Page 1 of 5 12345 LastLast
Results 1 to 10 of 46

Thread: Not really sure whats wrong

  1. #1
    Member
    Join Date
    Jan 2009
    Posts
    42

    Default Not really sure whats wrong

    Please help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:00:25 PM, on 3/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\alg.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\java.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
    O2 - BHO: (no name) - {062990B9-6E57-40D9-BE51-F0FCB2A190E0} - (no file)
    O2 - BHO: (no name) - {1C001BE6-F6F8-4DC0-8021-4BE1E67316DC} - (no file)
    O2 - BHO: (no name) - {1C428C8D-B7A6-4B4D-A43F-9D66D8442F23} - (no file)
    O2 - BHO: (no name) - {1EDC07F9-DC25-4630-99C1-CA11CFB0D26D} - (no file)
    O2 - BHO: (no name) - {2230D878-9489-4D30-8F67-663575F87E3B} - (no file)
    O2 - BHO: (no name) - {2838B912-1276-4D6E-8AC0-952F52E80EC4} - (no file)
    O2 - BHO: (no name) - {2B44BA60-C2B3-410E-9050-6B7EDD2C8EBB} - (no file)
    O2 - BHO: (no name) - {45DE8515-C8BE-42BE-A58A-D93A32BED1EB} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5737A3AA-BB3A-4502-ACED-AF39E324EC1D} - (no file)
    O2 - BHO: (no name) - {5CBD930F-D300-445C-B521-CB0F3C4AD889} - (no file)
    O2 - BHO: (no name) - {604F6BB4-546B-4BD6-B9B2-75CA292E5C47} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {784DB16F-F9A0-4360-AFA3-07359F24D9CA} - (no file)
    O2 - BHO: (no name) - {7BD77EEF-4AE5-4D36-A777-B2D6920293D7} - (no file)
    O2 - BHO: (no name) - {7FBAE3B9-98CC-4D02-B562-6EB45D154337} - (no file)
    O2 - BHO: (no name) - {812038b4-022b-413d-8650-1d082c449487} - C:\WINDOWS\system32\vivodiha.dll
    O2 - BHO: (no name) - {81706E4D-1CA2-4703-AC71-66E25A48791D} - (no file)
    O2 - BHO: (no name) - {838DB79F-6B2D-4726-AFEE-9774B15F04F6} - (no file)
    O2 - BHO: (no name) - {84CCBB3F-45A0-4D0A-8432-D9F8D7735B90} - (no file)
    O2 - BHO: (no name) - {9F04FCB5-6F23-4737-A4DC-BDA7AFD8B0FF} - (no file)
    O2 - BHO: (no name) - {A07B5C99-8B1C-4388-8BB6-6DEAEEA0B35E} - (no file)
    O2 - BHO: (no name) - {A4D4BACD-2EFE-465E-8FBD-09DCAF8EB2FE} - (no file)
    O2 - BHO: (no name) - {D083534D-4E28-402D-946E-FB8E87961884} - (no file)
    O2 - BHO: (no name) - {D69E913D-7A6C-43EB-B025-121C2A1538A6} - (no file)
    O2 - BHO: (no name) - {DCFD8053-1C75-427A-94B5-72593C16FA50} - (no file)
    O2 - BHO: (no name) - {EB179809-82BD-46A8-BA59-198CDEF3BA0D} - (no file)
    O2 - BHO: (no name) - {ED9A5EEC-BED5-4E54-A183-C87848F91CDA} - (no file)
    O2 - BHO: (no name) - {F3982346-B138-4D68-92DE-B722A24356F7} - (no file)
    O2 - BHO: (no name) - {FA7A0F3A-EE35-485E-906D-230588C6FB03} - (no file)
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Kzidohecewew] rundll32.exe "C:\WINDOWS\Brenamukohiyima.dll",e
    O4 - HKLM\..\Run: [Xjaniw] rundll32.exe "C:\WINDOWS\isoteqariwi.dll",e
    O4 - HKLM\..\Run: [58d27dcb] rundll32.exe "C:\WINDOWS\system32\bivayuye.dll",b
    O4 - HKLM\..\Run: [CPM5be14e57] Rundll32.exe "c:\windows\system32\lamukepa.dll",a
    O4 - HKLM\..\Run: [yalajahubo] Rundll32.exe "C:\WINDOWS\system32\kabumure.dll",s
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKUS\S-1-5-19\..\Run: [yalajahubo] Rundll32.exe "C:\WINDOWS\system32\kabumure.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\701a00761.dll"" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [yalajahubo] Rundll32.exe "C:\WINDOWS\system32\kabumure.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\701a00761.dll"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\701a00761.dll"" (User 'Default user')
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
    O4 - Startup: Xfire.lnk.disabled
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O20 - AppInit_DLLs: sqcwsy.dll xwlcic.dll gfmdrl.dll oazgdr.dll xomgpw.dll C:\WINDOWS\system32\raganapo.dll ucypga.dll c:\windows\system32\hilozepi.dll bjkcmg.dll vesawj.dll c:\windows\system32\lamukepa.dll
    O20 - Winlogon Notify: pmnLDtQK - C:\WINDOWS\
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lamukepa.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lamukepa.dll
    O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - c:\Program Files\Ares Ultra\chatServer.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9025 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi Jammen690

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member
    Join Date
    Jan 2009
    Posts
    42

