PDA

View Full Version : A bit of everything ???



kilwan
2009-01-18, 21:33
Hello. I'm having some problems with kinda everything. Google search isn't working, i can't open most sites, can't register on any forum, every thing is running very slowly, oh and, i can't open spybot S&D. I tried reinstalling it but it doesn't work, tried updating it but it says it can't connect or something like that ( firewall was turned of ) and same goes for Ad Aware and NOD 32. Anyway ... here is my log.. thx in adv...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49, on 2009-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [143ef14e] rundll32.exe "C:\WINDOWS\system32\txsmxedu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5634 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49, on 2009-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [143ef14e] rundll32.exe "C:\WINDOWS\system32\txsmxedu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5634 bytes

P.S. I know my gramer and spelling aren't perfect but I think they are understanable.

peku006
2009-01-23, 18:29
Hello and welcome to Safer Networking.

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1- Rename Hijackthis

Rename HijackThis.exe to kilwan.exe by doing the following;

Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down menu; "Rename"
And now Rename HijackThis.exe to kilwan.exe
Now right click on the renamed hijackthis and click Send to... and then Desktop (create shortcut)...
Now go to your desktop and delete the old shortcut called "Hijackthis" Make sure you keep the one called kilwan.exe
Now double click the new shortcut.
Take a fresh HijackThis log (click Do a system scan and save a log file)
Post the fresh HijackThis log here.

Thanks peku006

kilwan
2009-01-24, 14:18
Thanks for the reply. I hope the new log will help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3f76f5cf-c805-45ae-b7d6-31a6edcb8435} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccbBTkL.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DE3ECF94-153C-4A33-9602-F7F390D906AB} - C:\WINDOWS\system32\xxyxVnnm.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ed061cb5-733a-4406-b2a4-4653ad7e7974} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [143ef14e] rundll32.exe "C:\WINDOWS\system32\qmswdxvh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: fccbbtkl - C:\WINDOWS\SYSTEM32\fccbBTkL.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6839 bytes

peku006
2009-01-24, 14:43
Hi kilwan

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006

kilwan
2009-01-24, 15:48
OK, I'm having some hard time getting combofix.exe to run. I dowloaded it closed up NOD32 and ad-aware, turned off my firewall and clicked combofix.exe, and nothing happened. I waited for some time and gave up the hope. I tried to run combofix.exe in safe mode and got no response. I hope I missed something ...

peku006
2009-01-24, 16:14
Hi kilwan

OK don't worry about Combofix, we'll try a different tools........

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log


Thanks peku006

kilwan
2009-01-24, 16:30
Well, was worth the try i guess. The malware thingy was a fail, the same thing as with combofix.exe, no response .. atleast rsit worked so here are the logs

Logfile of random's system information tool 1.05 (written by random/random)
Run by Hrvoje at 2009-01-24 15:24:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 45 GB (45%) free of 100 GB
Total RAM: 2046 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Hrvoje\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hrvoje.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3f76f5cf-c805-45ae-b7d6-31a6edcb8435} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccbBTkL.dll
O2 - BHO: (no name) - {7055230B-27EF-45AE-B5F7-064FC32AFC0B} - C:\WINDOWS\system32\xxyxVnnm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ed061cb5-733a-4406-b2a4-4653ad7e7974} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [143ef14e] rundll32.exe "C:\WINDOWS\system32\qmswdxvh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: fccbbtkl - C:\WINDOWS\SYSTEM32\fccbBTkL.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6633 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f76f5cf-c805-45ae-b7d6-31a6edcb8435}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\fccbBTkL.dll [2009-01-17 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7055230B-27EF-45AE-B5F7-064FC32AFC0B}]
C:\WINDOWS\system32\xxyxVnnm.dll [2009-01-22 303616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed061cb5-733a-4406-b2a4-4653ad7e7974}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-12-19 950664]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-05 136600]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"143ef14e"=C:\WINDOWS\system32\qmswdxvh.dll [2009-01-22 73216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-02-10 1937408]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsm]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-02-10 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Hrvoje\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbbtkl]
C:\WINDOWS\system32\fccbBTkL.dll [2009-01-17 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\fccbBTkL.dll [2009-01-17 37376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyxVnnm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Electronic Arts\BattleForgeBeta\Bootstrapper.exe"="C:\Program Files\Electronic Arts\BattleForgeBeta\Bootstrapper.exe:*:Enabled:BattleForge™"
"C:\Program Files\Electronic Arts\BattleForgeBeta\patcher.exe"="C:\Program Files\Electronic Arts\BattleForgeBeta\patcher.exe:*:Enabled:patcher.exe"
"C:\Program Files\Codemasters\Rise of the Argonauts\Binaries\RiseOfTheArgonauts.exe"="C:\Program Files\Codemasters\Rise of the Argonauts\Binaries\RiseOfTheArgonauts.exe:*:Enabled:RiseOfTheArgonauts"
"C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Disabled:SR2_pc"
"C:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Disabled:GPGNet"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe:*:Enabled:Ad-Watch"
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D"
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507e63ee-0579-11dd-9786-001a4d913d99}]
shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b6cdc5-af05-11dc-96c8-001a4d913d99}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879a69f7-d7f1-11dc-9738-001a4d913d99}]
shell\explore\command - F:\.\RECYCLER\auto.exe
shell\open\command - F:\.\RECYCLER\auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2abac3e-cc27-11dc-971c-001a4d913d99}]
shell\explore\command - F:\.\RECYCLER\auto.exe
shell\open\command - F:\.\RECYCLER\auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f812bb12-bd51-11dc-96f1-001a4d913d99}]
shell\AutoRun\command - I:\USBNB.exe


======List of files/folders created in the last 1 months======

2009-01-24 15:24:50 ----D---- C:\rsit
2009-01-22 17:51:58 ----SH---- C:\WINDOWS\system32\hvxdwsmq.ini
2009-01-22 17:51:58 ----A---- C:\WINDOWS\system32\qmswdxvh.dll
2009-01-22 17:51:18 ----ASH---- C:\WINDOWS\system32\mnnVxyxx.ini2
2009-01-22 17:51:18 ----ASH---- C:\WINDOWS\system32\mnnVxyxx.ini
2009-01-22 17:51:16 ----A---- C:\WINDOWS\system32\xxyxVnnm.dll
2009-01-22 15:35:04 ----SH---- C:\WINDOWS\system32\bglvbhbh.ini
2009-01-21 15:35:31 ----SH---- C:\WINDOWS\system32\ohqqohii.ini
2009-01-20 15:35:07 ----SH---- C:\WINDOWS\system32\ynlptbsd.ini
2009-01-20 12:20:08 ----SH---- C:\WINDOWS\system32\utsuesve.ini
2009-01-19 12:17:19 ----SH---- C:\WINDOWS\system32\urfqqxkx.ini
2009-01-18 19:45:31 ----D---- C:\Program Files\ERUNT
2009-01-18 11:46:34 ----SH---- C:\WINDOWS\system32\udexmsxt.ini
2009-01-18 11:11:04 ----D---- C:\Documents and Settings\Hrvoje\Application Data\Safer Networking
2009-01-18 11:10:54 ----D---- C:\Program Files\Safer Networking
2009-01-17 19:58:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-17 19:32:47 ----D---- C:\Program Files\Lavasoft
2009-01-17 19:32:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-17 12:13:16 ----A---- C:\WINDOWS\system32\iifeccDw.dll
2009-01-17 07:21:02 ----SH---- C:\WINDOWS\system32\hrkteagm.ini
2009-01-17 07:20:58 ----A---- C:\WINDOWS\system32\mgaetkrh.dll
2009-01-17 07:20:32 ----A---- C:\WINDOWS\system32\1f1d3530-.txt
2009-01-17 07:20:09 ----A---- C:\WINDOWS\system32\awttSlLd.dll
2009-01-17 07:20:03 ----ASH---- C:\WINDOWS\system32\MpVvCcfe.ini
2009-01-17 07:14:44 ----A---- C:\WINDOWS\system32\fccbBTkL.dll
2008-12-25 12:40:41 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-12-25 12:36:20 ----D---- C:\Program Files\Common Files\PCSuite
2008-12-25 12:36:19 ----D---- C:\Program Files\Common Files\Nokia
2008-12-25 12:35:39 ----D---- C:\Program Files\PC Connectivity Solution
2008-12-25 12:35:08 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-12-25 12:35:08 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2008-12-25 12:27:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2008-12-25 12:20:22 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-12-25 12:20:08 ----D---- C:\Documents and Settings\Hrvoje\Application Data\Nokia
2008-12-25 12:19:39 ----D---- C:\Program Files\DIFX
2008-12-25 12:19:35 ----D---- C:\Documents and Settings\Hrvoje\Application Data\PC Suite
2008-12-25 12:19:18 ----D---- C:\Program Files\Nokia
2008-12-25 12:19:18 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2008-12-25 12:18:17 ----D---- C:\Documents and Settings\All Users\Application Data\Installations

