A bit of everything ???

[kilwan]

Dear peku006

It worked, here is the first part of the log

ComboFix 09-01-21.04 - Hrvoje 2009-01-24 17:03:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2046.1578 [GMT 1:00]
Running from: C:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Hrvoje\LOCALS~1\Temp\svhost.exe
c:\windows\system\svhost.exe
c:\windows\system32\awttSlLd.dll
c:\windows\system32\bglvbhbh.ini
c:\windows\system32\BReWErS.dll
c:\windows\system32\Drivers\TDSSmqlt.sys
c:\windows\system32\fccbBTkL.dll
c:\windows\system32\hrkteagm.ini
c:\windows\system32\hvxdwsmq.ini
c:\windows\system32\iifeccDw.dll
c:\windows\system32\mgaetkrh.dll
c:\windows\system32\mnnVxyxx.ini
c:\windows\system32\mnnVxyxx.ini2
c:\windows\system32\MpVvCcfe.ini
c:\windows\system32\ohqqohii.ini
c:\windows\system32\qmswdxvh.dll
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\udexmsxt.ini
c:\windows\system32\urfqqxkx.ini
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\utsuesve.ini
c:\windows\system32\xxyxVnnm.dll
c:\windows\system32\ynlptbsd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tdssserv.sys
-------\Service_tdssserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-24 16:46 . 2009-01-24 16:45 374,384 --a------ C:\RunMe.exe
2009-01-24 16:00 . 2009-01-24 15:59 374,656 --a------ C:\TDdump.exe
2009-01-24 15:24 . 2009-01-24 15:25 <DIR> d-------- C:\rsit
2009-01-24 15:22 . 2009-01-24 15:20 2,737,800 --a------ C:\mbam-setup.exe
2009-01-24 14:22 . 2009-01-24 14:15 3,048,418 -ra------ C:\ComboFix.exe
2009-01-18 19:45 . 2009-01-18 19:45 <DIR> d-------- c:\program files\ERUNT
2009-01-18 11:11 . 2009-01-18 11:11 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Safer Networking
2009-01-18 11:10 . 2009-01-18 11:10 <DIR> d-------- c:\program files\Safer Networking
2009-01-17 19:58 . 2009-01-19 15:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 19:32 . 2009-01-17 19:32 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 19:32 . 2009-01-24 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 12:39 . 2009-01-24 14:41 2,204 --a------ c:\windows\system32\TDSSlxwp.dll
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-25 12:35 . 2008-12-25 12:35 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-25 12:35 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-25 12:35 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-25 12:35 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-25 12:35 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-25 12:35 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-25 12:35 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-25 12:35 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-25 12:20 . 2008-12-25 12:38 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Nokia
2008-12-25 12:20 . 2008-12-25 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-12-25 12:19 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Nokia
2008-12-25 12:19 . 2008-12-25 12:19 <DIR> d-------- c:\program files\DIFX
2008-12-25 12:19 . 2008-12-25 12:56 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\PC Suite
2008-12-25 12:19 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-25 12:18 . 2008-12-25 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 16:01 --------- d-----w c:\program files\ESET
2009-01-24 13:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 08:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\uTorrent
2009-01-23 19:18 --------- d-----w c:\program files\Runes of Magic
2009-01-23 14:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 21:04 --------- d-----w c:\program files\EA GAMES
2009-01-19 21:03 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 10:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:03 --------- d-----w c:\program files\WYSIWYG Web Builder 4.0
2008-12-22 16:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\BearShare
2008-12-14 15:05 --------- d-----w c:\program files\EWB512
2008-12-05 22:32 --------- d-----w c:\program files\Java
2008-12-05 20:38 --------- d-----w c:\documents and settings\Hrvoje\Application Data\Petroglyph
2008-12-05 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-24 12:31 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-23 17:41 216,064 ----a-w c:\windows\iun3405.exe
2008-11-04 15:03 22,328 ----a-w c:\documents and settings\Hrvoje\Application Data\PnkBstrK.sys
2008-01-27 01:57 47,360 ----a-w c:\documents and settings\Hrvoje\Application Data\pcouffin.sys
2008-03-19 09:56 872,448 --sha-w c:\windows\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 01:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 48c1b8a5b0d6e0150dd076f6ff86d6e1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_20.46.41,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-16 00:05:22 221,488 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 00:05:22 379,184 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 18:01:52 58,368 -c----w c:\windows\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2008-12-19 17:52:21 155,648 ----a-w c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll
- 2008-07-02 14:39:32 135,168 ----a-w c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
+ 2008-11-04 15:19:31 135,168 ----a-w c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
- 2008-07-02 14:39:32 212,992 ----a-w c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
+ 2008-11-04 15:19:31 212,992 ----a-w c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
- 2008-07-02 14:39:30 143,360 ----a-w c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2008-11-04 15:19:30 143,360 ----a-w c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
- 2008-07-02 14:39:32 225,280 ----a-w c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
+ 2008-11-04 15:19:31 225,280 ----a-w c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
- 2008-07-02 14:39:32 360,448 ----a-w c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
+ 2008-11-04 15:19:31 360,448 ----a-w c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
- 2008-07-02 14:39:30 13,312 ----a-w c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
+ 2008-11-04 15:19:30 13,312 ----a-w c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
- 2008-07-04 14:38:20 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-01-19 21:04:07 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-07-04 14:38:20 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-01-19 21:04:07 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-07-04 14:38:21 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-01-19 21:04:07 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-07-04 14:38:16 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:04 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:17 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:17 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:18 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:18 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:05 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:18 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:19 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:19 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:19 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:06 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:21 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-19 21:04:07 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-04 14:38:21 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-01-19 21:04:07 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-07-04 14:38:21 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-01-19 21:04:07 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-07-04 14:38:21 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-01-19 21:04:07 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-07-04 14:38:22 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-01-19 21:04:07 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-07-04 14:38:20 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-19 21:04:07 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2007-11-28 21:00:05 53,248 ----a-w c:\windows\assembly\GAC_32\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll
+ 2008-08-14 15:17:35 53,248 ----a-w c:\windows\assembly\GAC_32\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll
- 2007-11-28 21:00:05 16,384 ----a-w c:\windows\assembly\GAC_32\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll
+ 2008-08-14 15:17:37 16,384 ----a-w c:\windows\assembly\GAC_32\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll
- 2007-11-28 21:00:05 57,344 ----a-w c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL
+ 2008-08-14 15:17:37 57,344 ----a-w c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL
- 2007-11-28 21:00:05 12,288 ----a-w c:\windows\assembly\GAC_32\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll
+ 2008-08-14 15:17:37 12,288 ----a-w c:\windows\assembly\GAC_32\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll
- 2007-11-28 21:00:05 3,661,824 ----a-w c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll
+ 2008-08-14 15:17:38 3,661,824 ----a-w c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll
- 2007-11-28 21:00:06 28,672 ----a-w c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2008-08-14 15:17:38 28,672 ----a-w c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll
- 2007-11-28 21:00:06 921,600 ----a-w c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll
+ 2008-08-14 15:17:38 921,600 ----a-w c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll
- 2007-11-28 21:00:06 36,864 ----a-w c:\windows\assembly\GAC_32\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll
+ 2008-08-14 15:17:38 36,864 ----a-w c:\windows\assembly\GAC_32\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll
- 2007-11-28 21:00:06 3,411,968 ----a-w c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2008-08-14 15:17:39 3,411,968 ----a-w c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll
- 2007-11-28 21:00:05 9,728 ----a-w c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2008-08-14 15:17:37 9,728 ----a-w c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
- 2007-11-28 21:00:06 185,856 ----a-w c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2008-08-14 15:17:39 185,856 ----a-w c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll
- 2007-11-28 21:00:06 1,196,032 ----a-w c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2008-08-14 15:17:39 1,196,032 ----a-w c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll
- 2008-07-02 14:39:30 24,576 ----a-w c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2008-11-04 15:19:30 24,576 ----a-w c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2008-11-04 15:19:32 20,480 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
+ 2008-11-04 15:19:32 20,480 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3156.17716__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3156.17720__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3156.17720__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
+ 2008-11-04 15:19:30 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3188.37126__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
+ 2008-11-04 15:19:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
+ 2008-11-04 15:19:30 16,384 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.DLL
+ 2008-11-04 15:19:29 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3188.36934__90ba9c70f846762e\AEM.Server.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3156.17716__90ba9c70f846762e\AEM.UI.Shared.DLL
+ 2008-11-04 15:19:29 61,440 ----a-w c:\windows\assembly\GAC_MSIL\AEM.UI\2.0.3188.37097__90ba9c70f846762e\AEM.UI.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.DLL
+ 2008-11-04 15:19:29 57,344 ----a-w c:\windows\assembly\GAC_MSIL\APM.Server\2.0.3188.36935__90ba9c70f846762e\APM.Server.DLL
- 2008-07-02 14:39:29 32,768 ----a-w c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2008-11-04 15:19:29 32,768 ----a-w c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2008-11-04 15:19:29 69,632 ----a-w c:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3188.36937__90ba9c70f846762e\ATIDEMOS.DLL
- 2008-07-02 14:39:32 6,656 ----a-w c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
+ 2008-11-04 15:19:32 6,656 ----a-w c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
- 2008-07-02 14:39:32 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
+ 2008-11-04 15:19:31 45,056 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
- 2008-07-02 14:39:30 14,848 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2008-11-04 15:19:30 14,848 ----a-w c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2008-11-04 15:19:29 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3188.37098__90ba9c70f846762e\CCC.Implementation.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2008-11-04 15:19:29 262,144 ----a-w c:\windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
+ 2008-11-04 15:19:32 90,112 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3188.37125__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 12,288 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3188.37124__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
+ 2008-11-04 15:19:30 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
+ 2008-11-04 15:19:32 98,304 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3188.37006__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 438,272 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3188.37020__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3188.37021__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 675,840 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3188.37047__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 69,632 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3188.37045__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 692,224 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3188.37062__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 450,560 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3188.37013__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3188.37019__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 401,408 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3188.37042__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3188.37041__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 307,200 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3188.36972__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 286,720 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3188.37007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
+ 2008-11-04 15:19:34 36,864 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3188.37018__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 798,720 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3188.37078__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 77,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3188.37076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
+ 2008-11-04 15:19:30 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 364,544 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3188.37084__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 589,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3188.36966__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3188.36971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
+ 2008-11-04 15:19:32 442,368 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3188.36951__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 1,691,648 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3188.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
+ 2008-11-04 15:19:32 122,880 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3188.37039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:32 36,864 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3188.37038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3188.36949__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 225,280 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3188.36965__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 204,800 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3188.36964__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
+ 2008-11-04 15:19:33 245,760 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.3188.36977__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.3188.36978__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 811,008 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3188.37023__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 77,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3188.37021__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 405,504 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3188.37067__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