    Default here it is

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11
    Age of Empires III - The Asian Dynasties
    Age of Empires III - The WarChiefs
    AGEIA PhysX v7.09.13
    AIM 6
    Aim Plugin for QQ Games
    ALZip
    Amorous Professor Cherry v1.0
    Ares Ultra 4.1.0
    Buccaneer: The Pursuit of Infamy Demo
    Call of Duty(R) 2
    Combat Arms
    DAEMON Tools Toolbar
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.07.00.8160
    EA Download Manager
    EAX(tm) Unified (SHELL)
    Fallout
    Fallout 3
    Fallout 3 - The Garden of Eden Creation Kit
    Fallout Mod Manager 0.9.10
    Fallout2
    Fantasy Grounds II
    FINAL FANTASY VIII
    FO2 Expansion Pack 1.2
    Francesco's leveled creatures-items mod 4.5b
    Freelancer
    Freelancer ScreenSaver
    GameSpy Arcade
    GameTap
    GTA San Andreas
    Half-Life
    Hellgate: London
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB938759)
    Hotfix for Windows XP (KB952287)
    InstallShield 11
    InterActual Player
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Jeaks Music v1.0
    Left 4 Dead Dedicated Server
    Left 4 Dead v1.0.0.5
    Linksys EasyLink Advisor
    Linksys EasyLink Advisor
    Linksys Updater
    LiveUpdate 1.80 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.6)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB925673)
    Neverwinter Nights 2
    NVIDIA Drivers
    Oblivion
    Oblivion - Construction Set
    Oblivion mod manager 1.1.11
    OpenOffice.org 3.0
    Pcsx2 0.9.4 Watermoose
    PowerISO
    QQ Games
    Realtek High Definition Audio Driver
    Red Alert Windows 95
    Rockstar Games Social Club
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960714)
    Sid Meier's Pirates!
    Spybot - Search & Destroy
    Steam
    Symantec AntiVirus Client
    System Requirements Lab
    The Last Remnant Demo
    Turning Point - Fall of Liberty
    UFO Extraterrestrials
    Unofficial Oblivion Patch v3.2.0
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Viewpoint Media Player
    VLC media player 0.9.2
    WebEx Support Manager for Internet Explorer
    WinAce Archiver
    Windows Communication Foundation
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Workflow Foundation
    WinRAR archiver
    Xfire (remove only)
    Yahoo! Messenger
    Yahoo! Toolbar
    Yin-Yang - X-Change Alternateive

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Ares Ultra 4.1.0

    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new uninstall list scan when finished and post the log back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Member
    Join Date
    Jan 2009
    Posts
    42

    Default Done

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11
    Age of Empires III - The Asian Dynasties
    Age of Empires III - The WarChiefs
    AGEIA PhysX v7.09.13
    AIM 6
    Aim Plugin for QQ Games
    ALZip
    Amorous Professor Cherry v1.0
    Buccaneer: The Pursuit of Infamy Demo
    Call of Duty(R) 2
    Combat Arms
    DAEMON Tools Toolbar
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DUNGEONS & DRAGONS ONLINE™: Stormreach™ v01.07.00.8160
    EA Download Manager
    EAX(tm) Unified (SHELL)
    Fallout
    Fallout 3
    Fallout 3 - The Garden of Eden Creation Kit
    Fallout Mod Manager 0.9.10
    Fallout2
    Fantasy Grounds II
    FINAL FANTASY VIII
    FO2 Expansion Pack 1.2
    Francesco's leveled creatures-items mod 4.5b
    Freelancer
    Freelancer ScreenSaver
    GameSpy Arcade
    GameTap
    GTA San Andreas
    Half-Life
    Hellgate: London
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB938759)
    Hotfix for Windows XP (KB952287)
    InstallShield 11
    InterActual Player
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Jeaks Music v1.0
    Left 4 Dead Dedicated Server
    Left 4 Dead v1.0.0.5
    Linksys EasyLink Advisor
    Linksys EasyLink Advisor
    Linksys Updater
    LiveUpdate 1.80 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.6)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB925673)
    Neverwinter Nights 2
    NVIDIA Drivers
    Oblivion
    Oblivion - Construction Set
    Oblivion mod manager 1.1.11
    OpenOffice.org 3.0
    Pcsx2 0.9.4 Watermoose
    PowerISO
    QQ Games
    Realtek High Definition Audio Driver
    Red Alert Windows 95
    Rockstar Games Social Club
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960714)
    Sid Meier's Pirates!
    Spybot - Search & Destroy
    Steam
    Symantec AntiVirus Client
    System Requirements Lab
    The Last Remnant Demo
    Turning Point - Fall of Liberty
    UFO Extraterrestrials
    Unofficial Oblivion Patch v3.2.0
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Viewpoint Media Player
    VLC media player 0.9.2
    WebEx Support Manager for Internet Explorer
    WinAce Archiver
    Windows Communication Foundation
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Workflow Foundation
    WinRAR archiver
    Xfire (remove only)
    Yahoo! Messenger
    Yahoo! Toolbar
    Yin-Yang - X-Change Alternateive

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Member
    Join Date
    Jan 2009
    Posts
    42

    Default here is the log

    How do i post the combo fix log. The fourms are telling me that it is to long.

