:32:28 182,784 ------w c:\windows\system32\searchprotocolhost.exe
+ 2008-05-26 19:18:18 184,832 ------w c:\windows\system32\searchprotocolhost.exe
+ 2008-10-16 11:12:20 561,688 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll
+ 2008-10-16 11:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 11:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-02-10 02:29:52 67,952 ----a-w c:\windows\system32\sqlctr90.dll
+ 2007-02-10 02:29:52 2,234,224 ----a-w c:\windows\system32\sqlncli.dll
- 2007-02-05 12:29:12 255,488 ------w c:\windows\system32\srchadmin.dll
+ 2008-05-26 19:17:30 301,568 ------w c:\windows\system32\srchadmin.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2007-02-05 11:24:26 99,999 ------w c:\windows\system32\structuredqueryschema.bin
+ 2008-05-26 18:59:40 106,605 ------w c:\windows\system32\structuredqueryschema.bin
- 2007-02-05 11:24:28 18,271 ------w c:\windows\system32\structuredqueryschematrivial.bin
+ 2008-05-26 18:59:42 18,904 ------w c:\windows\system32\structuredqueryschematrivial.bin
- 2007-02-05 12:42:10 1,504,768 ------w c:\windows\system32\tquery.dll
+ 2008-05-26 19:21:08 1,582,592 ----a-w c:\windows\system32\tquery.dll
+ 2007-10-09 09:58:20 16,896 ----a-w c:\windows\system32\tswpfwrp.exe
- 2008-04-14 00:12:38 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2006-10-20 18:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll
+ 2007-10-09 10:03:08 161,304 ----a-w c:\windows\system32\UIAutomationCore.dll
- 2007-02-05 12:40:58 98,304 ------w c:\windows\system32\UncCplExt.dll
+ 2008-05-26 19:19:20 97,792 ------w c:\windows\system32\UncCplExt.dll
- 2007-02-05 12:41:06 134,656 ------w c:\windows\system32\UncDMS.dll
+ 2008-05-26 19:19:22 143,872 ------w c:\windows\system32\UncDMS.dll
- 2007-02-05 12:41:04 108,544 ------w c:\windows\system32\UncNE.dll
+ 2008-05-26 19:19:28 108,032 ------w c:\windows\system32\UncNE.dll
- 2007-02-05 12:41:14 122,368 ------w c:\windows\system32\UncPH.dll
+ 2008-05-26 19:19:28 131,072 ------w c:\windows\system32\UncPH.dll
- 2007-02-05 12:24:38 2,048 ------w c:\windows\system32\UncRes.dll
+ 2008-05-26 19:19:26 2,048 ------w c:\windows\system32\UncRes.dll
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2005-09-23 04:01:16 153,800 ----a-w c:\windows\system32\vsjitdebugger.exe
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-04-14 00:12:08 712,704 ----a-w c:\windows\system32\windowscodecs.dll
+ 2008-07-11 08:55:41 712,704 ----a-w c:\windows\system32\windowscodecs.dll
- 2008-04-14 00:12:08 346,112 ----a-w c:\windows\system32\windowscodecsext.dll
+ 2008-07-11 08:55:41 347,648 ----a-w c:\windows\system32\windowscodecsext.dll
- 2006-10-18 18:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 02:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 18:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 02:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2007-02-05 12:36:06 111,104 ------w c:\windows\system32\xmlfilter.dll
+ 2008-05-26 19:18:34 56,320 ------w c:\windows\system32\xmlfilter.dll
- 2006-10-20 18:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-10-09 10:03:08 308,760 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-01-01 05:01:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_ea8.dat
+ 2005-09-22 20:30:08 110,592 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_a08a3e21\ATL80.dll
+ 2005-09-22 20:27:40 516,096 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3fea50ad\msvcm80.dll
+ 2005-09-22 20:28:56 1,097,728 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3fea50ad\msvcp80.dll
+ 2005-09-22 20:26:16 822,784 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3fea50ad\msvcr80.dll
+ 2005-09-22 20:27:32 1,338,368 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_2968974c\msvcm80d.dll
+ 2005-09-22 20:28:00 1,395,200 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_2968974c\msvcp80d.dll
+ 2005-09-22 20:26:10 1,332,224 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_2968974c\msvcr80d.dll
+ 2005-09-22 20:59:22 3,128,832 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_fa4f0a51\mfc80d.dll
+ 2005-09-22 21:02:46 3,136,000 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_fa4f0a51\mfc80ud.dll
+ 2005-09-22 21:05:40 123,392 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_fa4f0a51\mfcm80d.dll
+ 2005-09-22 21:05:56 121,856 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_fa4f0a51\mfcm80ud.dll
+ 2005-09-22 21:22:18 116,224 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.DebugOpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_98c1fee8\vcompd.dll
+ 2005-09-22 21:00:32 1,605,120 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_10d0c3b2\mfc80.dll
+ 2005-09-22 21:03:48 1,602,560 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_10d0c3b2\mfc80u.dll
+ 2005-09-22 21:05:48 65,024 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_10d0c3b2\mfcm80.dll
+ 2005-09-22 21:06:04 63,488 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_10d0c3b2\mfcm80u.dll
+ 2005-09-22 21:04:46 40,960 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80CHS.dll