+ 2008-11-04 15:19:33 204,800 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3188.37026__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Runtime\2.0.3188.37024__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 204,800 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3188.37033__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3188.37031__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 208,896 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3188.37102__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3188.37099__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3156.17717__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 151,552 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3188.37143__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3188.37141__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 479,232 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Dashboard\2.0.3188.36980__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Runtime\2.0.3188.36979__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 1,032,192 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3188.36994__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3188.36986__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 671,744 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3188.37134__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 77,824 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3188.37133__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 172,032 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3188.37043__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3188.37044__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 147,456 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3188.37116__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3188.37115__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3156.17719__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
+ 2008-11-04 15:19:33 147,456 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3188.37108__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:33 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3188.37107__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 172,032 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3188.37131__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3188.37132__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3156.17722__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 356,352 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3188.37054__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3188.37053__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 90,112 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3188.37055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
+ 2008-11-04 15:19:34 286,720 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3188.36976__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3188.36977__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
+ 2008-11-04 15:19:31 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 483,328 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3188.37109__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
+ 2008-11-04 15:19:34 167,936 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3188.37041__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 32,768 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3188.37040__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 106,496 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3188.36962__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3188.36962__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
+ 2008-11-04 15:19:34 135,168 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3188.37111__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 98,304 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3188.37144__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:34 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3188.37145__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3156.17705__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
+ 2008-11-04 15:19:34 73,728 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3188.36948__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
+ 2008-11-04 15:19:35 266,240 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3188.36940__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
+ 2008-11-04 15:19:31 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
+ 2008-11-04 15:19:35 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3188.36957__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
+ 2008-11-04 15:19:29 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3188.37075__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
+ 2008-11-04 15:19:29 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
+ 2008-11-04 15:19:29 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3188.37000__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
+ 2008-11-04 15:19:29 147,456 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3188.37000__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
+ 2008-11-04 15:19:29 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3188.37005__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
+ 2008-11-04 15:19:29 208,896 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3188.37001__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
+ 2008-11-04 15:19:29 1,032,192 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3188.36945__90ba9c70f846762e\CLI.Component.Dashboard.DLL
+ 2008-11-04 15:19:29 704,512 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3188.37070__90ba9c70f846762e\CLI.Component.Eeu.DLL
+ 2008-11-04 15:19:29 61,440 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3188.36985__90ba9c70f846762e\CLI.Component.Erecord.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.3188.37094__90ba9c70f846762e\CLI.Component.Help.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3188.36963__90ba9c70f846762e\CLI.Component.Icomponent.DLL
+ 2008-11-04 15:19:29 258,048 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3188.37132__90ba9c70f846762e\CLI.Component.Launchpad.DLL
+ 2008-11-04 15:19:29 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.3188.37095__90ba9c70f846762e\CLI.Component.Load.DLL
+ 2008-11-04 15:19:34 122,880 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3188.37151__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
+ 2008-11-04 15:19:30 7,168 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3188.36933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
+ 2008-11-04 15:19:29 45,056 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
+ 2008-11-04 15:19:29 65,536 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3188.36936__90ba9c70f846762e\CLI.Component.Runtime.DLL
+ 2008-11-04 15:19:29 53,248 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3188.36938__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
+ 2008-11-04 15:19:30 483,328 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3188.37089__90ba9c70f846762e\CLI.Component.Systemtray.DLL
+ 2008-11-04 15:19:30 24,576 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
+ 2008-11-04 15:19:30 397,312 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3188.36956__90ba9c70f846762e\CLI.Component.Wizard.DLL
+ 2008-11-04 15:19:30 40,960 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.DLL
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
+ 2008-11-04 15:19:31 57,344 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\CLI.Implementation\2.0.3188.36932__90ba9c70f846762e\CLI.Implementation.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
- 2008-07-02 14:39:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
- 2008-07-02 14:39:31 45,056 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2008-11-04 15:19:31 45,056 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
- 2008-07-02 14:39:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
- 2008-07-02 14:39:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
- 2008-07-02 14:39:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.DLL
+ 2008-11-04 15:19:31 20,480 ----a-w c:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.DLL
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.DLL
- 2008-07-02 14:39:32 131,072 ----a-w c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2008-11-04 15:19:31 131,072 ----a-w c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2008-11-04 15:19:30 11,264 ----a-w c:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3188.37139__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.DLL