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Then you can split it into multiple replies, please
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Member
    Join Date
    Jan 2009
    Posts
    42

    Default Part 1

    ComboFix 09-03-03.01 - Owner 2009-03-04 10:03:59.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1522 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\Install.txt
    c:\windows\sysguard.exe
    c:\windows\system32\4Iud7lXa.exe.a_a
    c:\windows\system32\afisicx.exe
    c:\windows\system32\binosino.dll
    c:\windows\system32\bjkcmg.dll
    c:\windows\system32\buvurosi.dll
    c:\windows\system32\comsa32.sys
    c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
    c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\701a00761.dll
    c:\windows\system32\ekitenuj.ini
    c:\windows\system32\eyuyavib.ini
    c:\windows\system32\gefeperu.dll
    c:\windows\system32\gfmdrl.dll
    c:\windows\system32\hatasefa.dll
    c:\windows\system32\iehelper.dll
    c:\windows\system32\ihiyeyem.ini
    c:\windows\system32\ikeropul.ini
    c:\windows\system32\init32.exe
    c:\windows\system32\Install.txt
    c:\windows\system32\jeziluku.dll
    c:\windows\system32\kabumure.dll
    c:\windows\system32\lamukepa.dll
    c:\windows\system32\loviheti.dll
    c:\windows\system32\luporeki.dll
    c:\windows\system32\mabidwe.exe
    c:\windows\system32\meyeyihi.dll
    c:\windows\system32\otvkkk.dll
    c:\windows\system32\ouvylh.dll
    c:\windows\system32\pabuzili.dll
    c:\windows\system32\pejolido.dll
    c:\windows\system32\phapyk.dll
    c:\windows\system32\ptoesb.dll
    c:\windows\system32\raganapo.dll
    c:\windows\system32\rimomuzo.dll
    c:\windows\system32\ruyupuno.dll
    c:\windows\system32\sssgbenf.dll
    c:\windows\system32\tebudati.dll
    c:\windows\system32\test.ttt
    c:\windows\system32\tiwowugi.dll
    c:\windows\system32\tmpxccacj1.exe
    c:\windows\system32\tpszxyd.sys
    c:\windows\system32\ucypga.dll
    c:\windows\system32\urepefeg.ini
    c:\windows\system32\uwajahok.ini
    c:\windows\system32\vesawj.dll
    c:\windows\system32\vivodiha.dll
    c:\windows\system32\win32hlp.cnf
    c:\windows\system32\winlogon2.exe
    c:\windows\system32\xcchit32.ini
    c:\windows\system32\zudotumo.dll
    c:\windows\xccwinsys.ini

    ----- BITS: Possible infected sites -----

    hxxp://autovideo.110mb.com
    hxxp://msxb-d1.vo.llnw.net:3074
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AFISICX
    -------\Legacy_DEFAULTLIB
    -------\Legacy_IAS
    -------\Legacy_MABIDWE
    -------\Legacy_SOFTYINFORWOW1
    -------\Service_afisicx
    -------\Service_defaultlib
    -------\Service_Ias
    -------\Service_mabidwe
    -------\Service_seneka
    -------\Service_softyinforwow1


    ((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
    .