+ 2005-09-22 21:04:46 45,056 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80CHT.dll
+ 2005-09-22 21:04:46 65,536 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80DEU.dll
+ 2005-09-22 21:04:46 57,344 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80ENU.dll
+ 2005-09-22 21:04:46 61,440 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80ESP.dll
+ 2005-09-22 21:04:46 61,440 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80FRA.dll
+ 2005-09-22 21:04:46 61,440 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80ITA.dll
+ 2005-09-22 21:04:46 49,152 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80JPN.dll
+ 2005-09-22 21:04:46 49,152 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_661fdcb0\mfc80KOR.dll
+ 2005-09-22 21:22:20 81,920 ----a-w c:\windows\WinSxS\amd64_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_40f01e47\vcomp.dll
+ 2008-12-20 17:04:51 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-23 22:47:56 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-23 22:47:56 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-23 22:47:56 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
+ 2005-09-22 20:48:08 1,015,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\msvcm80d.dll
+ 2005-09-22 20:48:08 1,028,096 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\msvcp80d.dll
+ 2005-09-22 20:48:08 1,171,456 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\msvcr80d.dll
+ 2005-09-22 22:16:02 2,375,680 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfc80d.dll
+ 2005-09-22 22:16:06 2,379,264 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfc80ud.dll
+ 2005-09-22 22:16:10 114,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfcm80d.dll
+ 2005-09-22 22:16:12 102,400 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugMFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_c8452471\mfcm80ud.dll
+ 2005-09-22 22:35:10 102,400 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.DebugOpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_66b81908\vcompd.dll
+ 2005-09-22 22:35:10 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
+ 2007-11-06 17:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 22:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 22:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2007-08-30 13:12:27 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-12-20 17:04:57 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-08-30 13:12:27 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-12-20 17:04:57 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-21 13524992]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-03-08 49168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-05-06 115560]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-21 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-22 185896]
"nwiz"="nwiz.exe" [2008-03-21 c:\windows\system32\nwiz.exe]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-19 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-08 18:08 89600 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 21:37 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=logon.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-08-30 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2007-08-30 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2007-08-30 4442]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-26 94208]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-08 11152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-05-06 23888]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2005-09-23 2799808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80dd-b601-11dd-aa2c-001b7740faa1}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80e6-b601-11dd-aa2c-001b7740faa1}]
\Shell\??\command - taipingtianguov1.1.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a717480-d7df-11dd-aa5b-001b7740faa1}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ba4e5a-7fc0-11dd-aa14-001b7740faa1}]
\Shell\AutoRun\command - wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a8df48-5639-11dc-9665-b1781edd8380}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa85-5a24-11dd-aa01-001b7740faa1}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa86-5a24-11dd-aa01-001b7740faa1}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa87-5a24-11dd-aa01-001b7740faa1}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8a-6185-11dd-aa02-001c25102b3f}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8b-6185-11dd-aa02-001c25102b3f}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b18f81-3f4c-11dd-a9ec-001c25102b3f}]
\Shell\AutoRun\command - olb1iimw.bat
\Shell\explore\Command - olb1iimw.bat
\Shell\open\Command - olb1iimw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feee9ff2-c2de-11dd-aa32-001b7740faa1}]
\Shell\AutoRun\command - F:\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2008-06-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 17:09]