======List of files/folders modified in the last 1 months======

2009-01-24 14:53:19 ----D---- C:\WINDOWS\TEMP
2009-01-24 14:48:36 ----D---- C:\Program Files\Mozilla Firefox
2009-01-24 14:42:40 ----D---- C:\WINDOWS\Prefetch
2009-01-24 14:38:58 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-24 14:38:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-24 14:21:42 ----D---- C:\WINDOWS
2009-01-24 14:21:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-24 14:21:38 ----D---- C:\WINDOWS\system32\drivers
2009-01-24 14:21:38 ----D---- C:\WINDOWS\system32
2009-01-24 14:21:36 ----SHD---- C:\WINDOWS\Installer
2009-01-24 09:10:51 ----D---- C:\Documents and Settings\Hrvoje\Application Data\uTorrent
2009-01-23 20:18:16 ----D---- C:\Program Files\Runes of Magic
2009-01-23 15:30:24 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-23 15:30:24 ----D---- C:\Program Files
2009-01-22 22:35:23 ----HD---- C:\WINDOWS\inf
2009-01-22 22:35:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-22 22:35:18 ----D---- C:\WINDOWS\system32\DirectX
2009-01-22 21:56:23 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-19 22:04:13 ----D---- C:\Program Files\EA GAMES
2009-01-19 22:04:07 ----RSD---- C:\WINDOWS\assembly
2009-01-19 22:03:15 ----D---- C:\Program Files\AGEIA Technologies
2009-01-19 15:28:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 20:00:44 ----D---- C:\WINDOWS\erdnt
2009-01-18 11:03:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-17 19:23:50 ----D---- C:\CrashReport
2009-01-17 17:47:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-17 12:08:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-17 07:08:41 ----D---- C:\WINDOWS\system
2009-01-13 21:03:59 ----D---- C:\Program Files\WYSIWYG Web Builder 4.0
2008-12-25 12:36:19 ----D---- C:\Program Files\Common Files
2008-12-25 12:35:47 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-25 12:27:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-25 12:22:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-12-19 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-12-19 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-05 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-05 25416]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-27 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 19a1eb02;19a1eb02; C:\WINDOWS\System32\drivers\19a1eb02.sys []
S1 3c86b558;3c86b558; C:\WINDOWS\System32\drivers\3c86b558.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 azd94ihu;azd94ihu; C:\WINDOWS\system32\drivers\azd94ihu.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GT680xNT;ColorPage-Vivid 1200XE; C:\WINDOWS\system32\drivers\gt680x.sys [2003-02-26 17376]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 NTProcDrv;Process creation detector for NT.; \??\C:\Documents and Settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-05 152984]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-12-19 549256]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
S4 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-24 15:25:01

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x735c
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Electronics Workbench V5.12-->C:\WINDOWS\iun3405.exe C:\Program Files\EWB512
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Genius Scanner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCEB2144-5F5D-49E8-AADC-05CA48AE9AA5}\setup.exe"
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Heroes of Might and Magic V - Tribes of the East-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_eng.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x001a -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x1a -removeonly
RegAlyzer (OpenSBI Edition)-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Runes of Magic-->"C:\Program Files\Runes of Magic\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
UltimateDefrag 2008-->C:\Program Files\DiskTrix\UltimateDefrag2008\Uninstall.EXE /u:"UltimateDefrag 2008"
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WYSIWYG Web Builder 4.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\WYSIWYG Web Builder 4.0\irunin.ini"

=====HijackThis Backups=====

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - HKLM\..\Run: [Uwetu] rundll32.exe "C:\WINDOWS\Pqiceved.dll",e
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 antivirus system 2.70

System event log

Computer Name: COMPUTER
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E2ECD44DC. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14338
Source Name: Dhcp
Time Written: 20081216012922.000000+060
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{872B160A-2AF4-4D06-8D50-84DED6FF9C72} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 14337
Source Name: Tcpip
Time Written: 20081216012922.000000+060
Event Type: information
User:

Computer Name: COMPUTER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{872B160A-2AF4-4D06-8D50-84DED6FF9C72} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 14336
Source Name: Tcpip
Time Written: 20081216012912.000000+060
Event Type: information
User:

Computer Name: COMPUTER
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E2ECD44DC. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14335
Source Name: Dhcp
Time Written: 20081216002822.000000+060
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{872B160A-2AF4-4D06-8D50-84DED6FF9C72} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 14334
Source Name: Tcpip
Time Written: 20081216002822.000000+060
Event Type: information
User:

Application event log

Computer Name: COMPUTER
Event Code: 103
Message: msnmsgr (5964) \\.\C:\Documents and Settings\Hrvoje\Local Settings\Application Data\Microsoft\Messenger\ana89_os@hotmail.com\SharingMetadata\Working\database_E214_3F1B_143E_F1E1\dfsr.db: The database engine stopped the instance (0).

Record Number: 13083
Source Name: ESENT
Time Written: 20081217154423.000000+060
Event Type: information
User:

Computer Name: COMPUTER
Event Code: 102
Message: msnmsgr (5964) \\.\C:\Documents and Settings\Hrvoje\Local Settings\Application Data\Microsoft\Messenger\ana89_os@hotmail.com\SharingMetadata\Working\database_E214_3F1B_143E_F1E1\dfsr.db: The database engine started a new instance (0).

Record Number: 13082
Source Name: ESENT
Time Written: 20081217152328.000000+060
Event Type: information
User:

Computer Name: COMPUTER
Event Code: 100
Message: msnmsgr (5964) The database engine 5.01.2600.2780 started.

Record Number: 13081
Source Name: ESENT
Time Written: 20081217152328.000000+060
Event Type: information
User:

Computer Name: COMPUTER
Event Code: 101
Message: msnmsgr (2480) The database engine stopped.

Record Number: 13080
Source Name: ESENT
Time Written: 20081217082632.000000+060
Event Type: information
User:

Computer Name: COMPUTER
Event Code: 103
Message: msnmsgr (2480) \\.\C:\Documents and Settings\Hrvoje\Local Settings\Application Data\Microsoft\Messenger\ana89_os@hotmail.com\SharingMetadata\Working\database_E214_3F1B_143E_F1E1\dfsr.db: The database engine stopped the instance (0).

Record Number: 13079
Source Name: ESENT
Time Written: 20081217082632.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

peku006
2009-01-24, 16:56
Hi kilwan

Click here (http://noahdfear.net/downloads/TDdump.exe) and select Open (or Run) to run a tool that will check your computer for a specific rootkit infection.
When the tool completes a log will open.
Please post the contents of that log.