    2009-03-01 17:16 . 2009-03-01 17:16 134,144 --a------ c:\windows\isoteqariwi.dll
    2009-03-01 14:44 . 2009-03-01 14:44 132,608 --a------ c:\windows\epejecuxiq.dll
    2009-03-01 14:32 . 2009-03-01 14:32 39,424 --a------ c:\windows\Brenamukohiyima.dll
    2009-03-01 13:47 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
    2009-03-01 13:45 . 2005-05-03 18:43 69,632 --a------ c:\windows\Alcmtr.exe
    2009-03-01 13:30 . 2009-03-01 13:30 <DIR> d--hs---- c:\windows\ftpcache
    2009-03-01 13:30 . 2009-03-01 13:30 287 --a------ c:\windows\game.ini
    2009-03-01 13:08 . 2009-03-01 13:08 <DIR> d-------- c:\program files\Activision
    2009-03-01 12:56 . 2009-03-01 12:56 0 --a------ C:\xf75.tmp
    2009-02-28 19:51 . 2009-02-28 19:51 <DIR> d---s---- c:\documents and settings\NetworkService\UserData
    2009-02-28 11:09 . 2009-02-28 11:09 32 --a------ c:\windows\system32\work.ini
    2009-02-28 11:08 . 2009-03-02 04:24 <DIR> d-------- c:\windows\system32\3361
    2009-02-28 11:08 . 2009-02-28 11:08 108,336 --a------ c:\windows\system32\MSWINSCK.OCX
    2009-02-28 11:08 . 2009-02-28 11:08 228 --a------ c:\windows\system32\hgset.ini
    2009-02-28 08:00 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
    2009-02-28 08:00 . 2009-02-28 08:00 77,824 --a------ c:\windows\system32\u82818720.dll
    2009-02-28 07:59 . 2009-02-28 23:28 <DIR> d-------- c:\windows\system32\inf
    2009-02-28 07:59 . 2009-02-28 07:59 155,175 --a------ c:\windows\system32\icv.exe
    2009-02-23 12:41 . 2009-02-23 12:41 <DIR> d-------- C:\My InstallShield 11 Projects
    2009-02-14 18:25 . 2009-02-18 12:06 1,104 --a------ c:\windows\mkuzttaw
    2009-02-14 18:07 . 2009-02-14 18:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-02-10 17:30 . 2009-02-10 17:30 0 --a------ C:\xfBA4.tmp
    2009-02-05 15:50 . 2009-02-05 15:50 42,320 --a------ c:\windows\system32\xfcodec.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-03 20:00 --------- d-----w c:\program files\Ares Ultra
    2009-03-02 20:11 --------- d-----w c:\program files\Steam
    2009-03-01 23:37 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
    2009-03-01 18:45 --------- d-----w c:\program files\Realtek
    2009-03-01 18:30 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-01 18:00 --------- d-s---w c:\program files\Xfire
    2009-03-01 04:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-02-18 19:10 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-18 19:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-10 23:06 --------- d-----w c:\documents and settings\Owner\Application Data\Xfire
    2009-02-01 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
    2009-01-29 20:07 --------- d-----w c:\program files\Electronic Arts
    2009-01-29 00:20 --------- d-----w c:\documents and settings\Owner\Application Data\Red Alert 3
    2009-01-28 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-01-28 03:16 --------- d-----w c:\program files\WESTWOOD
    2009-01-27 19:51 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
    2009-01-27 19:25 --------- d-----w c:\documents and settings\Owner\Application Data\Leadertech
    2009-01-27 19:15 --------- d-----w c:\program files\Firaxis Games
    2009-01-23 17:31 --------- d-----w c:\program files\Common Files\INCA Shared
    2009-01-23 06:51 --------- d-----w c:\program files\Microsoft Games
    2009-01-23 06:38 --------- d-----w c:\program files\Gpotato
    2009-01-22 03:04 --------- d-----w c:\program files\Deep Silver
    2009-01-21 00:10 --------- d-----w c:\program files\WebEx
    2009-01-20 02:13 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
    2009-01-20 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-13 02:48 --------- d-----w c:\documents and settings\Owner\Application Data\DNA
    2009-01-13 02:38 --------- d-----w c:\program files\DNA
    2009-01-12 17:32 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
    2009-01-12 17:32 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
    2009-01-10 21:01 --------- d-----w c:\program files\directx
    2009-01-10 20:59 --------- d-----w c:\program files\14 Degrees East
    2009-01-10 18:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DAEMON Tools
    2009-01-10 18:28 --------- d-----w c:\program files\GameSpy Arcade
    2009-01-08 09:27 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
    2008-12-16 03:14 52,736 ----a-w c:\windows\ipuninst.exe
    2008-10-31 00:05 18,022 ----a-w c:\documents and settings\Owner\Application Data\hutazowuca.bin
    2008-10-31 00:05 16,911 ----a-w c:\program files\Common Files\mifehifu.dl
    2008-10-31 00:05 15,747 ----a-w c:\program files\Common Files\xohipexizy.ban
    2008-10-31 00:05 15,343 ----a-w c:\documents and settings\All Users\Application Data\agezezalic.exe
    2008-10-31 00:05 14,472 ----a-w c:\documents and settings\All Users\Application Data\ihojuren.bat
    2008-10-31 00:05 13,162 ----a-w c:\documents and settings\Owner\Application Data\fyryq.bat
    2008-10-31 00:05 11,081 ----a-w c:\program files\Common Files\gived.bat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-19_17.14.53.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
    + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
    + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
    + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
    + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
    + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
    + 2008-10-16 11:34:08 3,067,904 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
    + 2008-10-16 01:04:06 1,499,136 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\shdocvw.dll
    + 2008-10-16 01:04:06 620,032 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\urlmon.dll
    + 2008-10-16 01:04:06 667,136 ----a-w c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958215\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958215\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958215\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB958215\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958215\update\updspapi.dll
    + 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
    + 2008-12-12 17:14:50 3,067,904 ----a-w c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB960714\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB960714\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB960714\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB960714\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB960714\update\updspapi.dll
    + 2008-04-14 12:00:00 599,040 -c----w c:\windows\$NtUninstallKB938759$\crypt32.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938759$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938759$\spuninst\updspapi.dll
    + 2008-04-14 12:00:00 176,640 -c----w c:\windows\$NtUninstallKB938759$\wintrust.dll
    + 2006-10-19 00:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
    + 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
    + 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
    + 2006-10-19 01:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
    + 2006-10-19 01:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
    + 2008-04-14 12:00:00 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
    + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
    + 2008-07-11 12:42:28 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
    + 2008-04-14 12:00:00 285,184 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
    + 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
    + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
    + 2008-08-20 05:30:51 1,499,136 -c----w c:\windows\$NtUninstallKB958215$\shdocvw.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958215$\spuninst\spuninst.exe
    + 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB958215$\spuninst\updspapi.dll
    + 2008-08-20 05:30:52 619,520 -c----w c:\windows\$NtUninstallKB958215$\urlmon.dll
    + 2008-08-20 05:30:51 666,112 -c----w c:\windows\$NtUninstallKB958215$\wininet.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
    + 2008-09-08 10:41:42 333,824 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
    + 2008-08-20 05:30:53 3,067,904 -c----w c:\windows\$NtUninstallKB960714$\mshtml.dll
    + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB960714$\spuninst\spuninst.exe
    + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB960714$\spuninst\updspapi.dll
    - 2006-05-04 08:26:36 2,808,832 ------r c:\windows\alcwzrd.exe
    + 2006-05-04 21:26:36 2,808,832 ----a-w c:\windows\alcwzrd.exe
    - 2009-01-12 17:30:20 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2009-02-01 18:30:32 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2009-01-12 17:30:20 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2009-02-01 18:30:32 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2009-01-12 17:30:21 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2009-02-01 18:30:32 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    - 2009-01-12 17:30:13 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:29 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:14 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:29 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:14 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:30 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:15 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:30 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:16 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:31 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:17 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:31 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:17 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:31 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:18 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:31 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:18 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:31 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:21 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2009-02-01 18:30:32 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2009-01-12 17:30:21 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2009-02-01 18:30:32 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2009-01-12 17:30:22 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2009-02-01 18:30:32 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2009-01-12 17:30:22 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2009-02-01 18:30:33 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    - 2009-01-12 