+ 2008-11-04 15:19:30 16,384 ----a-w c:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.DLL
+ 2008-11-04 15:19:30 20,480 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
+ 2008-11-04 15:19:30 61,440 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3188.37095__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
+ 2008-11-04 15:19:30 32,768 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.DLL
+ 2008-11-04 15:19:31 32,768 ----a-w c:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.DLL
+ 2008-11-04 15:19:30 86,016 ----a-w c:\windows\assembly\GAC_MSIL\LOG\2.0.3188.37096__90ba9c70f846762e\LOG.EXE
+ 2008-11-04 15:19:31 16,384 ----a-w c:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.DLL
+ 2008-11-04 15:19:30 106,496 ----a-w c:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3188.37099__90ba9c70f846762e\MOM.Implementation.DLL
- 2008-07-02 14:39:32 49,152 ----a-w c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2008-11-04 15:19:31 49,152 ----a-w c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2008-11-04 15:19:31 28,672 ----a-w c:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.DLL
+ 2008-11-04 15:19:30 19,456 ----a-w c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3188.37126__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
+ 2008-11-04 15:19:30 16,384 ----a-w c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3156.17717__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
+ 2008-10-28 20:39:45 7,651,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\0cee4ea7b728152a0a3a466bb60dcbb0\AppCommon.ni.dll
+ 2008-10-28 20:40:27 77,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\aedd4197dadb8d50b944cc6821d6e2e2\AxInterop.QTOControlLib.ni.dll
+ 2008-10-28 20:40:15 143,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\70b950a142f162a0ab2c43c84fe339b7\AxInterop.SHDocVw.ni.dll
+ 2008-10-28 20:40:24 184,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\3dfbf5a9b05e5c8aa7acc52e23f06040\AxInterop.WMPLib.ni.dll
+ 2008-10-28 20:40:07 221,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\b1bc4f62319b3dfa406d694fcf576c4d\GCPlayer.ni.dll
+ 2008-10-28 20:40:19 28,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interfaces\0a4b264c6f32ca26121e8c61cf2aae31\Interfaces.ni.dll
+ 2008-10-28 20:40:21 389,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\daa6f5f547eabfe6caed5e63d912cd1b\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2008-10-28 20:40:22 41,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\6d33b0b4840deb4bf8e27cf9b00bdc25\Interop.CDDBLINKLibSMS.ni.dll
+ 2008-10-28 20:40:33 35,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\2f0a2100d6953ca6e09c41d1263afe8e\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2008-10-28 20:40:18 118,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\5822221fb8bfafb193664f6dc969b320\Interop.IWshRuntimeLibrary.ni.dll
+ 2008-10-28 20:40:34 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\0f60dcec14019f4a45e9bd9721056aa0\Interop.PortableDeviceTypesLib.ni.dll
+ 2008-10-28 20:40:20 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\8524d04c4db5238f8b1f93141f158eb5\Interop.PortableDeviceApiLib.ni.dll
+ 2008-10-28 20:40:28 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\a2bab5a883b3cf600c19a61e1272ef7c\Interop.QTOControlLib.ni.dll
+ 2008-10-28 20:40:29 221,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\1ed74631463a422ab34ca79781e34804\Interop.QTOLibrary.ni.dll
+ 2008-10-28 20:40:16 344,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\d22251df12bd587e0bf831a6f32ddb0b\Interop.SHDocVw.ni.dll
+ 2008-10-28 20:40:26 847,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\33889d94e59c8ffd2ab414115ee01249\Interop.WMPLib.ni.dll
+ 2008-10-28 20:40:05 712,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\c214dffd2c15fedb78004903ebe143ef\log4net.ni.dll
+ 2008-10-28 20:40:33 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\b367e4694dcafc89ec4a3560cc007306\Lucene.Net.ni.dll
+ 2008-10-28 20:40:14 970,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\e5d39cd2af4d196391d02514937f6c41\MediaManager.GUI.ni.dll
+ 2008-10-28 20:40:35 282,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\00728a5d60f774502f989372ffa152de\MediaManager.SplashScreen.ni.dll
+ 2008-10-28 20:40:18 147,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\9ec198448ed0a67d7440773d5e963344\MediaManager.Utils.ni.dll
+ 2008-10-28 20:39:27 1,728,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\43ff5e82a6f924cbe2229b985fd47b8a\MediaManager.ni.exe
+ 2008-10-28 20:39:52 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-10-28 20:40:10 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\6d4a2ca948373e86875d9484abade8e8\PerstNET.ni.dll
+ 2008-10-28 20:40:22 30,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\9eb969e20b8c21551b1d86ad18d6839c\SFMARKETLib.ni.dll
+ 2008-10-28 20:39:50 1,036,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\2566f7aca261d1ac3e3e491644039301\Sony.MediaSoftware.clrshared.ni.dll
+ 2008-10-28 20:40:28 44,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\5eef2f32e44870fde9f65d34d523ef3e\stdole.ni.dll
+ 2008-10-28 20:40:02 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-10-28 20:39:58 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\2009-01-18\ERDNT.EXE
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-18\ERDNT.EXE
+ 2009-01-18 19:00:46 12,812,288 ----a-w c:\windows\erdnt\AutoBackup\2009-01-18\Users\00000001\NTUSER.DAT
+ 2009-01-18 19:00:46 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-18\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-19\ERDNT.EXE
+ 2009-01-19 11:16:41 12,812,288 ----a-w c:\windows\erdnt\AutoBackup\2009-01-19\Users\00000001\NTUSER.DAT
+ 2009-01-19 11:16:41 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-19\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-22\ERDNT.EXE
+ 2009-01-22 06:35:50 12,820,480 ----a-w c:\windows\erdnt\AutoBackup\2009-01-22\Users\00000001\NTUSER.DAT
+ 2009-01-22 06:35:50 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-22\Users\00000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-01-24\ERDNT.EXE
+ 2009-01-24 08:25:07 12,824,576 ----a-w c:\windows\erdnt\AutoBackup\2009-01-24\Users\00000001\NTUSER.DAT
+ 2009-01-24 08:25:07 368,640 ----a-w c:\windows\erdnt\AutoBackup\2009-01-24\Users\00000002\UsrClass.dat
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-12-25 11:35:48 10,134 ----a-r c:\windows\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:20 10,134 ----a-r c:\windows\Installer\{22F358CE-610B-A033-0D36-4FADA6E8F67A}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:17 10,134 ----a-r c:\windows\Installer\{255F566C-3F57-15AD-2CA5-E7EA41F9904F}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:23 10,134 ----a-r c:\windows\Installer\{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:11 10,134 ----a-r c:\windows\Installer\{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:18 10,134 ----a-r c:\windows\Installer\{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:16 10,134 ----a-r c:\windows\Installer\{8D6EC7D6-E71D-8743-1396-591F4195F347}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:28 10,134 ----a-r c:\windows\Installer\{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:28 9,158 ----a-r c:\windows\Installer\{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2009-01-19 21:12:07 302,430 ----a-r c:\windows\Installer\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}\ME_Icon.exe
+ 2008-12-25 11:35:13 3,262 ----a-r c:\windows\Installer\{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:26 10,134 ----a-r c:\windows\Installer\{B38C3184-F573-CDC2-9452-FA9C576AB010}\ARPPRODUCTICON.exe
+ 2008-10-28 20:36:00 27,136 ----a-r c:\windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-12-25 11:36:39 15,086 ----a-r c:\windows\Installer\{D5577624-0626-4C4B-87AA-D966DA1739D6}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:19 10,134 ----a-r c:\windows\Installer\{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}\ARPPRODUCTICON.exe
+ 2008-11-04 15:19:15 10,134 ----a-r c:\windows\Installer\{E068CD0F-E631-17E7-9A01-05C2B2B54C84}\ARPPRODUCTICON.exe
+ 2008-09-12 21:20:50 49,152 ----a-r c:\windows\Installer\{EB0508A0-162A-4996-85A1-00C07D33445A}\NDLAUNCHER.EXE2_1A2D1828B04247A4BD62A3A39F8B15BB.exe
+ 2008-09-12 21:20:50 49,152 ----a-r c:\windows\Installer\{EB0508A0-162A-4996-85A1-00C07D33445A}\NDLAUNCHER.EXE21_0F7C082DF5DE44C08A265D17DA03A33A.exe
+ 2008-11-04 15:19:14 10,134 ----a-r c:\windows\Installer\{FA3A247D-437A-455E-A88F-7EB6E5F9E799}\ARPPRODUCTICON.exe