2009-01-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 01:47]

2009-01-08 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 07:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.qu.edu.qa/
IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\program files\DAP\dapextie.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\acpir2.dll
O16 -: {2DAD3559-2923-4935-AD49-B673D2539944}
hxxp://www-307.ibm.com/pc/support/acpir.cab
c:\windows\Downloaded Program Files\acpir.inf

O16 -: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://www.qurancomplex.org/downloads/FontDown.cab
c:\windows\Downloaded Program Files\FontDownATL.inf

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

c:\windows\Downloaded Program Files\FontSmooth.dll - O16 -: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061}
hxxp://www.qurancomplex.org/Downloads/FontSmooth.cab
c:\windows\Downloaded Program Files\FontSmooth.inf

c:\windows\Downloaded Program Files\WebInst.Dll - O16 -: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC}
hxxp://wusav.qu.edu.qa/sav/webinst.cab
FF - ProfilePath - d:\documents and settings\amrm\Application Data\Mozilla\Firefox\Profiles\mqfuw9nm.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1425.4532\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 08:55:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll

- - - - - - - > 'lsass.exe'(1516)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
Completion time: 2009-01-09 17:24:12
ComboFix-quarantined-files.txt 2009-01-09 14:24:08
ComboFix2.txt 2008-12-20 04:03:08

Pre-Run: 3,844,722,688 bytes free
Post-Run: 3,800,571,904 bytes free

1697 --- E O F --- 2008-12-31 10:05:13


3- I ran the flash_disinfector software, here is the output out.cvs


4- I ran RSIT again, here is the new log

Logfile of random's system information tool 1.05 (written by random/random)
Run by AmrM at 2009-01-09 19:12:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (12%) free of 31 GB
Total RAM: 2014 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13, on 2009-01-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\download\Autoruns\RSIT.exe
C:\Program Files\trend micro\AmrM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.qu.edu.qa/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Clean Traces - d:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\VISIO2~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229790333828
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229790315875
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://www.qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://wusav.qu.edu.qa/sav/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\Software\..\Telephony: DomainName = qu.edu.qa
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5CD1A84-A942-4813-99B5-B82C19B0FCDC}: Domain = qu.edu.qa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = qu.edu.qa
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = qu.edu.qa
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 17139 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-08 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-08 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-08 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-08 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-03-21 13524992]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2007-03-08 49168]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2008-06-09 165208]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-03-26 59680]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-05-06 115560]
"LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [2008-06-09 124248]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-24 1036288]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-03-21 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-07-22 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-08 39408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-08-15 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-03-08 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=Qatar University LAPTOP Owner Only
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80dd-b601-11dd-aa2c-001b7740faa1}]
shell\Auto\command - sal.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80e6-b601-11dd-aa2c-001b7740faa1}]
shell\??\command - taipingtianguov1.1.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a717480-d7df-11dd-aa5b-001b7740faa1}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ba4e5a-7fc0-11dd-aa14-001b7740faa1}]
shell\AutoRun\command - wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a8df48-5639-11dc-9665-b1781edd8380}]
shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa85-5a24-11dd-aa01-001b7740faa1}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa86-5a24-11dd-aa01-001b7740faa1}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0edfa87-5a24-11dd-aa01-001b7740faa1}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8a-6185-11dd-aa02-001c25102b3f}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25e0b8b-6185-11dd-aa02-001c25102b3f}]
shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b18f81-3f4c-11dd-a9ec-001c25102b3f}]
shell\AutoRun\command - olb1iimw.bat
shell\explore\command - olb1iimw.bat
shell\open\command - olb1iimw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feee9ff2-c2de-11dd-aa32-001b7740faa1}]
shell\AutoRun\command - F:\WDSetup.exe