17:30:23 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2009-02-01 18:30:33 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2009-01-12 17:30:19 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2009-02-01 18:30:32 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2008-11-26 01:39:10 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2009-02-01 18:28:08 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2008-11-26 01:39:16 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-02-01 18:28:14 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2008-11-26 01:39:16 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-02-01 18:28:14 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2008-11-26 01:39:17 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-02-01 18:28:15 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2008-11-26 01:39:14 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2009-02-01 18:28:12 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2008-11-26 01:39:06 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-02-01 18:28:05 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2008-11-26 01:39:06 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2009-02-01 18:28:05 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2008-11-26 01:39:20 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-02-01 18:28:18 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2008-11-26 01:39:12 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-02-01 18:28:10 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2008-11-26 01:39:09 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-02-01 18:28:07 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2008-11-26 01:39:06 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2009-02-01 18:28:04 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2008-11-26 01:39:07 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-02-01 18:28:05 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2008-11-26 01:39:15 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-02-01 18:28:13 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2008-11-26 01:39:15 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-02-01 18:28:13 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2008-11-26 01:39:16 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-02-01 18:28:13 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2008-11-26 01:39:08 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-02-01 18:28:06 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2008-11-26 01:39:08 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2009-02-01 18:28:06 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2008-11-26 01:39:08 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-02-01 18:28:07 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2008-11-26 01:39:09 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-02-01 18:28:07 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2008-11-26 01:39:08 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2009-02-01 18:28:06 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2008-11-26 01:39:22 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2009-02-01 18:28:19 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2008-11-26 01:39:21 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-02-01 18:28:19 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2008-11-26 01:39:04 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-02-01 18:28:04 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2008-11-26 01:39:21 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-02-01 18:28:19 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2008-11-26 01:39:22 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-02-01 18:28:19 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2008-11-26 01:39:05 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2009-02-01 18:28:04 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2008-11-26 01:39:05 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-02-01 18:28:04 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2008-11-26 01:39:05 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2009-02-01 18:28:04 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2008-11-26 01:39:19 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-02-01 18:28:17 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2008-11-26 01:39:10 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-02-01 18:28:09 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2008-11-26 01:39:19 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2009-02-01 18:28:17 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2008-11-26 01:39:17 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-02-01 18:28:16 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2008-11-26 01:39:07 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2009-02-01 18:28:05 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2008-11-26 01:39:14 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2009-02-01 18:28:12 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2008-11-26 01:39:11 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-02-01 18:28:09 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2008-11-26 01:39:10 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2009-02-01 18:28:09 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2008-11-26 01:39:11 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-02-01 18:28:09 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2008-11-26 01:39:20 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-02-01 18:28:17 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2008-11-26 01:39:18 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-02-01 18:28:16 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2008-11-26 01:39:20 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-02-01 18:28:18 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2008-11-26 01:39:18 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-02-01 18:28:16 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2008-11-26 01:39:18 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-02-01 18:28:16 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2008-11-26 01:39:09 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2009-02-01 18:28:07 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2008-11-26 01:39:11 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-02-01 18:28:09 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2008-11-26 01:39:21 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2009-02-01 18:28:19 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2008-11-26 01:39:12 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-02-01 18:28:10 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2008-11-26 01:39:13 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-02-01 18:28:10 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2008-11-26 01:39:13 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-02-01 18:28:10 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2008-11-26 01:39:13 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-02-01 18:28:11 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2008-11-26 01:39:19 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-02-01 18:28:17 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-01-27 19:21:38 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\ARPPRODUCTICON.exe
    + 2009-01-27 19:21:39 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\NewShortcut1_24667137707E4437B2FE1B10A3F55BE1.exe
    + 2009-01-27 19:21:38 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\NewShortcut2_24667137707E4437B2FE1B10A3F55BE1.exe
    + 2009-01-27 19:21:39 9,326 ----a-r c:\windows\Installer\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}\NewShortcut9_24667137707E4437B2FE1B10A3F55BE1.exe
    - 2008-12-31 05:46:59 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\ARPPRODUCTICON.exe
    + 2009-02-23 17:42:15 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\ARPPRODUCTICON.exe
    - 2008-12-31 05:46:59 61,440 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\CabViewerSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-02-23 17:42:15 61,440 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\CabViewerSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    - 2008-12-31 05:46:59 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\DevStudioSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-02-23 17:42:15 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\DevStudioSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    - 2008-12-31 05:46:59 25,214 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\DialogSampSkinSC_5FA509D28B404A4086866E1E2EB15DF9_1.exe
    + 2009-02-23 17:42:15 25,214 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\DialogSampSkinSC_5FA509D28B404A4086866E1E2EB15DF9_1.exe
    - 2008-12-31 05:46:59 25,214 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\DialogSampStdSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-02-23 17:42:15 25,214 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\DialogSampStdSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    - 2008-12-31 05:46:59 61,440 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\LogViewSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-02-23 17:42:15 61,440 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\LogViewSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    - 2008-12-31 05:46:59 45,056 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\MSIDiffSC_6128EB3A2EBE489183B7DFC8CCB45550.exe
    + 2009-02-23 17:42:15 45,056 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\MSIDiffSC_6128EB3A2EBE489183B7DFC8CCB45550.exe
    - 2008-12-31 05:46:59 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
    + 2009-02-23 17:42:15 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
    - 2008-12-31 05:46:59 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\VSIPSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-02-23 17:42:15 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\VSIPSC_5FA509D28B404A4086866E1E2EB15DF9.exe
    - 2008-12-31 05:46:59 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\VSIPSC11_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-02-23 17:42:15 65,536 ----a-r c:\windows\Installer\{773EA57A-F0EE-4683-A91F-6E90FEAC42F5}\VSIPSC11_5FA509D28B404A4086866E1E2EB15DF9.exe
    + 2009-03-01 18:30:05 14,366 ----a-r c:\windows\Installer\{D0A05794-48C2-4424-A15A-9F20FCFDD374}\ARPPRODUCTICON.exe