[kilwan]

and the second part...
- 2005-09-23 02:40:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll
+ 2005-09-23 01:40:46 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll
- 2005-09-23 02:41:18 39,424 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll
+ 2005-09-23 01:41:18 39,424 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll
- 2005-09-23 05:56:42 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll
+ 2005-09-23 04:56:42 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll
- 2005-09-23 06:01:18 13,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe
+ 2005-09-23 05:01:18 13,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe
- 2005-09-23 03:49:26 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll
+ 2005-09-23 02:49:26 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll
- 2005-09-23 05:56:56 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll
+ 2005-09-23 04:56:56 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll
- 2005-09-23 05:56:34 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL
+ 2005-09-23 04:56:34 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL
- 2005-09-23 05:56:44 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll
+ 2005-09-23 04:56:44 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll
- 2005-09-23 05:56:16 3,661,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
+ 2005-09-23 04:56:16 3,661,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
- 2005-09-23 05:56:36 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll
+ 2005-09-23 04:56:36 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll
- 2005-09-23 02:41:48 176,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll
+ 2005-09-23 01:41:48 176,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll
- 2005-09-23 05:56:40 921,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll
+ 2005-09-23 04:56:40 921,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll
- 2005-09-23 05:56:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll
+ 2005-09-23 04:56:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll
- 2005-09-23 05:56:22 3,411,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll
+ 2005-09-23 04:56:22 3,411,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll
- 2005-09-23 05:56:22 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll
+ 2005-09-23 04:56:22 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll
- 2005-09-23 05:56:44 185,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll
+ 2005-09-23 04:56:44 185,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll
- 2005-09-23 05:56:36 1,196,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll
+ 2005-09-23 04:56:36 1,196,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll
- 2005-09-23 02:41:50 2,560 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2005-09-23 01:41:50 2,560 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
- 2005-09-23 02:40:48 94,208 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll
+ 2005-09-23 01:40:48 94,208 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll
- 2005-09-23 02:41:50 68,608 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
+ 2005-09-23 01:41:50 68,608 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 06:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 06:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelFrench.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelGerman.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelJapanese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelKorean.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelPortugese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelSpanish.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
- 2007-04-20 06:57:28 53,248 ----a-w c:\windows\system32\AgCPanelSwedish.dll
+ 2008-10-07 08:13:20 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
- 2007-04-20 06:57:30 53,248 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 08:13:22 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
- 2007-06-12 08:22:58 207,277 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
+ 2008-04-28 09:11:16 199,885 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin
- 2007-04-16 08:24:38 122,249 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
+ 2008-04-28 09:11:16 119,473 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin
- 2007-06-12 08:22:58 214,141 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
+ 2008-04-28 09:11:16 214,629 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin
- 2007-07-10 10:13:42 113,313 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
+ 2008-04-28 09:11:16 116,977 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin
- 2008-06-03 02:33:56 48,128 ----a-w c:\windows\system32\amdpcom32.dll
+ 2008-09-24 01:24:26 48,640 ----a-w c:\windows\system32\amdpcom32.dll
+ 1999-11-24 19:29:34 196,608 ----a-w c:\windows\system32\anfysave.scr
- 2008-06-03 02:21:25 557,056 ----a-w c:\windows\system32\ati2cqag.dll
+ 2008-09-24 01:12:34 573,440 ----a-w c:\windows\system32\ati2cqag.dll
- 2008-06-03 03:21:06 306,688 ----a-w c:\windows\system32\ati2dvag.dll
+ 2008-09-24 02:17:07 311,296 ----a-w c:\windows\system32\ati2dvag.dll
- 2008-06-03 03:11:24 43,520 ----a-w c:\windows\system32\ati2edxx.dll
+ 2008-09-24 02:06:36 43,520 ----a-w c:\windows\system32\ati2edxx.dll
- 2008-06-03 03:11:08 139,264 ----a-w c:\windows\system32\ati2evxx.dll
+ 2008-09-24 02:06:19 143,360 ----a-w c:\windows\system32\ati2evxx.dll
- 2008-06-03 03:09:36 552,960 ----a-w c:\windows\system32\ati2evxx.exe
+ 2008-09-24 02:04:49 581,632 ----a-w c:\windows\system32\ati2evxx.exe
- 2008-06-03 03:11:33 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
+ 2008-09-24 02:06:44 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
- 2008-06-02 19:05:00 593,920 ------w c:\windows\system32\ati2sgag.exe
+ 2008-09-23 20:05:00 593,920 ----a-w c:\windows\system32\ati2sgag.exe
- 2008-06-03 02:59:00 3,500,352 ----a-w c:\windows\system32\ati3duag.dll
+ 2008-09-24 01:54:16 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
- 2008-06-03 02:28:20 23,040 ----a-w c:\windows\system32\atiadlxx.dll
+ 2008-09-24 01:19:08 39,424 ----a-w c:\windows\system32\atiadlxx.dll
+ 2008-07-30 17:00:51 90,112 ----a-w c:\windows\system32\atibrtmon.exe
- 2008-06-03 03:08:13 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
+ 2008-09-24 02:03:30 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
- 2008-06-03 03:22:24 413,696 ----a-w c:\windows\system32\ATIDEMGX.dll
+ 2008-09-24 02:18:25 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
- 2008-04-28 21:09:09 172,033 ----a-w c:\windows\system32\atiicdxx.dat
+ 2008-09-17 19:17:19 176,918 ----a-w c:\windows\system32\atiicdxx.dat
- 2008-06-03 03:02:36 307,200 ----a-w c:\windows\system32\atiiiexx.dll
+ 2008-09-24 01:56:46 307,200 ----a-w c:\windows\system32\atiiiexx.dll
- 2008-06-03 02:29:46 348,160 ----a-w c:\windows\system32\atikvmag.dll
+ 2008-09-24 01:20:30 380,928 ----a-w c:\windows\system32\atikvmag.dll
- 2008-06-03 02:22:52 5,439,488 ----a-w c:\windows\system32\atioglxx.dll
+ 2008-09-24 02:09:12 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
- 2008-06-03 03:04:24 245,760 ----a-w c:\windows\system32\atiok3x2.dll
+ 2008-09-24 01:18:17 253,952 ----a-w c:\windows\system32\atiok3x2.dll
- 2008-06-03 03:11:56 180,224 ----a-w c:\windows\system32\atipdlxx.dll
+ 2008-09-24 02:07:05 188,416 ----a-w c:\windows\system32\atipdlxx.dll
- 2008-06-03 02:28:10 17,408 ----a-w c:\windows\system32\atitvo32.dll
+ 2008-09-24 01:18:59 17,408 ----a-w c:\windows\system32\atitvo32.dll
- 2008-06-03 02:48:11 2,120,832 ----a-w c:\windows\system32\ativvaxx.dll
+ 2008-09-24 01:38:32 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
+ 2007-03-29 22:00:40 203,264 ----a-r c:\windows\system32\CddbCdda.dll
- 2008-04-28 16:39:07 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
+ 2008-07-29 15:38:22 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
- 2007-11-23 20:21:29 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-24 13:40:56 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-23 20:21:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-24 13:40:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-23 20:21:29 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 13:40:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 13:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
- 2008-05-30 12:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-05-30 13:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-07-12 07:18:52 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll
+ 2008-10-10 03:52:38 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
- 2007-04-19 00:59:46 519,912 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
- 2008-02-05 21:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