======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-01-09 18:06:47 ----SHD---- C:\RECYCLER
2009-01-09 18:01:37 ----RASHD---- C:\autorun.inf
2009-01-09 17:24:15 ----A---- C:\ComboFix.txt
2009-01-09 08:49:35 ----D---- C:\32788R22FWJFW
2009-01-09 08:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-01-09 08:27:17 ----D---- C:\Program Files\Microsoft
2009-01-09 08:27:02 ----SHD---- C:\Config.Msi
2009-01-09 08:26:28 ----D---- C:\Program Files\Windows Live SkyDrive
2009-01-09 07:34:43 ----D---- C:\Program Files\Microsoft Visual Studio
2009-01-08 12:46:41 ----D---- C:\Program Files\Common Files\Windows Live
2008-12-31 12:58:38 ----D---- C:\WINDOWS\SQLTools9_KB954606_ENU
2008-12-31 12:55:28 ----D---- C:\WINDOWS\SQL9_KB954606_ENU
2008-12-28 14:26:25 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-28 14:25:14 ----D---- C:\Program Files\Microsoft Device Emulator
2008-12-28 14:25:09 ----D---- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-12-28 14:12:15 ----D---- D:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-12-28 14:12:15 ----D---- C:\WINDOWS\Symbols
2008-12-28 14:12:15 ----D---- C:\Program Files\HTML Help Workshop
2008-12-28 14:12:15 ----D---- C:\Program Files\Common Files\Business Objects
2008-12-28 14:12:15 ----D---- C:\Program Files\CE Remote Tools
2008-12-28 14:12:14 ----D---- C:\Program Files\Common Files\Merge Modules
2008-12-28 14:10:09 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-12-27 21:10:48 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-12-27 21:10:39 ----D---- D:\Documents and Settings\All Users\Application Data\SpeedBit
2008-12-27 21:10:33 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2008-12-23 07:51:39 ----D---- D:\Documents and Settings\amrm\Application Data\Windows Search
2008-12-21 08:14:17 ----D---- D:\Documents and Settings\amrm\Application Data\Windows Desktop Search
2008-12-21 08:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-21 08:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-20 20:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-20 20:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 20:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 20:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-20 19:26:22 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-20 07:26:46 ----D---- C:\Program Files\trend micro
2008-12-20 07:26:45 ----D---- C:\rsit
2008-12-20 07:03:11 ----D---- C:\WINDOWS\temp
2008-12-20 05:56:45 ----A---- C:\Boot.bak
2008-12-20 05:46:37 ----RASHD---- C:\cmdcons
2008-12-19 09:32:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\zip.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\sed.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\grep.exe
2008-12-19 09:32:45 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 08:21:20 ----D---- C:\WINDOWS\ERDNT
2008-12-19 08:21:20 ----D---- C:\Qoobox
2008-12-19 07:56:17 ----A---- C:\FindyKill.txt
2008-12-19 06:43:02 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-18 21:09:01 ----D---- C:\SAV7
2008-12-18 18:05:51 ----D---- C:\Program Files\Zone Labs
2008-12-18 18:05:43 ----D---- C:\WINDOWS\Internet Logs
2008-12-17 13:27:04 ----A---- C:\WINDOWS\system32\IPSCtrl.TMP
2008-12-17 13:24:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-14 08:01:51 ----D---- D:\Documents and Settings\amrm\Application Data\vlc
2008-12-14 07:30:33 ----D---- C:\Program Files\VideoLAN