  10. #10
    Member
    Join Date
    Jan 2009
    Posts
    42

    Default part 2

    - 2006-10-11 09:42:58 2,157,568 ------r c:\windows\MicCal.exe
    + 2007-06-28 21:44:14 2,165,760 ----a-w c:\windows\MicCal.exe
    + 1996-11-06 19:11:52 69,632 ----a-w c:\windows\RAUNINST.EXE
    - 2007-04-10 07:28:44 16,126,464 ------r c:\windows\RTHDCPL.exe
    + 2008-03-26 21:14:12 16,859,136 ----a-w c:\windows\RTHDCPL.exe
    - 2007-03-23 11:19:10 9,715,200 ------r c:\windows\RTLCPL.exe
    + 2007-03-24 00:19:10 9,715,200 ----a-w c:\windows\RTLCPL.exe
    - 2007-01-12 08:54:44 520,192 ------r c:\windows\RtlExUpd.dll
    + 2008-03-05 23:07:48 520,192 ----a-w c:\windows\RtlExUpd.dll
    - 2007-01-16 02:39:36 1,191,936 ------r c:\windows\RtlUpd.exe
    + 2007-11-07 22:31:38 1,191,936 ----a-w c:\windows\RtlUpd.exe
    - 2007-04-04 09:22:46 1,822,720 ------r c:\windows\SkyTel.exe
    + 2007-11-20 23:15:58 1,826,816 ----a-w c:\windows\SkyTel.exe
    - 2006-07-21 08:14:36 86,016 ------r c:\windows\SoundMan.exe
    + 2006-07-21 21:14:36 86,016 ----a-w c:\windows\SoundMan.exe
    + 2008-04-14 12:00:00 20,992 ----a-w c:\windows\system32\6to4v32.dll
    + 2008-04-14 12:00:00 39,159 ----a-w c:\windows\system32\certstore.dat
    - 2006-08-01 07:02:32 49,152 ----a-r c:\windows\system32\ChCfg.exe
    + 2006-08-01 20:02:32 49,152 ----a-w c:\windows\system32\ChCfg.exe
    - 2009-01-14 23:22:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
    + 2009-01-27 19:38:47 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
    - 2008-11-14 20:00:43 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
    + 2009-03-03 01:23:01 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
    - 2009-01-19 19:15:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-03-03 23:03:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-19 19:15:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-03-03 23:03:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-02-28 14:22:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009022820090301\index.dat
    + 2009-03-04 14:05:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-04-14 12:00:00 599,040 ----a-w c:\windows\system32\crypt32.dll
    + 2008-11-13 14:18:34 599,552 ----a-w c:\windows\system32\crypt32.dll
    - 2008-04-14 12:00:00 599,040 -c--a-w c:\windows\system32\dllcache\crypt32.dll
    + 2008-11-13 14:18:34 599,552 -c--a-w c:\windows\system32\dllcache\crypt32.dll
    - 2008-04-14 04:15:16 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
    + 2008-04-14 05:15:16 60,160 -c--a-w c:\windows\system32\dllcache\drmk.sys
    - 2008-04-14 12:00:00 285,184 -c--a-w c:\windows\system32\dllcache\gdi32.dll
    + 2008-10-23 12:36:14 286,720 -c--a-w c:\windows\system32\dllcache\gdi32.dll
    - 2008-04-14 09:41:58 4,096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
    + 2002-12-12 05:14:32 4,096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
    - 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
    + 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
    - 2008-08-20 05:30:53 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll
    + 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll
    - 2008-04-14 04:49:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
    + 2008-04-14 05:49:42 146,048 -c--a-w c:\windows\system32\dllcache\portcls.sys
    - 2008-08-20 05:30:51 1,499,136 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
    + 2008-10-16 01:00:10 1,499,136 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
    - 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys
    + 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys
    - 2008-04-14 04:15:16 49,408 -c--a-w c:\windows\system32\dllcache\stream.sys
    + 2004-07-09 09:27:28 48,512 -c--a-w c:\windows\system32\dllcache\stream.sys
    - 2008-04-14 12:00:00 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
    + 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
    - 2008-08-20 05:30:52 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll
    + 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll
    - 2008-08-20 05:30:51 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll
    + 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll
    - 2008-04-14 12:00:00 176,640 -c--a-w c:\windows\system32\dllcache\wintrust.dll
    + 2008-11-13 14:18:34 177,664 -c--a-w c:\windows\system32\dllcache\wintrust.dll
    - 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
    + 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
    - 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
    + 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
    - 2008-04-14 04:15:16 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
    + 2008-04-14 05:15:16 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
    - 2008-04-14 04:49:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
    + 2008-04-14 05:49:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
    - 2007-04-10 11:04:40 4,397,568 ----a-r c:\windows\system32\drivers\RtkHDAud.sys
    + 2008-03-26 23:37:26 4,713,472 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
    - 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
    + 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    - 2008-04-14 04:15:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
    + 2004-07-09 09:27:28 48,512 ----a-w c:\windows\system32\drivers\stream.sys
    - 2008-12-26 21:36:10 114,968 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-03 19:04:51 114,968 ----a-w c:\windows\system32\FNTCACHE.DAT
    - 2008-04-14 12:00:00 285,184 ----a-w c:\windows\system32\gdi32.dll
    + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
    + 2008-04-14 12:00:00 20,992 ----a-w c:\windows\system32\Iasv32.dll
    - 2008-04-14 09:41:58 4,096 ----a-w c:\windows\system32\ksuser.dll
    + 2002-12-12 05:14:32 4,096 ----a-w c:\windows\system32\ksuser.dll
    - 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
    + 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
    - 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll
    + 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
    + 2008-04-14 12:00:00 86,528 ----a-w c:\windows\system32\msrstart.exe
    + 2005-01-04 18:43:08 4,682 ----a-w c:\windows\system32\npptNT2.sys
    + 2008-04-14 12:00:00 86,528 ----a-w c:\windows\system32\nxtepad.exe
    + 2008-04-14 12:00:00 2,304 ----a-w c:\windows\system32\pcistub.sys
    - 2009-01-19 22:05:16 70,240 ----a-w c:\windows\system32\perfc009.dat
    + 2009-03-04 15:06:17 55,530 ----a-w c:\windows\system32\perfc009.dat
    - 2009-01-19 22:05:16 436,668 ----a-w c:\windows\system32\perfh009.dat
    + 2009-03-04 15:06:17 393,528 ----a-w c:\windows\system32\perfh009.dat
    + 2006-05-04 08:26:36 2,808,832 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\ALCWZRD.EXE
    + 2008-04-14 04:15:16 60,160 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\drmk.sys
    + 2008-04-14 09:41:58 4,096 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
    + 2008-04-14 04:49:42 146,048 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\portcls.sys
    + 2008-04-14 04:15:16 49,408 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\stream.sys
    + 2008-04-14 09:42:46 23,552 ----a-w c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\wdmaud.drv
    + 2006-10-11 09:42:58 2,157,568 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\MicCal.exe
    + 2007-03-15 06:39:04 262,144 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTCOMDLL.dll
    + 2007-04-10 07:28:44 16,126,464 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTHDCPL.EXE