- 2008-05-30 12:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-05-30 13:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-07-12 07:18:52 467,984 ----a-w c:\windows\system32\d3dx10_39.dll
+ 2008-10-10 03:52:38 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
- 2008-03-05 13:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
- 2008-05-30 12:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-07-12 07:18:52 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
+ 2008-10-10 03:52:38 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
+ 2008-12-05 22:32:38 410,984 ----a-w c:\windows\system32\deploytk.dll
- 2008-06-03 06:20:54 3,100,160 -c--a-w c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-09-24 03:09:07 3,331,072 -c--a-w c:\windows\system32\dllcache\ati2mtag.sys
- 2001-08-17 21:36:34 87,040 -c--a-w c:\windows\system32\dllcache\wiafbdrv.dll
+ 2001-08-17 20:36:34 87,040 -c--a-w c:\windows\system32\dllcache\wiafbdrv.dll
- 2008-06-03 02:27:19 49,152 ----a-w c:\windows\system32\drivers\ati2erec.dll
+ 2008-09-24 01:18:10 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
- 2008-06-03 06:20:54 3,100,160 ----a-w c:\windows\system32\drivers\ati2mtag.sys
+ 2008-09-24 03:09:07 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
+ 2007-03-07 23:51:00 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2008-06-12 06:28:49 56,108 ----a-w c:\windows\system32\drivers\scdemu.sys
- 2007-12-21 12:38:18 715,248 ----a-w c:\windows\system32\drivers\sptd.sys
+ 2008-10-09 06:10:48 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
+ 2008-05-20 09:37:00 525,824 ----a-w c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2006-11-02 06:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 06:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2006-09-15 21:29:52 76,544 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-15 21:30:10 82,688 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2008-05-07 06:38:20 17,536 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys
+ 2008-05-07 06:38:24 90,624 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll
+ 2008-05-07 06:38:34 659,968 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll
+ 2008-05-07 06:39:22 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll
+ 2008-05-07 06:38:36 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys
+ 2008-06-06 08:24:44 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys
+ 2008-05-07 06:38:20 20,864 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys
+ 2007-09-17 14:53:26 21,632 -c--a-w c:\windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-05-20 09:37:00 525,824 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll
+ 2008-05-20 09:32:30 831,048 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll
+ 2008-04-28 09:11:28 120,960 -c--a-w c:\windows\system32\DRVSTORE\PhysX32_126D1C23E2B6AB265C2ADA744A3E64441F8F8A78\physX32.sys
+ 2007-09-13 05:43:00 120,320 -c--a-w c:\windows\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
- 2008-05-07 07:32:48 260,640 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-09-13 08:38:18 260,640 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-21 23:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-05 22:32:38 144,792 ----a-w c:\windows\system32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-05 22:32:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-05 22:32:39 148,888 ----a-w c:\windows\system32\javaws.exe
- 2007-11-20 15:52:00 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-20 15:52:00 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-12-14 00:26:49 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2003-03-18 20:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2003-03-18 20:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
+ 2007-08-27 14:41:22 1,089,440 ----a-w c:\windows\system32\msidcrl40.dll
+ 2007-12-12 13:41:50 344,064 ----a-w c:\windows\system32\msvcr70.dll
- 2008-06-03 03:11:42 139,264 ----a-w c:\windows\system32\Oemdspif.dll
+ 2008-09-24 02:06:53 143,360 ----a-w c:\windows\system32\Oemdspif.dll
+ 2008-11-04 15:02:57 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
- 2008-03-30 10:13:23 68,404 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-28 06:38:35 68,404 ----a-w c:\windows\system32\perfc009.dat
- 2008-03-30 10:13:23 435,760 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-28 06:38:35 435,760 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-15 08:04:28 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
+ 2008-10-15 08:04:28 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
+ 2008-10-07 08:13:30 197,912 ----a-w c:\windows\system32\physxcudart_20.dll
+ 2008-10-07 08:13:28 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
- 2007-06-19 07:59:36 70,400 ----a-w c:\windows\system32\PhysXLoader.dll
+ 2008-10-17 08:29:00 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
- 2007-10-18 20:18:12 63,040 ----a-w c:\windows\system32\PnkBstrA.exe
+ 2008-10-22 04:27:07 63,040 ----a-w c:\windows\system32\PnkBstrA.exe
- 2008-03-17 09:42:28 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2008-11-24 12:31:16 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2007-03-07 23:51:00 547,576 ----a-w c:\windows\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ----a-w c:\windows\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ----a-w c:\windows\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ----a-w c:\windows\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ----a-w c:\windows\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ----a-w c:\windows\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ----a-w c:\windows\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ----a-w c:\windows\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ----a-w c:\windows\system32\pxwave.dll
+ 2008-07-30 17:00:51 90,112 ----a-w c:\windows\system32\ReinstallBackups\0000\DriverFiles\atibrtmon.exe
+ 2008-07-30 17:00:51 90,112 ----a-w c:\windows\system32\ReinstallBackups\0001\DriverFiles\atibrtmon.exe
+ 2005-01-12 03:08:50 32,768 ----a-w c:\windows\system32\SafeIE.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2006-10-08 20:51:14 14,640 ----a-w c:\windows\system32\spmsg.dll
- 2006-10-16 15:10:58 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-10-08 20:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-03-07 23:51:00 39,672 ----a-w c:\windows\system32\vxblock.dll
- 2001-08-17 21:36:34 87,040 ----a-w c:\windows\system32\wiafbdrv.dll
+ 2001-08-17 20:36:34 87,040 ----a-w c:\windows\system32\wiafbdrv.dll
+ 2006-09-15 22:30:16 87,040 ----a-w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-15 22:30:06 142,848 ----a-w c:\windows\system32\WudfHost.exe
+ 2006-09-15 21:29:54 163,840 ----a-w c:\windows\system32\WudfPlatform.dll
+ 2006-09-15 22:30:16 55,296 ----a-w c:\windows\system32\WudfSvc.dll
+ 2008-05-20 09:32:30 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll
+ 2006-09-15 22:30:16 308,224 ----a-w c:\windows\system32\WUDFx.dll
- 2008-03-05 14:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
- 2008-05-30 12:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2008-05-30 13:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2008-10-27 09:04:16 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
- 2008-03-05 14:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
- 2008-05-30 12:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-05-30 13:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-07-31 09:41:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll
+ 2008-10-27 09:04:16 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
- 2008-05-30 12:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-05-30 13:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-07-31 09:41:52 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll
+ 2008-10-27 09:04:14 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
- 2008-03-05 14:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
- 2008-05-30 12:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-05-30 13:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-07-31 09:40:32 509,448 ----a-w c:\windows\system32\XAudio2_2.dll
+ 2008-10-27 09:04:18 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
+ 2008-10-22 04:29:02 14,303,392 ----a-w c:\windows\system32\xlive.dll
+ 2007-09-18 14:01:02 134,144 ----a-w c:\windows\system32\xlive\sqmapi.dll
+ 2008-10-22 04:29:02 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
+ 2009-01-24 16:06:41 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_664.dat
- 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2005-09-22 22:49:12 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-12-12 13:40:54 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
- 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hrvoje\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 11:29 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45682:TCP"= 45682:TCP:sam ga ti pusti