======List of files/folders modified in the last 1 months======

2009-01-09 19:08:15 ----A---- C:\Log.txt
2009-01-09 17:32:36 ----A---- C:\WINDOWS\smscfg.ini
2009-01-09 17:31:27 ----D---- C:\WINDOWS
2009-01-09 17:31:03 ----HD---- C:\WINDOWS\inf
2009-01-09 17:30:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-09 17:29:58 ----D---- C:\Program Files\Symantec AntiVirus
2009-01-09 17:29:56 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-01-09 17:28:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-09 17:24:22 ----D---- C:\WINDOWS\system32\drivers
2009-01-09 17:24:22 ----D---- C:\WINDOWS\system32
2009-01-09 17:24:16 ----D---- C:\WINDOWS\Prefetch
2009-01-09 08:59:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-09 08:58:35 ----RSD---- C:\WINDOWS\assembly
2009-01-09 08:55:42 ----A---- C:\WINDOWS\system.ini
2009-01-09 08:43:38 ----RD---- C:\Program Files
2009-01-09 08:31:32 ----SHD---- C:\WINDOWS\Installer
2009-01-09 08:30:34 ----D---- C:\Program Files\Windows Live
2009-01-09 08:29:29 ----D---- C:\WINDOWS\system32\DirectX
2009-01-09 08:27:29 ----D---- C:\WINDOWS\WinSxS
2009-01-09 08:27:03 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-09 08:27:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-09 07:34:59 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-08 12:46:41 ----D---- C:\Program Files\Common Files
2009-01-08 10:08:15 ----D---- C:\WINDOWS\security
2009-01-08 09:22:08 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-07 18:06:45 ----A---- C:\WINDOWS\UEDIT32.INI
2009-01-07 13:26:03 ----D---- C:\WINDOWS\system32\VPCache
2009-01-04 08:06:34 ----D---- D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-31 12:57:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-30 11:28:51 ----D---- C:\WINDOWS\Registration
2008-12-29 18:39:30 ----SHD---- C:\WINDOWS\CSC
2008-12-28 14:29:02 ----D---- C:\Program Files\Microsoft.NET
2008-12-28 14:21:28 ----SD---- D:\Documents and Settings\amrm\Application Data\Microsoft
2008-12-28 14:20:50 ----A---- C:\WINDOWS\ODBC.INI
2008-12-28 14:19:07 ----D---- C:\WINDOWS\Help
2008-12-28 14:18:53 ----D---- C:\WINDOWS\system32\1033
2008-12-28 14:12:40 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 07:59:37 ----D---- C:\Program Files\Mozilla Firefox
2008-12-26 13:14:07 ----D---- C:\Garmin
2008-12-26 07:49:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-26 07:49:22 ----D---- C:\Program Files\Movie Maker
2008-12-26 07:34:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-26 07:34:53 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-21 08:32:03 ----D---- C:\WINDOWS\system32\en-us
2008-12-21 08:32:03 ----D---- C:\WINDOWS\nview
2008-12-21 08:32:03 ----D---- C:\Program Files\Windows Desktop Search
2008-12-21 08:14:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-21 08:14:16 ----A---- C:\WINDOWS\imsins.BAK
2008-12-21 08:14:03 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-21 08:14:03 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 20:26:44 ----D---- C:\Program Files\Internet Explorer
2008-12-20 20:20:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-20 20:10:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 20:07:08 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-20 19:26:49 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-20 19:25:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 07:48:26 ----D---- C:\Program Files\Symantec
2008-12-20 07:48:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-20 07:02:37 ----D---- C:\WINDOWS\repair
2008-12-20 06:49:23 ----D---- C:\WINDOWS\system32\config
2008-12-20 06:47:47 ----D---- C:\WINDOWS\AppPatch
2008-12-20 05:58:35 ----RASH---- C:\boot.ini
2008-12-19 06:52:51 ----D---- D:\Documents and Settings\All Users\Application Data\Symantec
2008-12-18 19:32:41 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-17 17:06:16 ----D---- C:\WINDOWS\Minidump
2008-12-16 12:39:18 ----D---- D:\Documents and Settings\amrm\Application Data\Skype
2008-12-16 12:36:54 ----D---- D:\Documents and Settings\amrm\Application Data\skypePM
2008-12-13 09:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 02:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-08-15 11520]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-05-06 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-05-06 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-05-06 191544]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-03-26 4608]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-19 21361]
R2 GiveIO;GiveIO Port Access; C:\WINDOWS\system32\drivers\giveio.sys [2008-11-28 5248]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-08-14 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-11-20 12288]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2008-05-06 38248]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-10-12 252048]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090108.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090108.048\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-03-21 6547936]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-09-24 21376]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-05-06 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-05 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-08 40848]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-05-06 49024]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-04-06 44800]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-11-28 88960]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-05-06 317616]
S3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; a []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-08-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-08-15 212992]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-05-06 108392]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-05-06 108392]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-11-19 794624]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-08 168432]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29184016]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-03-21 155716]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-11-19 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-11-19 1183744]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2008-05-06 2569600]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2008-05-06 2189240]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-17 654848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2008-05-06 234888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

5- I couldn't find the 2 files sal.xls.exe and the other file at all, I did the search on all drives and on the flash drive, couldn't find any.

#10 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:33 PM

Posted 10 January 2009 - 11:00 AM

Hi
OK you need to run Combofix again.

Please do so following these directions.

Press Ctrl+Alt+Del twice at the welcome screen, then type Administrator for the username, enter the password (just press Enter if no password), then run ComboFix from that account with the instructions below..
Note - You will have to logon to the Administrator account again after reboot so that CF can complete.


Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

File::
C:\vviwgifg.exe
C:\yrjeyshe.exe
C:\goev.exe
C:\604966882

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80dd-b601-11dd-aa2c-001b7740faa1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9c80e6-b601-11dd-aa2c-001b7740faa1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b18f81-3f4c-11dd-a9ec-001c25102b3f}]

Please post the log you get.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:33 AM

Posted 17 January 2009 - 11:50 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users