    + 2007-04-10 11:04:40 4,397,568 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RtkHDAud.sys
    + 2007-03-07 06:59:30 131,072 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTLCPAPI.dll
    + 2007-03-23 11:19:10 9,715,200 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RTLCPL.EXE
    + 2007-01-16 02:39:36 1,191,936 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\RtlUpd.exe
    + 2007-04-04 09:22:46 1,822,720 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\SkyTel.exe
    + 2006-07-21 08:14:36 86,016 ----a-r c:\windows\system32\ReinstallBackups\0003\DriverFiles\SOUNDMAN.EXE
    - 2007-03-15 06:39:04 262,144 ----a-r c:\windows\system32\RTCOM\RTCOMDLL.dll
    + 2008-03-26 19:04:16 266,240 ----a-w c:\windows\system32\RTCOM\RTCOMDLL.dll
    - 2007-03-07 06:59:30 131,072 ----a-r c:\windows\system32\RTCOM\RtlCPAPI.dll
    + 2008-03-26 23:50:50 131,072 ----a-w c:\windows\system32\RTCOM\RtlCPAPI.dll
    - 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
    + 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
    + 2008-04-14 12:00:00 48,128 ----a-w c:\windows\system32\sopidkc.exe
    + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
    - 2008-04-14 12:00:00 246,814 ----a-w c:\windows\system32\strmdll.dll
    + 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
    - 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
    + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
    + 2008-04-14 12:00:00 32,768 ----a-w c:\windows\system32\umtcdtw.sys
    - 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll
    + 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
    - 2008-08-20 05:30:51 666,112 ----a-w c:\windows\system32\wininet.dll
    + 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
    - 2008-04-14 12:00:00 176,640 ----a-w c:\windows\system32\wintrust.dll
    + 2008-11-13 14:18:34 177,664 ----a-w c:\windows\system32\wintrust.dll
    - 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
    + 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
    - 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
    + 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
    + 2008-10-16 01:00:11 619,520 ----a-w c:\windows\Temp\mta101577.dll
    + 1996-01-09 15:38:54 283,648 ----a-w c:\windows\uninst.exe
    - 2008-11-26 01:39:06 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-02-01 18:28:05 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2008-11-26 01:39:06 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-02-01 18:28:05 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [BU]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
    "Xjaniw"="c:\windows\isoteqariwi.dll" [2009-03-01 134144]
    "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    PowerReg Scheduler.exe [2008-12-10 256000]
    Sid Registration.lnk - D:\ATR1.exe [2004-07-20 4943872]
    Xfire.lnk.disabled [2008-12-26 650]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnLDtQK]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Steam"="c:\program files\Steam\Steam.exe" -silent
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe"
    "ares"=c:\program files\Ares Ultra\Ares Ultra.exe -h
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "58d27dcb"=rundll32.exe "c:\windows\system32\xndbnuga.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
    "c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
    "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
    "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
    "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\rockstar games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Xfire\\Xfire.exe"=
    "c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
    "c:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\VPC32.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\Left4Dead (PC) (ENG)(NON-STEAM) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\\Left4Dead\\Left4Dead\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\last remnant - demo sei\\Binaries\\TLRDemo.exe"=
    "c:\\WINDOWS\\RTHDCPL.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
    R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2008-04-14 48128]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-17 24652]
    S0 btpsiysj;btpsiysj;c:\windows\system32\drivers\vhijcmgy.sys --> c:\windows\system32\drivers\vhijcmgy.sys [?]
    S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys --> c:\program files\VMLaunch\BuddyVM.sys [?]
    S3 naecd;naecd;\??\c:\docume~1\Owner\LOCALS~1\Temp\naecd.sys --> c:\docume~1\Owner\LOCALS~1\Temp\naecd.sys [?]
    S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-12-03 27904]
    S3 pcistub;pcistub;c:\windows\system32\pcistub.sys [2008-04-14 2304]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-03-04 c:\windows\Tasks\At1.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At10.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At11.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At12.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At13.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At14.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At15.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At16.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-02 c:\windows\Tasks\At17.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-02 c:\windows\Tasks\At18.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At19.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At2.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At20.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At21.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At22.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At23.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At24.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At25.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At26.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At27.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At28.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At29.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At3.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At30.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At31.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At32.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At33.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At34.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At35.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-03 c:\windows\Tasks\At36.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-03 c:\windows\Tasks\At37.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-03 c:\windows\Tasks\At38.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-03 c:\windows\Tasks\At39.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At4.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-03 c:\windows\Tasks\At40.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-02 c:\windows\Tasks\At41.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-02 c:\windows\Tasks\At42.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-03 c:\windows\Tasks\At43.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At44.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At45.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At46.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At47.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At48.job
    - c:\windows\system32\4Iud7lXa.exe []