S1 19a1eb02;19a1eb02;c:\windows\system32\drivers\19a1eb02.sys --> c:\windows\system32\drivers\19a1eb02.sys [?]
S1 3c86b558;3c86b558;c:\windows\system32\drivers\3c86b558.sys --> c:\windows\system32\drivers\3c86b558.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [2008-02-10 17376]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys --> c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507e63ee-0579-11dd-9786-001a4d913d99}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b6cdc5-af05-11dc-96c8-001a4d913d99}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f812bb12-bd51-11dc-96f1-001a4d913d99}]
\Shell\AutoRun\command - I:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{3f76f5cf-c805-45ae-b7d6-31a6edcb8435} - (no file)
BHO-{ed061cb5-733a-4406-b2a4-4653ad7e7974} - (no file)
BHO-{F65B506F-1701-4CA1-B019-CC3E23EE029B} - c:\windows\system32\xxyxVnnm.dll
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\
FF - component: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 17:06:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,d3,f1,15,e5,08,bf,72,a4,3d,68,c2,b3,6f,42,63,6d,a4,4c,36,c9,96,db,
c7,f8,e7,14,90,a1,3e,e9,49,c8,6d,0d,02,8e,b3,82,53,d7,49,c5,0d,22,e6,a8,d8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,d6,1e,2c,9e,7f,80,d1,f3,d8,4c,96,02,c3,60,7f,f5,ca,3d,17,b2,
34,54,04,17,a3,b9,d4,83,3b,f3,91,54,ae,6f,04,e2,ab,f6,2c,ce,3a,4c,72,98,77,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 17:09:10 - machine was rebooted [Hrvoje]
ComboFix-quarantined-files.txt 2009-01-24 16:09:08

Pre-Run: 47,601,061,888 bytes free
Post-Run: 51,011,981,312 bytes free

858 --- E O F --- 2008-06-13 22:01:40

[peku006]

Hi kilwan

RECOVERY CONSOLE

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Thanks peku006

[kilwan]

Dear puke006

here are the logs you'r looking for...

ComboFix 09-01-21.04 - Hrvoje 2009-01-24 17:59:23.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2046.1579 [GMT 1:00]
Running from: c:\documents and settings\Hrvoje\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hrvoje\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-24 17:57 . 2009-01-24 17:56 4,608,744 --a------ C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2009-01-24 16:46 . 2009-01-24 16:45 374,384 --a------ C:\RunMe.exe
2009-01-24 16:00 . 2009-01-24 15:59 374,656 --a------ C:\TDdump.exe
2009-01-24 15:24 . 2009-01-24 15:25 <DIR> d-------- C:\rsit
2009-01-24 15:22 . 2009-01-24 15:20 2,737,800 --a------ C:\mbam-setup.exe
2009-01-24 14:22 . 2009-01-24 14:15 3,048,418 -ra------ C:\ComboFix.exe
2009-01-18 19:45 . 2009-01-18 19:45 <DIR> d-------- c:\program files\ERUNT
2009-01-18 11:11 . 2009-01-18 11:11 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Safer Networking
2009-01-18 11:10 . 2009-01-18 11:10 <DIR> d-------- c:\program files\Safer Networking
2009-01-17 19:58 . 2009-01-19 15:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 19:32 . 2009-01-17 19:32 <DIR> d-------- c:\program files\Lavasoft
2009-01-17 19:32 . 2009-01-24 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-17 12:39 . 2009-01-24 14:41 2,204 --a------ c:\windows\system32\TDSSlxwp.dll
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-25 12:41 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 12:40 . 2008-12-25 12:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-25 12:36 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-25 12:35 . 2008-12-25 12:35 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-12-25 12:35 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-25 12:35 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-25 12:35 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-25 12:35 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-25 12:35 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-25 12:35 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-25 12:35 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-25 12:20 . 2008-12-25 12:38 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\Nokia
2008-12-25 12:20 . 2008-12-25 12:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2008-12-25 12:19 . 2008-12-25 12:36 <DIR> d-------- c:\program files\Nokia
2008-12-25 12:19 . 2008-12-25 12:19 <DIR> d-------- c:\program files\DIFX
2008-12-25 12:19 . 2008-12-25 12:56 <DIR> d-------- c:\documents and settings\Hrvoje\Application Data\PC Suite
2008-12-25 12:19 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-12-25 12:18 . 2008-12-25 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 16:01 --------- d-----w c:\program files\ESET
2009-01-24 13:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 08:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\uTorrent
2009-01-23 19:18 --------- d-----w c:\program files\Runes of Magic
2009-01-23 14:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 21:04 --------- d-----w c:\program files\EA GAMES
2009-01-19 21:03 --------- d-----w c:\program files\AGEIA Technologies
2009-01-19 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 10:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 20:03 --------- d-----w c:\program files\WYSIWYG Web Builder 4.0
2008-12-22 16:10 --------- d-----w c:\documents and settings\Hrvoje\Application Data\BearShare
2008-12-14 15:05 --------- d-----w c:\program files\EWB512
2008-12-05 22:32 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-05 22:32 --------- d-----w c:\program files\Java
2008-12-05 20:38 --------- d-----w c:\documents and settings\Hrvoje\Application Data\Petroglyph
2008-12-05 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-24 12:31 183,112 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-24 12:31 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-23 17:41 216,064 ----a-w c:\windows\iun3405.exe
2008-11-04 15:03 22,328 ----a-w c:\documents and settings\Hrvoje\Application Data\PnkBstrK.sys
2008-11-04 15:02 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-01-27 01:57 47,360 ----a-w c:\documents and settings\Hrvoje\Application Data\pcouffin.sys
2008-03-19 09:56 872,448 --sha-w c:\windows\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 01:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 48c1b8a5b0d6e0150dd076f6ff86d6e1 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hrvoje\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-05-18 11:29 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45682:TCP"= 45682:TCP:sam ga ti pusti

R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S1 19a1eb02;19a1eb02;c:\windows\system32\drivers\19a1eb02.sys --> c:\windows\system32\drivers\19a1eb02.sys [?]
S1 3c86b558;3c86b558;c:\windows\system32\drivers\3c86b558.sys --> c:\windows\system32\drivers\3c86b558.sys [?]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [2008-02-10 17376]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys --> c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507e63ee-0579-11dd-9786-001a4d913d99}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b6cdc5-af05-11dc-96c8-001a4d913d99}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f812bb12-bd51-11dc-96f1-001a4d913d99}]
\Shell\AutoRun\command - I:\USBNB.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\
FF - component: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 18:00:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,d3,f1,15,e5,08,bf,72,a4,3d,68,c2,b3,6f,42,63,6d,a4,4c,36,c9,96,db,
c7,f8,e7,14,90,a1,3e,e9,49,c8,6d,0d,02,8e,b3,82,53,d7,49,c5,0d,22,e6,a8,d8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,d6,1e,2c,9e,7f,80,d1,f3,d8,4c,96,02,c3,60,7f,f5,ca,3d,17,b2,
34,54,04,17,a3,b9,d4,83,3b,f3,91,54,ae,6f,04,e2,ab,f6,2c,ce,3a,4c,72,98,77,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-24 18:02:16
ComboFix-quarantined-files.txt 2009-01-24 17:02:14
ComboFix2.txt 2009-01-24 16:09:11

Pre-Run: 50,956,296,192 bytes free
Post-Run: 50,943,557,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

201 --- E O F --- 2008-06-13 22:01:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5457 bytes

[peku006]

Hi kilwan

it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

1 - Run Malwarebytes' Anti-Malware

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.

On the Scanner tab:

• Make sure the "Perform full scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found here:
  
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

[kilwan]

Dear puke006

The computer is running great, much faster then before. Anyway here are the log you wanted ...

Malwarebytes' Anti-Malware 1.33
Database version: 1688
Windows 5.1.2600 Service Pack 2

2009-01-24 19:27:54
mbam-log-2009-01-24 (19-27-54).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 164220
Time elapsed: 40 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awttSlLd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccbBTkL.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifeccDw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mgaetkrh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qmswdxvh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP635\A0211851.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214097.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214098.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214099.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214100.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{582DDD76-6224-4B4C-A753-5B54BD2CC0D9}\RP636\A0214101.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6091 bytes

[peku006]

Hi kilwan
Looking good
Let's make sure we got everything

1 - Clean temp files

• Download and Run ATF Cleaner
  Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.
  
  Under Main choose:
  • Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.
  
  if you use Firefox:
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  
  if you use Opera:
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  
  
  Click Exit on the Main menu to close the program

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006

[kilwan]

Dear puke006

Sry for the slow reply, I had some to do. Anyway, here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20, on 2009-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\kilwan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6206 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 24, 2009 16:35:23
Records in database: 1699477
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: no
Scan mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
J:\

Scan statistics:
Files scanned: 117535
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:22:46


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system\svhost.exe.vir Infected: Trojan-Downloader.Win32.Agent.befs 1
E:\Games\Stalker Clear Sky\New Folder\No-DVD 1.503 + MiniImage\bin\protect.exe Infected: Packed.Win32.Black.a 1

The selected area was scanned.

[peku006]

Hi kilwan

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
E:\Games\Stalker Clear Sky\New Folder\No-DVD 1.503 + MiniImage\bin\protect.exe

After that.............

Congratulations, your log looks clean!

Now lets uninstall ComboFix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.


Happy safe surfing!

[kilwan]

Dear puke006

I got rid of that file, installed some extra protection and I'm ready to surf.

Thank you vary much for all the help. I hope I wont need your help any time soon. :P

Till then, goodbye.

Kilwan