Note - if you do not have the option to open or run, you may save it and run it from your hard drive

kilwan
2009-01-24, 17:03
Dear puke006

Here you have the log. Have fun with it . ;)




HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys
NextInstance REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys\0000
Service REG_SZ tdssserv.sys
Legacy REG_DWORD 1 (0x1)
ConfigFlags REG_DWORD 0 (0x0)
Class REG_SZ LegacyDriver
ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
DeviceDesc REG_SZ tdssserv.sys
Capabilities REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys\0000\LogConf

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys\0000\Control
ActiveService REG_SZ tdssserv.sys

TDSS infection active!

peku006
2009-01-24, 17:32
Hi kilwan
read your Private Messages

kilwan
2009-01-24, 18:21
Dear peku006

It worked, here is the first part of the log

ComboFix 09-01-21.04 - Hrvoje 2009-01-24 17:03:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2046.1578 [GMT 1:00]
Running from: C:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Hrvoje\LOCALS~1\Temp\svhost.exe
c:\windows\system\svhost.exe
c:\windows\system32\awttSlLd.dll
c:\windows\system32\bglvbhbh.ini
c:\windows\system32\BReWErS.dll
c:\windows\system32\Drivers\TDSSmqlt.sys
c:\windows\system32\fccbBTkL.dll
c:\windows\system32\hrkteagm.ini
c:\windows\system32\hvxdwsmq.ini
c:\windows\system32\iifeccDw.dll
c:\windows\system32\mgaetkrh.dll
c:\windows\system32\mnnVxyxx.ini
c:\windows\system32\mnnVxyxx.ini2
c:\windows\system32\MpVvCcfe.ini
c:\windows\system32\ohqqohii.ini
c:\windows\system32\qmswdxvh.dll
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\udexmsxt.ini
c:\windows\system32\urfqqxkx.ini
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\utsuesve.ini
c:\windows\system32\xxyxVnnm.dll
c:\windows\system32\ynlptbsd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tdssserv.sys
-------\Service_tdssserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-24 16:46 . 2009-01-24 16:45 374,384 --a------ C:\RunMe.exe
2009-01-24 16:00 . 2009-01-24 15:59 374,656 --a------ C:\TDdump.exe
2009-01-24 15:24 . 2009-01-24 15:25 <DIR> d-------- C:\rsit
2009-01-24 15:22 . 2009-01-24 15:20 2,737,800 --a------ C:\mbam-setup.exe
2009-01-24 14:22 . 2009-01-24 14:15 3,048,418 -ra------ C:\ComboFix.exe
2009-01-18 19:45 . 2009-01-18 19:45 <DIR> d-------- c:\program files\ERUNT
2009-01-18 11:11 . 2009-01-18 11:11 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Safer Networking
2009-01-18 11:10 . 2009-01-18 11:10 <DIR> d-------- c:\program files\Safer Networking
2009-01-17 19:58 . 2009-01-19 15:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 19:32 . 2009-01-17 19:32 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 19:32 . 2009-01-24 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 12:39 . 2009-01-24 14:41 2,204 --a------ c:\windows\system32\TDSSlxwp.dll
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-25 12:35 . 2008-12-25 12:35 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-25 12:35 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-25 12:35 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-25 12:35 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-25 12:35 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-25 12:35 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-25 12:35 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-25 12:35 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-25 12:20 . 2008-12-25 12:38 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Nokia
2008-12-25 12:20 . 2008-12-25 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-12-25 12:19 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Nokia
2008-12-25 12:19 . 2008-12-25 12:19 <DIR> d-------- c:\program files\DIFX
2008-12-25 12:19 . 2008-12-25 12:56 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\PC Suite
2008-12-25 12:19 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-25 12:18 . 2008-12-25 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 16:01 --------- d-----w c:\program files\ESET
2009-01-24 13:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 08:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\uTorrent
2009-01-23 19:18 --------- d-----w c:\program files\Runes of Magic
2009-01-23 14:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 21:04 --------- d-----w c:\program files\EA GAMES
2009-01-19 21:03 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 10:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:03 --------- d-----w c:\program files\WYSIWYG Web Builder 4.0
2008-12-22 16:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\BearShare
2008-12-14 15:05 --------- d-----w c:\program files\EWB512
2008-12-05 22:32 --------- d-----w c:\program files\Java
2008-12-05 20:38 --------- d-----w c:\documents and settings\Hrvoje\Application Data\Petroglyph
2008-12-05 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-24 12:31 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-23 17:41 216,064 ----a-w c:\windows\iun3405.exe
2008-11-04 15:03 22,328 ----a-w c:\documents and settings\Hrvoje\Application Data\PnkBstrK.sys
2008-01-27 01:57 47,360 ----a-w c:\documents and settings\Hrvoje\Application Data\pcouffin.sys
2008-03-19 09:56 872,448 --sha-w c:\windows\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 01:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 48c1b8a5b0d6e0150dd076f6ff86d6e1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_20.46.41,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-16 00:05:22 221,488 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 00:05:22 379,184 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 18:01:52 58,368 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2008-12-19 17:52:21 155,648 ----a-w c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll
- 2008-07-02 14:39:32 135,168 ----a-w c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
+ 2008-11-04 15:19:31 135,168 ----a-w c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
- 2008-07-02 14:39:32 212,992 ----a-w c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
+ 2008-11-04 15:19:31 212,992 ----a-w c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
- 2008-07-02 14:39:30 143,360 ----a-w c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2008-11-04 15:19:30 143,360 ----a-w c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
- 2008-07-02 14:39:32 225,280 ----a-w c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
+ 2008-11-04 15:19:31 225,280 ----a-w c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
- 2008-07-02 14:39:32 360,448 ----a-w c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
+ 2008-11-04 15:19:31 360,448 ----a-w c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
- 2008-07-02 14:39:30 13,312 ----a-w c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
+ 2008-11-04 15:19:30 13,312 ----a-w c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
- 2008-07-04 14:38:20 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-01-19 21:04:07 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-07-04 14:38:20 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-01-19 21:04:07 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-07-04 14:38:21 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-01-19 21:04:07 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-07-04 14:38:16 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:04 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:17 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:17 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:18 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:18 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:18 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:19 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:19 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:19 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:21 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:07 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:21 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-01-19 21:04:07 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-07-04 14:38:21 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-01-19 21:04:07 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-07-04 14:38:21 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-01-19 21:04:07 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-07-04 14:38:22 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-01-19 21:04:07 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-07-04 14:38:20 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-19 21:04:07 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-11-28 21:00:05 53,248 ----a-w c:\windows\assembly\GAC_32\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll
+ 2008-08-14 15:17:35 53,248 ----a-w c:\windows\assembly\GAC_32\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll
- 2007-11-28 21:00:05 16,384 ----a-w c:\windows\assembly\GAC_32\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll
+ 2008-08-14 15:17:37 16,384 ----a-w c:\windows\assembly\GAC_32\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll
- 2007-11-28 21:00:05 57,344 ----a-w c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL
+ 2008-08-14 15:17:37 57,344 ----a-w c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL
- 2007-11-28 21:00:05 12,288 ----a-w c:\windows\assembly\GAC_32\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll
+ 2008-08-14 15:17:37 12,288 ----a-w c:\windows\assembly\GAC_32\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll
- 2007-11-28 21:00:05 3,661,824 ----a-w c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll
+ 2008-08-14 15:17:38 3,661,824 ----a-w c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll
- 2007-11-28 21:00:06 28,672 ----a-w c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2008-08-14 15:17:38 28,672 ----a-w c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll
- 2007-11-28 21:00:06 921,600 ----a-w c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll
+ 2008-08-14 15:17:38 921,600 ----a-w c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll
- 2007-11-28 21:00:06 36,864 ----a-w c:\windows\assembly\GAC_32\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll
+ 2008-08-14 15:17:38 36,864 ----a-w c:\windows\assembly\GAC_32\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll
- 2007-11-28 21:00:06 3,411,968 ----a-w c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2008-08-14 15:17:39 3,411,968 ----a-w c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll
- 2007-11-28 21:00:05 9,728 ----a-w c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2008-08-14 15:17:37 9,728 ----a-w c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
- 2007-11-28 21:00:06 185,856 ----a-w c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2008-08-14 15:17:39 185,856 ----a-w c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll
- 2007-11-28 21:00:06 1,196,032 ----a-w c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2008-08-14 15:17:39 1,196,032 ----a-w c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll
- 2008-07-02 14:39:30 24,576 ----a-w c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2008-11-04 15:19:30 24,576 ----a-w c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2008-11-04 15:19:32 20,480 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
+ 2008-11-04 15:19:32 20,480 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3156.17716__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3156.17720__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3156.17720__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
+ 2008-11-04 15:19:30 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3188.37126__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
+ 2008-11-04 15:19:30 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.DLL
+ 2008-11-04 15:19:29 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3188.36934__90ba9c70f846762e\AEM.Server.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3156.17716__90ba9c70f846762e\AEM.UI.Shared.DLL
+ 2008-11-04 15:19:29 61,440 ----a-w c:\windows\assembly\GAC_MSIL\AEM.UI\2.0.3188.37097__90ba9c70f846762e\AEM.UI.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.DLL
+ 2008-11-04 15:19:29 57,344 ----a-w c:\windows\assembly\GAC_MSIL\APM.Server\2.0.3188.36935__90ba9c70f846762e\APM.Server.DLL
- 2008-07-02 14:39:29 32,768 ----a-w c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2008-11-04 15:19:29 32,768 ----a-w c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2008-11-04 15:19:29 69,632 ----a-w c:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3188.36937__90ba9c70f846762e\ATIDEMOS.DLL
- 2008-07-02 14:39:32 6,656 ----a-w c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
+ 2008-11-04 15:19:32 6,656 ----a-w c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
- 2008-07-02 14:39:32 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
+ 2008-11-04 15:19:31 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
- 2008-07-02 14:39:30 14,848 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2008-11-04 15:19:30 14,848 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2008-11-04 15:19:29 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3188.37098__90ba9c70f846762e\CCC.Implementation.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2008-11-04 15:19:29 262,144 ----a-w c:\windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
+ 2008-11-04 15:19:32 90,112 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3188.37125__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 12,288 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3188.37124__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
+ 2008-11-04 15:19:30 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
+ 2008-11-04 15:19:32 98,304 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3188.37006__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 438,272 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3188.37020__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3188.37021__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 675,840 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3188.37047__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 69,632 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3188.37045__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 692,224 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3188.37062__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 450,560 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3188.37013__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3188.37019__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 401,408 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3188.37042__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3188.37041__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 307,200 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3188.36972__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 286,720 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3188.37007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
+ 2008-11-04 15:19:34 36,864 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3188.37018__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 798,720 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3188.37078__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 77,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3188.37076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 364,544 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3188.37084__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 589,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3188.36966__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3188.36971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 442,368 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3188.36951__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 1,691,648 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3188.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 122,880 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3188.37039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 36,864 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3188.37038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3188.36949__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 225,280 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3188.36965__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 204,800 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3188.36964__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
+ 2008-11-04 15:19:33 245,760 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.3188.36977__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.3188.36978__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 811,008 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3188.37023__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 77,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3188.37021__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 405,504 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3188.37067__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
+ 2008-11-04 15:19:33 204,800 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3188.37026__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Runtime\2.0.3188.37024__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 204,800 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3188.37033__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3188.37031__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 208,896 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3188.37102__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3188.37099__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3156.17717__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 151,552 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3188.37143__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3188.37141__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 479,232 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Dashboard\2.0.3188.36980__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Runtime\2.0.3188.36979__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 1,032,192 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3188.36994__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3188.36986__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 671,744 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3188.37134__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 77,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3188.37133__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 172,032 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3188.37043__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3188.37044__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 147,456 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3188.37116__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3188.37115__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3156.17719__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 147,456 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3188.37108__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3188.37107__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 172,032 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3188.37131__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3188.37132__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3156.17722__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 356,352 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3188.37054__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3188.37053__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 90,112 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3188.37055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
+ 2008-11-04 15:19:34 286,720 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3188.36976__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3188.36977__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
+ 2008-11-04 15:19:31 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 483,328 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3188.37109__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
+ 2008-11-04 15:19:34 167,936 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3188.37041__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3188.37040__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 106,496 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3188.36962__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3188.36962__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 135,168 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3188.37111__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 98,304 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3188.37144__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3188.37145__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3156.17705__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
+ 2008-11-04 15:19:34 73,728 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3188.36948__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
+ 2008-11-04 15:19:35 266,240 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3188.36940__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
+ 2008-11-04 15:19:35 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3188.36957__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
+ 2008-11-04 15:19:29 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3188.37075__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
+ 2008-11-04 15:19:29 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
+ 2008-11-04 15:19:29 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3188.37000__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
+ 2008-11-04 15:19:29 147,456 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3188.37000__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
+ 2008-11-04 15:19:29 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3188.37005__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
+ 2008-11-04 15:19:29 208,896 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3188.37001__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
+ 2008-11-04 15:19:29 1,032,192 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3188.36945__90ba9c70f846762e\CLI.Component.Dashboard.DLL
+ 2008-11-04 15:19:29 704,512 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3188.37070__90ba9c70f846762e\CLI.Component.Eeu.DLL
+ 2008-11-04 15:19:29 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3188.36985__90ba9c70f846762e\CLI.Component.Erecord.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.3188.37094__90ba9c70f846762e\CLI.Component.Help.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3188.36963__90ba9c70f846762e\CLI.Component.Icomponent.DLL
+ 2008-11-04 15:19:29 258,048 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3188.37132__90ba9c70f846762e\CLI.Component.Launchpad.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.3188.37095__90ba9c70f846762e\CLI.Component.Load.DLL
+ 2008-11-04 15:19:34 122,880 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3188.37151__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
+ 2008-11-04 15:19:30 7,168 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3188.36933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
+ 2008-11-04 15:19:29 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
+ 2008-11-04 15:19:29 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3188.36936__90ba9c70f846762e\CLI.Component.Runtime.DLL
+ 2008-11-04 15:19:29 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3188.36938__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
+ 2008-11-04 15:19:30 483,328 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3188.37089__90ba9c70f846762e\CLI.Component.Systemtray.DLL
+ 2008-11-04 15:19:30 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
+ 2008-11-04 15:19:30 397,312 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3188.36956__90ba9c70f846762e\CLI.Component.Wizard.DLL
+ 2008-11-04 15:19:30 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
+ 2008-11-04 15:19:31 57,344 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Implementation\2.0.3188.36932__90ba9c70f846762e\CLI.Implementation.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
- 2008-07-02 14:39:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
- 2008-07-02 14:39:31 45,056 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2008-11-04 15:19:31 45,056 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
- 2008-07-02 14:39:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
- 2008-07-02 14:39:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
- 2008-07-02 14:39:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.DLL
- 2008-07-02 14:39:32 131,072 ----a-w c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2008-11-04 15:19:31 131,072 ----a-w c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2008-11-04 15:19:30 11,264 ----a-w c:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3188.37139__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.DLL
+ 2008-11-04 15:19:30 16,384 ----a-w c:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
+ 2008-11-04 15:19:30 61,440 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3188.37095__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
+ 2008-11-04 15:19:30 32,768 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.DLL
+ 2008-11-04 15:19:31 32,768 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.DLL
+ 2008-11-04 15:19:30 86,016 ----a-w c:\windows\assembly\GAC_MSIL\LOG\2.0.3188.37096__90ba9c70f846762e\LOG.EXE
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.DLL
+ 2008-11-04 15:19:30 106,496 ----a-w c:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3188.37099__90ba9c70f846762e\MOM.Implementation.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.DLL
+ 2008-11-04 15:19:30 19,456 ----a-w c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3188.37126__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
+ 2008-11-04 15:19:30 16,384 ----a-w c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3156.17717__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
+ 2008-10-28 20:39:45 7,651,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\0cee4ea7b728152a0a3a466bb60dcbb0\AppCommon.ni.dll
+ 2008-10-28 20:40:27 77,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\aedd4197dadb8d50b944cc6821d6e2e2\AxInterop.QTOControlLib.ni.dll
+ 2008-10-28 20:40:15 143,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\70b950a142f162a0ab2c43c84fe339b7\AxInterop.SHDocVw.ni.dll
+ 2008-10-28 20:40:24 184,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\3dfbf5a9b05e5c8aa7acc52e23f06040\AxInterop.WMPLib.ni.dll
+ 2008-10-28 20:40:07 221,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\b1bc4f62319b3dfa406d694fcf576c4d\GCPlayer.ni.dll
+ 2008-10-28 20:40:19 28,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interfaces\0a4b264c6f32ca26121e8c61cf2aae31\Interfaces.ni.dll
+ 2008-10-28 20:40:21 389,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\daa6f5f547eabfe6caed5e63d912cd1b\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2008-10-28 20:40:22 41,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\6d33b0b4840deb4bf8e27cf9b00bdc25\Interop.CDDBLINKLibSMS.ni.dll
+ 2008-10-28 20:40:33 35,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\2f0a2100d6953ca6e09c41d1263afe8e\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2008-10-28 20:40:18 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\5822221fb8bfafb193664f6dc969b320\Interop.IWshRuntimeLibrary.ni.dll
+ 2008-10-28 20:40:34 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\0f60dcec14019f4a45e9bd9721056aa0\Interop.PortableDeviceTypesLib.ni.dll
+ 2008-10-28 20:40:20 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\8524d04c4db5238f8b1f93141f158eb5\Interop.PortableDeviceApiLib.ni.dll
+ 2008-10-28 20:40:28 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\a2bab5a883b3cf600c19a61e1272ef7c\Interop.QTOControlLib.ni.dll
+ 2008-10-28 20:40:29 221,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\1ed74631463a422ab34ca79781e34804\Interop.QTOLibrary.ni.dll
+ 2008-10-28 20:40:16 344,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\d22251df12bd587e0bf831a6f32ddb0b\Interop.SHDocVw.ni.dll
+ 2008-10-28 20:40:26 847,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\33889d94e59c8ffd2ab414115ee01249\Interop.WMPLib.ni.dll
+ 2008-10-28 20:40:05 712,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\c214dffd2c15fedb78004903ebe143ef\log4net.ni.dll
+ 2008-10-28 20:40:33 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\b367e4694dcafc89ec4a3560cc007306\Lucene.Net.ni.dll
+ 2008-10-28 20:40:14 970,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\e5d39cd2af4d196391d02514937f6c41\MediaManager.GUI.ni.dll
+ 2008-10-28 20:40:35 282,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\00728a5d60f774502f989372ffa152de\MediaManager.SplashScreen.ni.dll
+ 2008-10-28 20:40:18 147,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\9ec198448ed0a67d7440773d5e963344\MediaManager.Utils.ni.dll
+ 2008-10-28 20:39:27 1,728,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\43ff5e82a6f924cbe2229b985fd47b8a\MediaManager.ni.exe
+ 2008-10-28 20:39:52 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-10-28 20:40:10 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\6d4a2ca948373e86875d9484abade8e8\PerstNET.ni.dll
+ 2008-10-28 20:40:22 30,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\9eb969e20b8c21551b1d86ad18d6839c\SFMARKETLib.ni.dll
+ 2008-10-28 20:39:50 1,036,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\2566f7aca261d1ac3e3e491644039301\Sony.MediaSoftware.clrshared.ni.dll
+ 2008-10-28 20:40:28 44,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\5eef2f32e44870fde9f65d34d523ef3e\stdole.ni.dll
+ 2008-10-28 20:40:02 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-10-28 20:39:58 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\2009-01-18\ERDNT.EXE
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-18\ERDNT.EXE
+ 2009-01-18 19:00:46 12,812,288 ----a-w c:\windows\erdnt\AutoBackup\2009-01-18\Users\00000001\NTUSER.DAT
+ 2009-01-18 19:00:46 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-18\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-19\ERDNT.EXE
+ 2009-01-19 11:16:41 12,812,288 ----a-w c:\windows\erdnt\AutoBackup\2009-01-19\Users\00000001\NTUSER.DAT
+ 2009-01-19 11:16:41 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-19\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-22\ERDNT.EXE
+ 2009-01-22 06:35:50 12,820,480 ----a-w c:\windows\erdnt\AutoBackup\2009-01-22\Users\00000001\NTUSER.DAT
+ 2009-01-22 06:35:50 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-22\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-24\ERDNT.EXE
+ 2009-01-24 08:25:07 12,824,576 ----a-w c:\windows\erdnt\AutoBackup\2009-01-24\Users\00000001\NTUSER.DAT
+ 2009-01-24 08:25:07 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-24\Users\00000002\UsrClass.dat
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-12-25 11:35:48 10,134 ----a-r c:\windows\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:20 10,134 ----a-r c:\windows\Installer\{22F358CE-610B-A033-0D36-4FADA6E8F67A}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:17 10,134 ----a-r c:\windows\Installer\{255F566C-3F57-15AD-2CA5-E7EA41F9904F}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:23 10,134 ----a-r c:\windows\Installer\{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:11 10,134 ----a-r c:\windows\Installer\{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:18 10,134 ----a-r c:\windows\Installer\{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:16 10,134 ----a-r c:\windows\Installer\{8D6EC7D6-E71D-8743-1396-591F4195F347}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:28 10,134 ----a-r c:\windows\Installer\{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:28 9,158 ----a-r c:\windows\Installer\{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2009-01-19 21:12:07 302,430 ----a-r c:\windows\Installer\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}\ME_Icon.exe
+ 2008-12-25 11:35:13 3,262 ----a-r c:\windows\Installer\{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:26 10,134 ----a-r c:\windows\Installer\{B38C3184-F573-CDC2-9452-FA9C576AB010}\ARPPRODUCTICON.exe
+ 2008-10-28 20:36:00 27,136 ----a-r c:\windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-12-25 11:36:39 15,086 ----a-r c:\windows\Installer\{D5577624-0626-4C4B-87AA-D966DA1739D6}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:19 10,134 ----a-r c:\windows\Installer\{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:15 10,134 ----a-r c:\windows\Installer\{E068CD0F-E631-17E7-9A01-05C2B2B54C84}\ARPPRODUCTICON.exe
+ 2008-09-12 21:20:50 49,152 ----a-r c:\windows\Installer\{EB0508A0-162A-4996-85A1-00C07D33445A}\NDLAUNCHER.EXE2_1A2D1828B04247A4BD62A3A39F8B15BB.exe
+ 2008-09-12 21:20:50 49,152 ----a-r c:\windows\Installer\{EB0508A0-162A-4996-85A1-00C07D33445A}\NDLAUNCHER.EXE21_0F7C082DF5DE44C08A265D17DA03A33A.exe
+ 2008-11-04 15:19:14 10,134 ----a-r c:\windows\Installer\{FA3A247D-437A-455E-A88F-7EB6E5F9E799}\ARPPRODUCTICON.exe

kilwan
2009-01-24, 18:22
and the second part...
- 2005-09-23 02:40:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll
+ 2005-09-23 01:40:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll
- 2005-09-23 02:41:18 39,424 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll
+ 2005-09-23 01:41:18 39,424 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll
- 2005-09-23 05:56:42 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll
+ 2005-09-23 04:56:42 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll
- 2005-09-23 06:01:18 13,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe
+ 2005-09-23 05:01:18 13,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe
- 2005-09-23 03:49:26 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll
+ 2005-09-23 02:49:26 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll
- 2005-09-23 05:56:56 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll
+ 2005-09-23 04:56:56 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll
- 2005-09-23 05:56:34 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL
+ 2005-09-23 04:56:34 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL
- 2005-09-23 05:56:44 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll
+ 2005-09-23 04:56:44 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll
- 2005-09-23 05:56:16 3,661,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
+ 2005-09-23 04:56:16 3,661,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
- 2005-09-23 05:56:36 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll
+ 2005-09-23 04:56:36 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll
- 2005-09-23 02:41:48 176,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll
+ 2005-09-23 01:41:48 176,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll
- 2005-09-23 05:56:40 921,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll
+ 2005-09-23 04:56:40 921,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll
- 2005-09-23 05:56:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll
+ 2005-09-23 04:56:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll
- 2005-09-23 05:56:22 3,411,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll
+ 2005-09-23 04:56:22 3,411,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll
- 2005-09-23 05:56:22 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll
+ 2005-09-23 04:56:22 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll
- 2005-09-23 05:56:44 185,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll
+ 2005-09-23 04:56:44 185,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll
- 2005-09-23 05:56:36 1,196,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll
+ 2005-09-23 04:56:36 1,196,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll
- 2005-09-23 02:41:50 2,560 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2005-09-23 01:41:50 2,560 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
- 2005-09-23 02:40:48 94,208 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll
+ 2005-09-23 01:40:48 94,208 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll
- 2005-09-23 02:41:50 68,608 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
+ 2005-09-23 01:41:50 68,608 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 06:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 06:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelFrench.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
- 2007-04-20 06:57:30 53,248 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 08:13:22 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
- 2007-06-12 08:22:58 207,277 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
+ 2008-04-28 09:11:16 199,885 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
- 2007-04-16 08:24:38 122,249 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-04-28 09:11:16 119,473 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
- 2007-06-12 08:22:58 214,141 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-04-28 09:11:16 214,629 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
- 2007-07-10 10:13:42 113,313 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
+ 2008-04-28 09:11:16 116,977 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
- 2008-06-03 02:33:56 48,128 ----a-w c:\windows\system32\amdpcom32.dll
+ 2008-09-24 01:24:26 48,640 ----a-w c:\windows\system32\amdpcom32.dll
+ 1999-11-24 19:29:34 196,608 ----a-w c:\windows\system32\anfysave.scr
- 2008-06-03 02:21:25 557,056 ----a-w c:\windows\system32\ati2cqag.dll
+ 2008-09-24 01:12:34 573,440 ----a-w c:\windows\system32\ati2cqag.dll
- 2008-06-03 03:21:06 306,688 ----a-w c:\windows\system32\ati2dvag.dll
+ 2008-09-24 02:17:07 311,296 ----a-w c:\windows\system32\ati2dvag.dll
- 2008-06-03 03:11:24 43,520 ----a-w c:\windows\system32\ati2edxx.dll
+ 2008-09-24 02:06:36 43,520 ----a-w c:\windows\system32\ati2edxx.dll
- 2008-06-03 03:11:08 139,264 ----a-w c:\windows\system32\ati2evxx.dll
+ 2008-09-24 02:06:19 143,360 ----a-w c:\windows\system32\ati2evxx.dll
- 2008-06-03 03:09:36 552,960 ----a-w c:\windows\system32\ati2evxx.exe
+ 2008-09-24 02:04:49 581,632 ----a-w c:\windows\system32\ati2evxx.exe
- 2008-06-03 03:11:33 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
+ 2008-09-24 02:06:44 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
- 2008-06-02 19:05:00 593,920 ------w c:\windows\system32\ati2sgag.exe
+ 2008-09-23 20:05:00 593,920 ----a-w c:\windows\system32\ati2sgag.exe
- 2008-06-03 02:59:00 3,500,352 ----a-w c:\windows\system32\ati3duag.dll
+ 2008-09-24 01:54:16 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
- 2008-06-03 02:28:20 23,040 ----a-w c:\windows\system32\atiadlxx.dll
+ 2008-09-24 01:19:08 39,424 ----a-w c:\windows\system32\atiadlxx.dll
+ 2008-07-30 17:00:51 90,112 ----a-w c:\windows\system32\atibrtmon.exe
- 2008-06-03 03:08:13 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
+ 2008-09-24 02:03:30 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
- 2008-06-03 03:22:24 413,696 ----a-w c:\windows\system32\ATIDEMGX.dll
+ 2008-09-24 02:18:25 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
- 2008-04-28 21:09:09 172,033 ----a-w c:\windows\system32\atiicdxx.dat
+ 2008-09-17 19:17:19 176,918 ----a-w c:\windows\system32\atiicdxx.dat
- 2008-06-03 03:02:36 307,200 ----a-w c:\windows\system32\atiiiexx.dll
+ 2008-09-24 01:56:46 307,200 ----a-w c:\windows\system32\atiiiexx.dll
- 2008-06-03 02:29:46 348,160 ----a-w c:\windows\system32\atikvmag.dll
+ 2008-09-24 01:20:30 380,928 ----a-w c:\windows\system32\atikvmag.dll
- 2008-06-03 02:22:52 5,439,488 ----a-w c:\windows\system32\atioglxx.dll
+ 2008-09-24 02:09:12 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
- 2008-06-03 03:04:24 245,760 ----a-w c:\windows\system32\atiok3x2.dll
+ 2008-09-24 01:18:17 253,952 ----a-w c:\windows\system32\atiok3x2.dll
- 2008-06-03 03:11:56 180,224 ----a-w c:\windows\system32\atipdlxx.dll
+ 2008-09-24 02:07:05 188,416 ----a-w c:\windows\system32\atipdlxx.dll
- 2008-06-03 02:28:10 17,408 ----a-w c:\windows\system32\atitvo32.dll
+ 2008-09-24 01:18:59 17,408 ----a-w c:\windows\system32\atitvo32.dll
- 2008-06-03 02:48:11 2,120,832 ----a-w c:\windows\system32\ativvaxx.dll
+ 2008-09-24 01:38:32 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
+ 2007-03-29 22:00:40 203,264 ----a-r c:\windows\system32\CddbCdda.dll
- 2008-04-28 16:39:07 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
+ 2008-07-29 15:38:22 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
- 2007-11-23 20:21:29 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-24 13:40:56 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-23 20:21:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-24 13:40:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-23 20:21:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 13:40:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 13:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
- 2008-05-30 12:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-05-30 13:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-07-12 07:18:52 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll
+ 2008-10-10 03:52:38 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
- 2007-04-19 00:59:46 519,912 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
- 2008-02-05 21:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
- 2008-05-30 12:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-05-30 13:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-07-12 07:18:52 467,984 ----a-w c:\windows\system32\d3dx10_39.dll
+ 2008-10-10 03:52:38 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
- 2008-03-05 13:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
- 2008-05-30 12:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-07-12 07:18:52 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
+ 2008-10-10 03:52:38 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
+ 2008-12-05 22:32:38 410,984 ----a-w c:\windows\system32\deploytk.dll
- 2008-06-03 06:20:54 3,100,160 -c--a-w c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-09-24 03:09:07 3,331,072 -c--a-w c:\windows\system32\dllcache\ati2mtag.sys
- 2001-08-17 21:36:34 87,040 -c--a-w c:\windows\system32\dllcache\wiafbdrv.dll
+ 2001-08-17 20:36:34 87,040 -c--a-w c:\windows\system32\dllcache\wiafbdrv.dll
- 2008-06-03 02:27:19 49,152 ----a-w c:\windows\system32\drivers\ati2erec.dll
+ 2008-09-24 01:18:10 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
- 2008-06-03 06:20:54 3,100,160 ----a-w c:\windows\system32\drivers\ati2mtag.sys
+ 2008-09-24 03:09:07 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
+ 2007-03-07 23:51:00 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2008-06-12 06:28:49 56,108 ----a-w c:\windows\system32\drivers\scdemu.sys
- 2007-12-21 12:38:18 715,248 ----a-w c:\windows\system32\drivers\sptd.sys
+ 2008-10-09 06:10:48 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
+ 2008-05-20 09:37:00 525,824 ----a-w c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2006-11-02 06:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 06:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2006-09-15 21:29:52 76,544 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-15 21:30:10 82,688 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2008-05-07 06:38:20 17,536 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys
+ 2008-05-07 06:38:24 90,624 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll
+ 2008-05-07 06:38:34 659,968 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll
+ 2008-05-07 06:39:22 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll
+ 2008-05-07 06:38:36 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys
+ 2008-06-06 08:24:44 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys
+ 2008-05-07 06:38:20 20,864 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys
+ 2007-09-17 14:53:26 21,632 -c--a-w c:\windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-05-20 09:37:00 525,824 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll
+ 2008-05-20 09:32:30 831,048 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll
+ 2008-04-28 09:11:28 120,960 -c--a-w c:\windows\system32\DRVSTORE\PhysX32_126D1C23E2B6AB265C2ADA744A3E64441F8F8A78\physX32.sys
+ 2007-09-13 05:43:00 120,320 -c--a-w c:\windows\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
- 2008-05-07 07:32:48 260,640 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-09-13 08:38:18 260,640 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-21 23:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-05 22:32:38 144,792 ----a-w c:\windows\system32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-05 22:32:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-05 22:32:39 148,888 ----a-w c:\windows\system32\javaws.exe
- 2007-11-20 15:52:00 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-20 15:52:00 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-12-14 00:26:49 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2003-03-18 20:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2003-03-18 20:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
+ 2007-08-27 14:41:22 1,089,440 ----a-w c:\windows\system32\msidcrl40.dll
+ 2007-12-12 13:41:50 344,064 ----a-w c:\windows\system32\msvcr70.dll
- 2008-06-03 03:11:42 139,264 ----a-w c:\windows\system32\Oemdspif.dll
+ 2008-09-24 02:06:53 143,360 ----a-w c:\windows\system32\Oemdspif.dll
+ 2008-11-04 15:02:57 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
- 2008-03-30 10:13:23 68,404 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-28 06:38:35 68,404 ----a-w c:\windows\system32\perfc009.dat
- 2008-03-30 10:13:23 435,760 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-28 06:38:35 435,760 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-15 08:04:28 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
+ 2008-10-15 08:04:28 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
+ 2008-10-07 08:13:30 197,912 ----a-w c:\windows\system32\physxcudart_20.dll
+ 2008-10-07 08:13:28 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
- 2007-06-19 07:59:36 70,400 ----a-w c:\windows\system32\PhysXLoader.dll
+ 2008-10-17 08:29:00 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
- 2007-10-18 20:18:12 63,040 ----a-w c:\windows\system32\PnkBstrA.exe
+ 2008-10-22 04:27:07 63,040 ----a-w c:\windows\system32\PnkBstrA.exe
- 2008-03-17 09:42:28 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2008-11-24 12:31:16 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2007-03-07 23:51:00 547,576 ----a-w c:\windows\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ----a-w c:\windows\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ----a-w c:\windows\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ----a-w c:\windows\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ----a-w c:\windows\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ----a-w c:\windows\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ----a-w c:\windows\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ----a-w c:\windows\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ----a-w c:\windows\system32\pxwave.dll
+ 2008-07-30 17:00:51 90,112 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\atibrtmon.exe
+ 2008-07-30 17:00:51 90,112 ----a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\atibrtmon.exe
+ 2005-01-12 03:08:50 32,768 ----a-w c:\windows\system32\SafeIE.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2006-10-08 20:51:14 14,640 ----a-w c:\windows\system32\spmsg.dll
- 2006-10-16 15:10:58 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-10-08 20:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-03-07 23:51:00 39,672 ----a-w c:\windows\system32\vxblock.dll
- 2001-08-17 21:36:34 87,040 ----a-w c:\windows\system32\wiafbdrv.dll
+ 2001-08-17 20:36:34 87,040 ----a-w c:\windows\system32\wiafbdrv.dll
+ 2006-09-15 22:30:16 87,040 ----a-w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-15 22:30:06 142,848 ----a-w c:\windows\system32\WudfHost.exe
+ 2006-09-15 21:29:54 163,840 ----a-w c:\windows\system32\WudfPlatform.dll
+ 2006-09-15 22:30:16 55,296 ----a-w c:\windows\system32\WudfSvc.dll
+ 2008-05-20 09:32:30 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll
+ 2006-09-15 22:30:16 308,224 ----a-w c:\windows\system32\WUDFx.dll
- 2008-03-05 14:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
- 2008-05-30 12:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2008-05-30 13:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2008-10-27 09:04:16 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
- 2008-03-05 14:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
- 2008-05-30 12:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-05-30 13:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-07-31 09:41:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll
+ 2008-10-27 09:04:16 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
- 2008-05-30 12:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-05-30 13:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-07-31 09:41:52 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll
+ 2008-10-27 09:04:14 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
- 2008-03-05 14:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
- 2008-05-30 12:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-05-30 13:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-07-31 09:40:32 509,448 ----a-w c:\windows\system32\XAudio2_2.dll
+ 2008-10-27 09:04:18 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
+ 2008-10-22 04:29:02 14,303,392 ----a-w c:\windows\system32\xlive.dll
+ 2007-09-18 14:01:02 134,144 ----a-w c:\windows\system32\xlive\sqmapi.dll
+ 2008-10-22 04:29:02 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
+ 2009-01-24 16:06:41 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_664.dat
- 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2005-09-22 22:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-12-12 13:40:54 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
- 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hrvoje\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 11:29 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45682:TCP"= 45682:TCP:sam ga ti pusti

S1 19a1eb02;19a1eb02;c:\windows\system32\drivers\19a1eb02.sys --> c:\windows\system32\drivers\19a1eb02.sys [?]
S1 3c86b558;3c86b558;c:\windows\system32\drivers\3c86b558.sys --> c:\windows\system32\drivers\3c86b558.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [2008-02-10 17376]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys --> c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507e63ee-0579-11dd-9786-001a4d913d99}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b6cdc5-af05-11dc-96c8-001a4d913d99}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f812bb12-bd51-11dc-96f1-001a4d913d99}]
\Shell\AutoRun\command - I:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{3f76f5cf-c805-45ae-b7d6-31a6edcb8435} - (no file)
BHO-{ed061cb5-733a-4406-b2a4-4653ad7e7974} - (no file)
BHO-{F65B506F-1701-4CA1-B019-CC3E23EE029B} - c:\windows\system32\xxyxVnnm.dll
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\
FF - component: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 17:06:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,d3,f1,15,e5,08,bf,72,a4,3d,68,c2,b3,6f,42,63,6d,a4,4c,36,c9,96,db,
c7,f8,e7,14,90,a1,3e,e9,49,c8,6d,0d,02,8e,b3,82,53,d7,49,c5,0d,22,e6,a8,d8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,d6,1e,2c,9e,7f,80,d1,f3,d8,4c,96,02,c3,60,7f,f5,ca,3d,17,b2,
34,54,04,17,a3,b9,d4,83,3b,f3,91,54,ae,6f,04,e2,ab,f6,2c,ce,3a,4c,72,98,77,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 17:09:10 - machine was rebooted [Hrvoje]
ComboFix-quarantined-files.txt 2009-01-24 16:09:08

Pre-Run: 47,601,061,888 bytes free
Post-Run: 51,011,981,312 bytes free

858 --- E O F --- 2008-06-13 22:01:40

peku006
2009-01-24, 18:29
Hi kilwan

RECOVERY CONSOLE

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

http://i51.photobucket.com/albums/f387/Katana_1970/KB310994.gif

Download the file & save it as it's originally named, next to ComboFix.exe.

http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
At the next prompt, click 'Yes' to run the full ComboFix scan.

http://img.photobucket.com/albums/v706/ried7/RC_whatnext.gif

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Thanks peku006

kilwan
2009-01-24, 19:05
Dear puke006

here are the logs you'r looking for...

ComboFix 09-01-21.04 - Hrvoje 2009-01-24 17:59:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2046.1579 [GMT 1:00]
Running from: c:\documents and settings\Hrvoje\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hrvoje\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-24 17:57 . 2009-01-24 17:56 4,608,744 --a------ C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2009-01-24 16:46 . 2009-01-24 16:45 374,384 --a------ C:\RunMe.exe
2009-01-24 16:00 . 2009-01-24 15:59 374,656 --a------ C:\TDdump.exe
2009-01-24 15:24 . 2009-01-24 15:25 <DIR> d-------- C:\rsit
2009-01-24 15:22 . 2009-01-24 15:20 2,737,800 --a------ C:\mbam-setup.exe
2009-01-24 14:22 . 2009-01-24 14:15 3,048,418 -ra------ C:\ComboFix.exe
2009-01-18 19:45 . 2009-01-18 19:45 <DIR> d-------- c:\program files\ERUNT
2009-01-18 11:11 . 2009-01-18 11:11 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Safer Networking
2009-01-18 11:10 . 2009-01-18 11:10 <DIR> d-------- c:\program files\Safer Networking
2009-01-17 19:58 . 2009-01-19 15:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 19:32 . 2009-01-17 19:32 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 19:32 . 2009-01-24 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 12:39 . 2009-01-24 14:41 2,204 --a------ c:\windows\system32\TDSSlxwp.dll
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-25 12:35 . 2008-12-25 12:35 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-25 12:35 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-25 12:35 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-25 12:35 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-25 12:35 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-25 12:35 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-25 12:35 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-25 12:35 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-25 12:20 . 2008-12-25 12:38 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Nokia
2008-12-25 12:20 . 2008-12-25 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-12-25 12:19 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Nokia
2008-12-25 12:19 . 2008-12-25 12:19 <DIR> d-------- c:\program files\DIFX
2008-12-25 12:19 . 2008-12-25 12:56 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\PC Suite
2008-12-25 12:19 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-25 12:18 . 2008-12-25 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 16:01 --------- d-----w c:\program files\ESET
2009-01-24 13:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 08:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\uTorrent
2009-01-23 19:18 --------- d-----w c:\program files\Runes of Magic
2009-01-23 14:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 21:04 --------- d-----w c:\program files\EA GAMES
2009-01-19 21:03 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 10:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:03 --------- d-----w c:\program files\WYSIWYG Web Builder 4.0
2008-12-22 16:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\BearShare
2008-12-14 15:05 --------- d-----w c:\program files\EWB512
2008-12-05 22:32 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 22:32 --------- d-----w c:\program files\Java
2008-12-05 20:38 --------- d-----w c:\documents and settings\Hrvoje\Application Data\Petroglyph
2008-12-05 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-24 12:31 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-24 12:31 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-23 17:41 216,064 ----a-w c:\windows\iun3405.exe
2008-11-04 15:03 22,328 ----a-w c:\documents and settings\Hrvoje\Application Data\PnkBstrK.sys
2008-11-04 15:02 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-01-27 01:57 47,360 ----a-w c:\documents and settings\Hrvoje\Application Data\pcouffin.sys
2008-03-19 09:56 872,448 --sha-w c:\windows\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 01:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 48c1b8a5b0d6e0150dd076f6ff86d6e1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hrvoje\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 11:29 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45682:TCP"= 45682:TCP:sam ga ti pusti

R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S1 19a1eb02;19a1eb02;c:\windows\system32\drivers\19a1eb02.sys --> c:\windows\system32\drivers\19a1eb02.sys [?]
S1 3c86b558;3c86b558;c:\windows\system32\drivers\3c86b558.sys --> c:\windows\system32\drivers\3c86b558.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [2008-02-10 17376]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys --> c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507e63ee-0579-11dd-9786-001a4d913d99}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b6cdc5-af05-11dc-96c8-001a4d913d99}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f812bb12-bd51-11dc-96f1-001a4d913d99}]
\Shell\AutoRun\command - I:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\
FF - component: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 18:00:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,d3,f1,15,e5,08,bf,72,a4,3d,68,c2,b3,6f,42,63,6d,a4,4c,36,c9,96,db,
c7,f8,e7,14,90,a1,3e,e9,49,c8,6d,0d,02,8e,b3,82,53,d7,49,c5,0d,22,e6,a8,d8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,d6,1e,2c,9e,7f,80,d1,f3,d8,4c,96,02,c3,60,7f,f5,ca,3d,17,b2,
34,54,04,17,a3,b9,d4,83,3b,f3,91,54,ae,6f,04,e2,ab,f6,2c,ce,3a,4c,72,98,77,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-24 18:02:16
ComboFix-quarantined-files.txt 2009-01-24 17:02:14
ComboFix2.txt 2009-01-24 16:09:11

Pre-Run: 50,956,296,192 bytes free
Post-Run: 50,943,557,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

201 --- E O F --- 2008-06-13 22:01:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5457 bytes

peku006
2009-01-24, 19:36
Hi kilwan

it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

1 - Run Malwarebytes' Anti-Malware


Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.

On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

kilwan
2009-01-24, 20:34
Dear puke006

The computer is running great, much faster then before. Anyway here are the log you wanted ...

Malwarebytes' Anti-Malware 1.33
Database version: 1688
Windows 5.1.2600 Service Pack 2

2009-01-24 19:27:54
mbam-log-2009-01-24 (19-27-54).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 164220
Time elapsed: 40 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awttSlLd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccbBTkL.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifeccDw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mgaetkrh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qmswdxvh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP635\A0211851.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214097.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214098.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214099.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214100.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214101.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6091 bytes

peku006
2009-01-24, 21:09
Hi kilwan
Looking good :)
Let's make sure we got everything

1 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


2 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006

kilwan
2009-01-24, 23:22
Dear puke006

Sry for the slow reply, I had some to do. Anyway, here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6206 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 24, 2009 16:35:23
Records in database: 1699477
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: no
Scan mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
J:\

Scan statistics:
Files scanned: 117535
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:22:46


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system\svhost.exe.vir Infected: Trojan-Downloader.Win32.Agent.befs 1
E:\Games\Stalker Clear Sky\New Folder\No-DVD 1.503 + MiniImage\bin\protect.exe Infected: Packed.Win32.Black.a 1

The selected area was scanned.

peku006
2009-01-24, 23:45
Hi kilwan

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
E:\Games\Stalker Clear Sky\New Folder\No-DVD 1.503 + MiniImage\bin\protect.exe

After that.............

Congratulations, your log looks clean! :yahoo:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.


Happy safe surfing! :bigthumb:

kilwan
2009-01-25, 00:24
Dear puke006

I got rid of that file, installed some extra protection and I'm ready to surf.

Thank you vary much for all the help. I hope I wont need your help any time soon. :P

Till then, goodbye.

Kilwan

peku006
2009-01-25, 09:33
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.