    2009-03-04 c:\windows\Tasks\At5.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At6.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At7.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At8.job
    - c:\windows\system32\5gl14uSk.exe []

    2009-03-04 c:\windows\Tasks\At9.job
    - c:\windows\system32\5gl14uSk.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{062990B9-6E57-40D9-BE51-F0FCB2A190E0} - (no file)
    BHO-{1C001BE6-F6F8-4DC0-8021-4BE1E67316DC} - (no file)
    BHO-{1C428C8D-B7A6-4B4D-A43F-9D66D8442F23} - (no file)
    BHO-{1EDC07F9-DC25-4630-99C1-CA11CFB0D26D} - (no file)
    BHO-{2230D878-9489-4D30-8F67-663575F87E3B} - (no file)
    BHO-{2838B912-1276-4D6E-8AC0-952F52E80EC4} - (no file)
    BHO-{2B44BA60-C2B3-410E-9050-6B7EDD2C8EBB} - (no file)
    BHO-{45DE8515-C8BE-42BE-A58A-D93A32BED1EB} - (no file)
    BHO-{5737A3AA-BB3A-4502-ACED-AF39E324EC1D} - (no file)
    BHO-{5CBD930F-D300-445C-B521-CB0F3C4AD889} - (no file)
    BHO-{604F6BB4-546B-4BD6-B9B2-75CA292E5C47} - (no file)
    BHO-{784DB16F-F9A0-4360-AFA3-07359F24D9CA} - (no file)
    BHO-{7BD77EEF-4AE5-4D36-A777-B2D6920293D7} - (no file)
    BHO-{7FBAE3B9-98CC-4D02-B562-6EB45D154337} - (no file)
    BHO-{812038b4-022b-413d-8650-1d082c449487} - c:\windows\system32\vivodiha.dll
    BHO-{81706E4D-1CA2-4703-AC71-66E25A48791D} - (no file)
    BHO-{838DB79F-6B2D-4726-AFEE-9774B15F04F6} - (no file)
    BHO-{84CCBB3F-45A0-4D0A-8432-D9F8D7735B90} - (no file)
    BHO-{9F04FCB5-6F23-4737-A4DC-BDA7AFD8B0FF} - (no file)
    BHO-{A07B5C99-8B1C-4388-8BB6-6DEAEEA0B35E} - (no file)
    BHO-{A4D4BACD-2EFE-465E-8FBD-09DCAF8EB2FE} - (no file)
    BHO-{D083534D-4E28-402D-946E-FB8E87961884} - (no file)
    BHO-{D69E913D-7A6C-43EB-B025-121C2A1538A6} - (no file)
    BHO-{DCFD8053-1C75-427A-94B5-72593C16FA50} - (no file)
    BHO-{EB179809-82BD-46A8-BA59-198CDEF3BA0D} - (no file)
    BHO-{ED9A5EEC-BED5-4E54-A183-C87848F91CDA} - (no file)
    BHO-{F3982346-B138-4D68-92DE-B722A24356F7} - (no file)
    BHO-{FA7A0F3A-EE35-485E-906D-230588C6FB03} - (no file)
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ed8gp943.default\
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    .
    .
    ------- File Associations -------
    .
    txtfile="c:\windows\system32\nxtepad.exe" "%1"
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-04 10:09:00
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-725345543-1202660629-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:b6,0b,b1,bb,5a,16,31,e9,3a,3b,04,0e,45,79,bf,34,92,1b,70,8d,a1,fd,9d,
    06,b0,0b,01,1a,8c,86,1b,6b,8c,ce,56,7f,50,41,ff,97,fd,f3,76,8a,b5,e4,a4,cb,\
    "??"=hex:f2,82,ba,8a,20,01,60,69,4c,5c,f6,f8,f5,a4,95,f5

    [HKEY_USERS\S-1-5-21-725345543-1202660629-1801674531-1003\Software\SecuROM\License information*]
    "datasecu"=hex:15,2f,98,38,0f,35,7f,db,b9,91,15,77,56,7c,b3,94,54,11,f8,ce,8c,
    86,5a,6f,74,d9,ac,bd,87,55,d3,0c,68,d3,5a,8e,a6,fb,1c,52,72,94,e2,2c,a4,0f,\
    "rkeysecu"=hex:f9,a2,0a,9c,b9,55,56,c5,55,7e,25,b5,a7,5e,46,53
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\rundll32.exe
    c:\windows\system32\dumprep.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    c:\windows\system32\java.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2009-03-04 10:14:37 - machine was rebooted [Owner]
    ComboFix-quarantined-files.txt 2009-03-04 15:14:34
    ComboFix2.txt 2009-01-19 22:15:30

    Pre-Run: 96,833,077,248 bytes free
    Post-Run: 96,970,477,568 bytes free

    812 --- E O F --- 2009-01-20 08:02:27

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •