Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspected continued infection [CLOSED]

Started by bstadts , May 21 2008 11:59 PM

This topic is locked

#1
bstadts

Posted 21 May 2008 - 11:59 PM

New Member

Member
5 posts

I recently suffered a viral attack on my computer and successfully eliminated it, or so I thought. The problem Im having now is that im still receiving redirects to "Anit-spyware" websites. I know enough to just close these and not click on anything. I am also unable to activate my automatic updates. I have attempted to do this in the services system and security center panes but it will just be reset back to disable a few seconds later. All in all im still convinced there is some virus that Kaspersky and Mcafee are not detecting. I just downloaded HijackThis, Icesword, and SDfix in an effort to remove this (these) virus(es). Below i have posted my HJT log in the host that someone can tell me is something is out of place. I do have my suspicions about a few items but am reluctant to delete these entries.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:28 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [8825a746] rundll32.exe "C:\WINDOWS\system32\usvgnicd.dll",b
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1181071085625
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4252 bytes
Any help you guys could give me would be greatly appreciated.

#2
sage5

Posted 22 May 2008 - 12:35 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi bstadts,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

You have more than 1 anti-virus application running on your PC. McAfee & Kaspersky
These will be conflicting and causing problems.
Please choose 1 to keep and uninstall the other, using the Add/Remove Programs page in the Control Panel.

Please download the following & save to your Desktop:
SmitfraudFix (by S!Ri)
Deckard's System Scanner

Start the Smitfraud scan:

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear, which lists infected files (if present). It is saved as C:\rapport.txt
Please copy/paste the content of that file into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Run Deckard's System Scanner:

Close all other windows before proceeding.
Double click on the dss.exe file on your Desktop and follow the prompts.
Scans will run, and 2 text files will open in Notepad.
Close both of the text files.

These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of

main.txt
extra.txt
C:\rapport.txt

in your next reply.

Cheers,

sage5

#3
bstadts

Posted 22 May 2008 - 03:02 AM

New Member

Topic Starter
Member
5 posts

Here are the logs you requested

rapport.txt

SmitFraudFix v2.320

Scan done at 3:47:08.35, Thu 05/22/2008
Run from C:\Documents and Settings\Brent\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brent

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Brent\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Brent\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: U.S. Robotics 802.11g Wireless Turbo Adapter - Packet Scheduler Miniport
DNS Server Search Order: 24.93.41.127
DNS Server Search Order: 24.93.41.128

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E95A622-2E27-4BF9-A0E8-9AC864B511A2}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E12C8874-CEFF-4EC4-BF45-1A19DE6AAA27}: DhcpNameServer=24.93.41.127 24.93.41.128
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E95A622-2E27-4BF9-A0E8-9AC864B511A2}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E12C8874-CEFF-4EC4-BF45-1A19DE6AAA27}: DhcpNameServer=24.93.41.127 24.93.41.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6E95A622-2E27-4BF9-A0E8-9AC864B511A2}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E12C8874-CEFF-4EC4-BF45-1A19DE6AAA27}: DhcpNameServer=24.93.41.127 24.93.41.128
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.127 24.93.41.128
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.127 24.93.41.128
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.127 24.93.41.128

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Main.txt

Deckard's System Scanner v20071014.68
Run by Brent on 2008-05-22 03:55:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --
3: 2008-05-22 08:55:20 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-05-22 08:25:38 UTC - RP2 - Removed Kaspersky Anti-Virus 7.0.
1: 2008-05-19 21:34:40 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Brent.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:59 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\Brent\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E529F87-2B52-438C-9E7C-7D0A0DD910BA} - C:\WINDOWS\system32\xxyvsrRh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BC330827-E3FC-44BB-AE36-9595D59BD044} - C:\WINDOWS\system32\ssqoNecd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [8825a746] rundll32.exe "C:\WINDOWS\system32\usvgnicd.dll",b
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1181071085625
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O20 - Winlogon Notify: xxyvsrRh - C:\WINDOWS\SYSTEM32\xxyvsrRh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 5166 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080519-145544-129 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20080519-145544-222 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080519-145544-283 O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Brent\OctoshapeClient.exe" -inv:bootrun
backup-20080519-145544-825 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080519-145809-461 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080519-145809-695 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
backup-20080519-145809-849 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080519-145810-346 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080519-145810-716 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 USR11G (U.S. Robotics 802.11g Wireless Turbo Adapter) - c:\windows\system32\drivers\usr11g.sys <Not Verified; U.S. Robotics; U.S. Robotics 802.11g Wireless Turbo Adapter>
R4 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
R4 klif - c:\windows\system32\drivers\klif.sys (file missing)

S0 biN17 - c:\windows\system32\drivers\bin17.sys (file missing)
S0 ipV28 - c:\windows\system32\drivers\ipv28.sys (file missing)
S0 jpV62 - c:\windows\system32\drivers\jpv62.sys (file missing)
S0 jpV73 - c:\windows\system32\drivers\jpv73.sys (file missing)
S0 msY73 - c:\windows\system32\drivers\msy73.sys (file missing)
S0 msY74 - c:\windows\system32\drivers\msy74.sys (file missing)
S0 Tag28 - c:\windows\system32\drivers\tag28.sys (file missing)
S0 ubH38 - c:\windows\system32\drivers\ubh38.sys (file missing)
S3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
S3 catchme - c:\docume~1\brent\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-15 01:29:05 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-04-01 01:00:19 352 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-07 17:45:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-22 03:50:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-22 03:50:44 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-22 03:50:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 03:50:43 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-22 03:50:43 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-22 03:50:43 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-22 03:50:43 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-22 03:50:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 03:47:26 2442 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-22 03:28:06 0 d-------- C:\WINDOWS\LastGood
2008-05-22 00:14:00 90112 --a------ C:\WINDOWS\system32\usvgnicd.dll
2008-05-21 07:22:28 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
2008-05-20 18:17:44 91264 -----n--- C:\WINDOWS\system32\gsonxepw.dll
2008-05-19 16:38:35 0 d-------- C:\WINDOWS\ERUNT
2008-05-19 14:28:06 0 d-------- C:\Program Files\Trend Micro
2008-05-18 15:41:33 262144 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-17 19:39:31 0 d-------- C:\WINDOWS\pss
2008-05-17 17:55:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-17 15:45:08 1325523 ---hs---- C:\WINDOWS\system32\wbulnmvk.ini2
2008-05-17 15:43:28 0 --a------ C:\WINDOWS\system32\kvmnlubw.dll
2008-05-16 18:08:13 0 d-------- C:\WINDOWS\srchasst
2008-05-16 18:03:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-16 18:02:40 0 d-------- C:\WINDOWS\Mozilla
2008-05-16 18:02:40 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-05-16 18:02:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-16 16:44:16 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-16 16:44:10 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-16 16:44:09 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-05-16 16:44:09 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-16 16:43:55 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-16 16:43:54 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-05-16 15:07:34 0 --a------ C:\WINDOWS\system32\lmjgllwm.dll
2008-05-16 14:32:36 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-16 11:59:02 0 d-------- C:\Program Files\Sun
2008-05-15 22:41:47 0 d-------- C:\Documents and Settings\Brent\Application Data\McAfee
2008-05-15 21:57:41 0 d-------- C:\Documents and Settings\Brent\Application Data\TmpRecentIcons
2008-05-15 14:00:47 830865 --ahs---- C:\WINDOWS\system32\dceNoqss.ini2
2008-05-15 13:58:45 318336 --a------ C:\WINDOWS\system32\ssqoNecd.dll
2008-05-15 13:53:37 29312 --a------ C:\WINDOWS\system32\xxyvsrRh.dll
2008-05-08 06:29:46 0 d-------- C:\Program Files\MSECache

-- Find3M Report ---------------------------------------------------------------

2008-05-22 03:56:16 0 d-------- C:\Documents and Settings\Brent\Application Data\BitTorrent
2008-05-22 03:53:24 0 d-------- C:\Documents and Settings\Brent\Application Data\DNA
2008-05-16 12:35:26 0 d-------- C:\Program Files\Common Files
2008-05-16 11:58:34 0 d-------- C:\Program Files\Java
2008-05-16 10:40:13 0 d-------- C:\Program Files\McAfee
2008-05-13 16:33:55 0 d-------- C:\Program Files\World of Warcraft
2008-04-21 02:00:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 16:26:19 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}]
05/15/2008 01:53 PM 29312 --a------ C:\WINDOWS\system32\xxyvsrRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC330827-E3FC-44BB-AE36-9595D59BD044}]
05/15/2008 02:00 PM 318336 --a------ C:\WINDOWS\system32\ssqoNecd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"8825a746"="C:\WINDOWS\system32\usvgnicd.dll" [05/22/2008 12:14 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 08:47 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 10:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [10/18/2005 10:11:36 AM]
U.S. Robotics 802.11g Wireless Network Utility.lnk - C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe [4/26/2007 10:40:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}"= C:\WINDOWS\system32\xxyvsrRh.dll [05/15/2008 01:53 PM 29312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsrRh]
xxyvsrRh.dll 05/15/2008 01:53 PM 29312 C:\WINDOWS\system32\xxyvsrRh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqoNecd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\biN17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipV28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tag28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalWarrior]
"C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-05-22 03:58:03 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4600+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4600+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1022.42 MiB / 580.22 MiB
Pagefile Memory (total/avail): 2461.14 MiB / 2025.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.28 GiB total, 13.96 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - C:

\\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - Repair"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\WINDOWS\\system32\\freecell.exe"="C:\\WINDOWS\\system32\\freecell.exe:*:Disabled:FreeCell"
"C:\\WINDOWS\\system32\\mshearts.exe"="C:\\WINDOWS\\system32\\mshearts.exe:*:Disabled:Hearts"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Disabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat:*:Disabled:The Battle for Middle-earth™ II"
"C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"="C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat:*:Disabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Brent\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STADTS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brent
LOGONSERVER=\\STADTS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Brent\LOCALS~1\Temp
TMP=C:\DOCUME~1\Brent\LOCALS~1\Temp
USERDOMAIN=STADTS
USERNAME=Brent
USERPROFILE=C:\Documents and Settings\Brent
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Brent (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{45820070-9BE5-4785-B770-A50F5240250B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.06.25 --> MsiExec.exe /X{45820070-9BE5-4785-B770-A50F5240250B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Birth of the Federation --> C:\WINDOWS\IsUninst.exe -fC:\botf\Uninst.isu
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
U.S. Robotics 802.11g Wireless Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D493787-367F-4841-B39A-7E26A6A7C1AA}\Setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (4)\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type3788 / Error
Event Submitted/Written: 05/21/2008 05:59:16 AM
Event ID/Source: 455 / ESENT
Event Description:
Catalog Database (1900) Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\CatRoot2\edb.log.

Event Record #/Type3787 / Error
Event Submitted/Written: 05/21/2008 05:59:16 AM
Event ID/Source: 489 / ESENT
Event Description:
svchost (1900) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3786 / Error
Event Submitted/Written: 05/21/2008 05:59:13 AM
Event ID/Source: 455 / ESENT
Event Description:
Catalog Database (1900) Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\CatRoot2\edb.log.

Event Record #/Type3785 / Error
Event Submitted/Written: 05/21/2008 05:59:13 AM
Event ID/Source: 489 / ESENT
Event Description:
svchost (1900) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3784 / Error
Event Submitted/Written: 05/21/2008 05:59:05 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2088 (0x828)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\CatRoot2\edb.log
by C:\WINDOWS\System32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type25426 / Error
Event Submitted/Written: 05/22/2008 03:44:25 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25425 / Error
Event Submitted/Written: 05/22/2008 03:43:46 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25424 / Warning
Event Submitted/Written: 05/22/2008 03:42:49 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type25420 / Error
Event Submitted/Written: 05/22/2008 03:23:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type25419 / Warning
Event Submitted/Written: 05/22/2008 03:15:30 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-05-22 03:58:03 ------------

#4
sage5

Posted 22 May 2008 - 06:23 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi bstadts,

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5
bstadts

Posted 22 May 2008 - 07:02 AM

New Member

Topic Starter
Member
5 posts

Combofix.txt

ComboFix 08-05-21.2 - Brent 2008-05-22 7:35:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.613 [GMT -5:00]
Running from: C:\Documents and Settings\Brent\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dceNoqss.ini
C:\WINDOWS\system32\dceNoqss.ini2
C:\WINDOWS\system32\dcingvsu.ini
C:\WINDOWS\system32\ditospds.ini
C:\WINDOWS\system32\keaisurd.ini
C:\WINDOWS\system32\mwllgjml.ini
C:\WINDOWS\system32\quqymdxs.ini
C:\WINDOWS\system32\ssqoNecd.dll
C:\WINDOWS\system32\wbulnmvk.ini2
C:\WINDOWS\system32\wbulnmvk.tmp
C:\WINDOWS\system32\wojmitcb.ini
C:\WINDOWS\system32\wpexnosg.ini
.
---- Previous Run -------
.
C:\Program Files\outlook
C:\WINDOWS\cookies.ini
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDHCPSVC

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 07:21 . 2008-05-22 07:32 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-22 07:16 . 2008-05-22 07:16 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\DAEMON Tools
2008-05-22 07:16 . 2008-05-22 07:16 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-22 03:54 . 2008-05-22 03:54 <DIR> d-------- C:\Deckard
2008-05-22 03:50 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-22 03:50 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-22 03:50 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-22 03:50 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-22 03:50 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-22 03:50 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-22 03:50 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 03:50 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 03:47 . 2008-05-22 03:47 2,442 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-22 00:14 . 2008-05-22 00:14 90,112 --a------ C:\WINDOWS\system32\usvgnicd.dll
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-19 14:28 . 2008-05-19 14:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 21:27 . 2008-05-22 07:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 21:27 . 2008-05-17 21:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 18:09 . 2008-05-16 18:09 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-05-16 18:08 . 2008-05-16 18:08 <DIR> d-------- C:\WINDOWS\srchasst
2008-05-16 18:02 . 2008-05-16 18:02 <DIR> d-------- C:\WINDOWS\Mozilla
2008-05-16 16:46 . 2008-05-16 16:46 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS
2008-05-16 16:43 . 2008-05-16 18:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-16 14:32 . 2008-05-16 18:41 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-16 14:00 . 2008-05-16 14:19 250 --a------ C:\WINDOWS\gmer.ini
2008-05-16 11:59 . 2008-05-16 11:59 <DIR> d-------- C:\Program Files\Sun
2008-05-15 22:41 . 2008-05-15 22:41 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\McAfee
2008-05-15 21:57 . 2008-05-16 10:41 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\TmpRecentIcons
2008-05-15 13:53 . 2008-05-15 13:53 29,312 --a------ C:\WINDOWS\system32\xxyvsrRh.dll
2008-05-08 06:29 . 2008-05-08 06:29 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 12:44 --------- d-----w C:\Documents and Settings\Brent\Application Data\DNA
2008-05-22 12:29 --------- d-----w C:\Documents and Settings\Brent\Application Data\BitTorrent
2008-05-16 16:58 --------- d-----w C:\Program Files\Java
2008-05-16 15:40 --------- d-----w C:\Program Files\McAfee
2008-05-16 03:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-05-13 21:33 --------- d-----w C:\Program Files\World of Warcraft
2008-04-21 07:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 21:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}]
2008-05-15 13:53 29312 --a------ C:\WINDOWS\system32\xxyvsrRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F65E31A-A74A-4AC5-B0A6-EC6FC908EA1C}]
2008-05-22 07:52 318336 --a------ C:\WINDOWS\system32\mlJBqPfG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 22:06 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 04:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"8825a746"="C:\WINDOWS\system32\mviehcuw.dll" [2008-05-22 07:54 90624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-18 10:11:36 184320]
U.S. Robotics 802.11g Wireless Network Utility.lnk - C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe [2007-04-26 10:40:37 290816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}"= C:\WINDOWS\system32\xxyvsrRh.dll [2008-05-15 13:53 29312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsrRh]
xxyvsrRh.dll 2008-05-15 13:53 29312 C:\WINDOWS\system32\xxyvsrRh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mlJBqPfG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\biN17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipV28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msY74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tag28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-10 19:02 67184 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalWarrior]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-03 22:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\WINDOWS\\system32\\freecell.exe"=
"C:\\WINDOWS\\system32\\mshearts.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S0 biN17;biN17;C:\WINDOWS\system32\Drivers\biN17.sys []
S0 ipV28;ipV28;C:\WINDOWS\system32\Drivers\ipV28.sys []
S0 jpV62;jpV62;C:\WINDOWS\system32\Drivers\jpV62.sys []
S0 jpV73;jpV73;C:\WINDOWS\system32\Drivers\jpV73.sys []
S0 msY73;msY73;C:\WINDOWS\system32\Drivers\msY73.sys []
S0 msY74;msY74;C:\WINDOWS\system32\Drivers\msY74.sys []
S0 Tag28;Tag28;C:\WINDOWS\system32\Drivers\Tag28.sys []
S0 ubH38;ubH38;C:\WINDOWS\system32\Drivers\ubH38.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 22:45:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 06:29:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 06:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 07:47:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xxyvsrRh.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mviehcuw.dll
-> C:\WINDOWS\system32\mlJBqPfG.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-05-22 7:57:18 - machine was rebooted [Brent]
ComboFix-quarantined-files.txt 2008-05-22 12:57:08

Pre-Run: 14,197,260,288 bytes free
Post-Run: 15,333,740,544 bytes free

225

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:11 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [8825a746] rundll32.exe "C:\WINDOWS\system32\mviehcuw.dll",b
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1181071085625
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 4759 bytes

#6
sage5

Posted 22 May 2008 - 07:33 AM

RIP 10/2009

Retired Staff
2,646 posts

Hi bstadts,

I see you have BitTorrent installed on your system.
While the program itself is legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling BitTorrent as outlined below.

Run HijackThis.

Click the Do a system scan only button.
Check the boxes for the all the entries listed below:

O4 - HKLM\..\Run: [8825a746] rundll32.exe "C:\WINDOWS\system32\usvgnicd.dll",b\
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

Now close all windows other than HijackThis and click Fix Checked.
Close HijackThis.

Remove folders & files:

Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
BitTorrent
J2SE Runtime Environment 5.0 Update 3
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Please take note of any other programs that you don't recognise in that list, and include them in your next response

Create a CombFix Script:

Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\usvgnicd.dll
C:\WINDOWS\system32\gsonxepw.dll
:\WINDOWS\system32\ikhcore.cfg
C:\WINDOWS\system32\xxyvsrRh.dll
C:\WINDOWS\system32\mlJBqPfG.dll
C:\WINDOWS\system32\mviehcuw.dll
C:\WINDOWS\system32\WinCtrl32.dll

Folder::
C:\Documents and Settings\Brent\Application Data\BitTorrent

Driver::
kl1
klif
biN17
ipV28
jpV62
jpV73
msY73
msY74
ag28
ubH38

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F65E31A-A74A-4AC5-B0A6-EC6FC908EA1C}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4F65E31A-A74A-4AC5-B0A6-EC6FC908EA1C}]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=-
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"C:\\Program Files\\DNA\\btdna.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsrRh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2E529F87-2B52-438C-9E7C-7D0A0DD910BA}"=-

Save the above as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt
A new HijackThis log.

#7
bstadts

Posted 26 May 2008 - 10:23 AM

New Member

Topic Starter
Member
5 posts

Sorry for the delayed reply, but is it absolutely necessary to remove Bit torrent?

#8
sage5

Posted 27 May 2008 - 07:49 AM

RIP 10/2009

Retired Staff
2,646 posts

The whole use of P2P (Peer to Peer) programs, likeBitTorrent, is risky for a number of reasons:
I will just deal with the security issues, without opening the ethical/copyright can of worms.

a) Most of these apps require some form of port forwarding. This involves forcing router ports to be open to the internet, reducing the security of your hardware/software firewall.

b) You have no way of knowing that what you are downloading is infected/compromised.

c) You also have no way of knowing what potentially harmful malware is running on the PCs you are connected to.

d) Many of the P2P & crack/keygen sites are responsible for "drive-by" infections, which then load other malware onto your PC later.

d) Many of the cracks & keygens, provided in the torrents, are infected with Trojans, which then load other malware onto your PC later.

Ultimately it is your call.

#9
bstadts

Posted 04 June 2008 - 01:20 PM

New Member

Topic Starter
Member
5 posts

I recently upgraded my graphics card so i think this will be quite lenghty
ComboFix 08-06-03.4 - Brent 2008-06-04 13:53:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.629 [GMT -5:00]
Running from: C:\Documents and Settings\Brent\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brent\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brent\Application Data\BitTorrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\300.AVI.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\300[2007]DvDrip[Eng]-aXXo.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\Alien.Vs.Predator-Requiem[2007][Unrated.Edition]DvDrip[Eng]-aXXo.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\American.Gangster.DVD.SCREENER.XViD-PUKKA.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\AvP2.1.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\AvP2.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\bittorrent.lng
C:\Documents and Settings\Brent\Application Data\BitTorrent\dht.dat
C:\Documents and Settings\Brent\Application Data\BitTorrent\Heroes.of.Might.and.Magic.V WITH NoDVD Crack.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\Resident.Evil.Extinction.2007.English.TS.DivX-LTT.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\resume.dat
C:\Documents and Settings\Brent\Application Data\BitTorrent\resume.dat.old
C:\Documents and Settings\Brent\Application Data\BitTorrent\rss.dat
C:\Documents and Settings\Brent\Application Data\BitTorrent\settings.dat
C:\Documents and Settings\Brent\Application Data\BitTorrent\settings.dat.old
C:\Documents and Settings\Brent\Application Data\BitTorrent\warner-bros-_harrypotter_500.mov.torrent
C:\Documents and Settings\Brent\Application Data\BitTorrent\warner-bros-_iamlegend_1000.mov.torrent
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eesrrgbu.ini
C:\WINDOWS\system32\fucrytfx.ini
C:\WINDOWS\system32\GfPqBJlm.ini
C:\WINDOWS\system32\GfPqBJlm.ini2
C:\WINDOWS\system32\gnwmdtgg.ini
C:\WINDOWS\system32\kgvphnhd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBqPfG.dll
C:\WINDOWS\system32\nfguvkqh.ini
C:\WINDOWS\system32\oktdlkdh.ini
C:\WINDOWS\system32\pxnlrflb.ini
C:\WINDOWS\system32\uootvgso.ini
C:\WINDOWS\system32\uwscdocl.ini
C:\WINDOWS\system32\vbawfhxh.ini
C:\WINDOWS\system32\wucheivm.ini
C:\WINDOWS\system32\xqqpcxwv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BIN17
-------\Legacy_IPV28
-------\Legacy_JPV62
-------\Legacy_JPV73
-------\Legacy_KL1
-------\Legacy_KLIF
-------\Legacy_MSY73
-------\Legacy_MSY74
-------\Legacy_UBH38
-------\Service_biN17
-------\Service_ipV28
-------\Service_jpV62
-------\Service_jpV73
-------\Service_msY73
-------\Service_msY74
-------\Service_ubH38

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 11:58 . 2008-06-04 11:58 95,232 --a------ C:\WINDOWS\system32\lcodcswu.dll
2008-06-03 22:35 . 2008-06-03 22:43 <DIR> d-------- C:\Program Files\RivaTuner v2.09
2008-06-03 16:45 . 2008-06-03 16:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
2008-06-03 16:43 . 2008-06-03 16:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-03 16:15 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-02 20:45 . 2008-06-02 20:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-06-02 20:14 . 2008-06-02 20:14 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-02 20:13 . 2008-06-02 20:15 <DIR> d-------- C:\Program Files\CCleaner
2008-06-02 19:59 . 2008-05-22 08:12 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-02 19:59 . 2008-05-22 08:12 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-02 19:59 . 2008-05-28 06:22 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-02 19:59 . 2008-05-22 08:12 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-02 19:59 . 2008-05-28 06:22 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-02 19:59 . 2008-05-28 06:21 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-02 19:59 . 2008-05-28 06:21 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-02 19:58 . 2008-06-02 19:58 <DIR> d-------- C:\WINDOWS\Logs
2008-06-02 19:01 . 2008-06-02 19:01 <DIR> d-------- C:\Program Files\My Company Name
2008-06-02 14:59 . 2008-06-02 14:59 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\ATI
2008-06-02 14:30 . 2008-06-02 14:30 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-06-02 14:20 . 2006-12-27 23:44 84,992 --a------ C:\WINDOWS\system32\drivers\AtiHdAud.sys
2008-05-25 06:00 . 2008-05-25 06:00 <DIR> d-------- C:\WINDOWS\Sun
2008-05-25 06:00 . 2008-05-25 06:00 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-25 06:00 . 2008-05-25 06:00 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\SystemRequirementsLab
2008-05-24 18:54 . 2008-05-24 18:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\media center programs
2008-05-24 17:54 . 2008-05-24 17:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
2008-05-24 17:51 . 2008-05-24 17:51 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2008-05-24 17:51 . 2008-05-24 17:51 120,992 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-05-24 17:51 . 2008-05-24 17:51 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-05-24 17:50 . 2008-05-24 17:50 <DIR> d-------- C:\Program Files\Seagate
2008-05-24 17:50 . 2008-05-24 17:50 <DIR> d-------- C:\Program Files\Common Files\Seagate
2008-05-24 17:48 . 2008-05-24 17:48 29,512 --a------ C:\WINDOWSSerifastd-black.otf
2008-05-24 17:48 . 2008-05-24 17:48 28,260 --a------ C:\WINDOWSSerifastd-lightitalic.otf
2008-05-24 17:48 . 2008-05-24 17:48 28,252 --a------ C:\WINDOWSSerifastd-italic.otf
2008-05-24 17:48 . 2008-05-24 17:48 27,772 --a------ C:\WINDOWSSerifastd-bold.otf
2008-05-24 17:48 . 2008-05-24 17:48 27,452 --a------ C:\WINDOWSSerifastd-roman.otf
2008-05-24 17:48 . 2008-05-24 17:48 27,440 --a------ C:\WINDOWSSerifastd-light.otf
2008-05-24 13:00 . 2008-05-24 13:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Funcom
2008-05-22 07:16 . 2008-05-22 07:16 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\DAEMON Tools
2008-05-22 07:16 . 2008-05-22 07:16 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-22 03:54 . 2008-05-22 03:54 <DIR> d-------- C:\Deckard
2008-05-22 03:50 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-22 03:50 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-22 03:50 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-22 03:50 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-22 03:50 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-22 03:50 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-22 03:50 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 03:50 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 03:47 . 2008-05-22 03:47 2,442 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-19 16:38 . 2008-05-19 16:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-19 14:28 . 2008-05-19 14:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 18:09 . 2008-05-16 18:09 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-05-16 18:08 . 2008-05-16 18:08 <DIR> d-------- C:\WINDOWS\srchasst
2008-05-16 18:02 . 2008-05-16 18:02 <DIR> d-------- C:\WINDOWS\Mozilla
2008-05-16 16:46 . 2008-05-16 16:46 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS
2008-05-16 16:43 . 2008-05-16 18:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-16 14:32 . 2008-05-16 18:41 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-16 14:00 . 2008-05-16 14:19 250 --a------ C:\WINDOWS\gmer.ini
2008-05-15 22:41 . 2008-05-15 22:41 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\McAfee
2008-05-15 13:53 . 2008-05-15 13:53 29,312 --a------ C:\WINDOWS\system32\xxyvsrRh.dll
2008-05-12 10:09 . 2008-05-12 10:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 10:03 . 2008-05-12 10:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-08 06:29 . 2008-05-08 06:29 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 18:43 --------- d-----w C:\Program Files\BitTorrent
2008-06-03 21:34 --------- d-----w C:\Program Files\ATI Technologies
2008-06-02 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 19:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 15:38 102,400 ----a-w C:\WINDOWS\DUMP5285.tmp
2008-05-24 20:33 --------- d-----w C:\Program Files\McAfee
2008-05-24 19:16 --------- d-----w C:\Program Files\World of Warcraft
2008-05-16 03:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-04-20 21:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-22_ 7.56.18.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-03 21:35:53 135,168 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
+ 2008-06-03 21:35:54 212,992 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
+ 2008-06-03 21:35:21 15,360 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2008-06-03 21:35:22 143,360 ----a-w C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2008-06-03 21:35:55 225,280 ----a-w C:\WINDOWS\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
+ 2008-06-03 21:35:56 360,448 ----a-w C:\WINDOWS\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
+ 2008-06-03 21:35:57 49,152 ----a-w C:\WINDOWS\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
+ 2008-06-03 21:35:22 13,312 ----a-w C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
- 2008-02-10 08:28:33 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-24 23:55:23 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-02-10 08:28:34 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-24 23:55:23 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-02-10 08:28:34 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-24 23:55:24 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-02-10 08:28:27 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:16 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:17 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:28 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:18 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:29 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:18 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:29 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:19 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:30 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:20 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:31 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:20 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:31 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:21 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:32 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:21 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:34 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-24 23:55:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-02-10 08:28:34 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-24 23:55:24 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-02-10 08:28:35 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-24 23:55:25 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-02-10 08:28:35 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-24 23:55:25 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-02-10 08:28:35 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-24 23:55:25 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-02-10 08:28:33 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-24 23:55:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-02 19:25:51 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-02 19:26:10 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-02 19:26:11 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-06-02 19:26:12 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-06-02 19:26:03 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-06-02 19:25:38 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-02 19:25:38 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-06-02 19:26:24 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-06-02 19:25:58 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-02 19:25:49 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-03 21:35:25 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2008-06-03 21:36:01 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
+ 2008-06-03 21:36:00 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
+ 2008-06-03 21:36:01 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
+ 2008-06-03 21:36:01 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
+ 2008-06-03 21:36:01 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
+ 2008-06-03 21:36:01 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3005.17534__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
+ 2008-06-03 21:35:59 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3005.17560__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
+ 2008-06-03 21:36:00 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3005.17561__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
+ 2008-06-03 21:35:24 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
+ 2008-06-03 21:36:02 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
+ 2008-06-03 21:35:25 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.DLL
+ 2008-06-03 21:34:58 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.DLL
+ 2008-06-03 21:35:25 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3005.17552__90ba9c70f846762e\AEM.UI.Shared.DLL
+ 2008-06-03 21:34:59 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AEM.UI\2.0.3054.18908__90ba9c70f846762e\AEM.UI.DLL
+ 2008-06-03 21:35:25 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.DLL
+ 2008-06-03 21:34:58 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.DLL
+ 2008-06-02 19:25:36 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-06-03 21:34:59 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2008-06-03 21:34:59 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.DLL
+ 2008-06-03 21:35:58 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
+ 2008-06-03 21:35:55 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
+ 2008-06-03 21:35:00 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.DLL
+ 2008-06-03 21:35:52 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2008-06-03 21:36:03 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3054.18949__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:03 12,288 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3054.18948__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
+ 2008-06-03 21:35:26 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3005.17561__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
+ 2008-06-03 21:35:27 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
+ 2008-06-03 21:35:00 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3005.17517__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
+ 2008-06-03 21:36:03 98,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3054.18762__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:04 479,232 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:04 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
+ 2008-06-03 21:35:28 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
+ 2008-06-03 21:36:04 663,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3054.18840__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:38 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
+ 2008-06-03 21:35:28 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
+ 2008-06-03 21:36:38 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3054.18864__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
+ 2008-06-03 21:36:05 446,464 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:05 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
+ 2008-06-03 21:35:28 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
+ 2008-06-03 21:36:06 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3054.18829__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:06 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
+ 2008-06-03 21:35:29 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
+ 2008-06-03 21:36:06 307,200 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3054.18692__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
+ 2008-06-03 21:36:07 282,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3054.18769__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
+ 2008-06-03 21:36:38 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
+ 2008-06-03 21:35:30 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
+ 2008-06-03 21:36:08 901,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3054.18885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:39 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
+ 2008-06-03 21:35:31 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
+ 2008-06-03 21:36:40 364,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3054.18892__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
+ 2008-06-03 21:36:09 585,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:08 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
+ 2008-06-03 21:35:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
+ 2008-06-03 21:36:09 438,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:40 1,679,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
+ 2008-06-03 21:36:11 118,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:10 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
+ 2008-06-03 21:35:32 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
+ 2008-06-03 21:36:40 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
+ 2008-06-03 21:35:33 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
+ 2008-06-03 21:36:11 217,088 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:41 196,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
+ 2008-06-03 21:36:12 249,856 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.3054.18707__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:12 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.3054.18714__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.DLL
+ 2008-06-03 21:35:33 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.3005.17532__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL
+ 2008-06-03 21:36:14 802,816 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:13 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
+ 2008-06-03 21:35:34 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
+ 2008-06-03 21:36:14 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
+ 2008-06-03 21:36:16 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3054.18797__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:15 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Runtime\2.0.3054.18794__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Runtime.DLL
+ 2008-06-03 21:35:35 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3005.17534__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL
+ 2008-06-03 21:36:17 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3054.18806__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:16 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3054.18803__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
+ 2008-06-03 21:35:35 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
+ 2008-06-03 21:36:19 208,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3054.18914__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:18 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3054.18911__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
+ 2008-06-03 21:35:35 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3005.17555__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
+ 2008-06-03 21:36:21 147,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3054.18968__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:20 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3054.18966__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
+ 2008-06-03 21:35:35 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3005.17520__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
+ 2008-06-03 21:36:22 479,232 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Dashboard\2.0.3054.18716__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:21 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Runtime\2.0.3054.18715__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Runtime.DLL
+ 2008-06-03 21:35:36 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.3005.17533__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL
+ 2008-06-03 21:36:24 1,032,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3054.18739__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:23 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3054.18730__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
+ 2008-06-03 21:35:36 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3005.17533__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
+ 2008-06-03 21:36:24 442,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:24 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
+ 2008-06-03 21:35:36 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
+ 2008-06-03 21:36:26 167,936 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3054.18836__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:25 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3054.18836__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
+ 2008-06-03 21:35:37 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3005.17538__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
+ 2008-06-03 21:36:27 139,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3054.18939__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:26 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3054.18939__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
+ 2008-06-03 21:35:37 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3005.17557__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
+ 2008-06-03 21:36:27 147,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3054.18922__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:27 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
+ 2008-06-03 21:35:38 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
+ 2008-06-03 21:36:28 172,032 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3054.18957__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:28 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3054.18957__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
+ 2008-06-03 21:35:38 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3005.17558__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
+ 2008-06-03 21:36:29 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:29 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
+ 2008-06-03 21:35:39 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
+ 2008-06-03 21:36:29 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
+ 2008-06-03 21:36:31 282,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3054.18699__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:30 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3054.18706__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
+ 2008-06-03 21:35:40 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3005.17532__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
+ 2008-06-03 21:35:40 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
+ 2008-06-03 21:36:38 483,328 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
+ 2008-06-03 21:36:32 167,936 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3054.18821__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:32 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3054.18820__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
+ 2008-06-03 21:35:41 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3005.17538__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
+ 2008-06-03 21:36:33 102,400 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3054.18660__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3054.18659__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
+ 2008-06-03 21:35:42 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
+ 2008-06-03 21:36:34 135,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:35 98,304 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3054.18969__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
+ 2008-06-03 21:36:35 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3054.18970__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
+ 2008-06-03 21:35:42 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3005.17558__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
+ 2008-06-03 21:35:42 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
+ 2008-06-03 21:36:36 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
+ 2008-06-03 21:35:00 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
+ 2008-06-03 21:36:41 253,952 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
+ 2008-06-03 21:35:42 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
+ 2008-06-03 21:35:43 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
+ 2008-06-03 21:36:42 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
+ 2008-06-03 21:35:01 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3054.18881__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
+ 2008-06-03 21:35:02 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
+ 2008-06-03 21:35:43 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
+ 2008-06-03 21:35:04 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3054.18752__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
+ 2008-06-03 21:35:03 204,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3054.18745__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
+ 2008-06-03 21:35:05 65,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3054.18761__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
+ 2008-06-03 21:35:04 208,896 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3054.18754__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
+ 2008-06-03 21:35:05 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
+ 2008-06-03 21:35:44 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
+ 2008-06-03 21:35:02 1,511,424 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.DLL
+ 2008-06-03 21:35:05 622,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3054.18874__90ba9c70f846762e\CLI.Component.Eeu.DLL
+ 2008-06-03 21:35:08 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3054.18723__90ba9c70f846762e\CLI.Component.Erecord.DLL
+ 2008-06-03 21:35:10 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Help\2.0.3054.18906__90ba9c70f846762e\CLI.Component.Help.DLL
+ 2008-06-03 21:35:10 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3054.18667__90ba9c70f846762e\CLI.Component.Icomponent.DLL
+ 2008-06-03 21:35:13 487,424 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3054.18958__90ba9c70f846762e\CLI.Component.Launchpad.DLL
+ 2008-06-03 21:35:12 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Load\2.0.3054.18906__90ba9c70f846762e\CLI.Component.Load.DLL
+ 2008-06-03 21:36:37 118,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3054.18976__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
+ 2008-06-03 21:35:22 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
+ 2008-06-03 21:35:15 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
+ 2008-06-03 21:35:44 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
+ 2008-06-03 21:35:14 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.DLL
+ 2008-06-03 21:35:16 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3054.18600__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
+ 2008-06-03 21:35:16 417,792 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.DLL
+ 2008-06-03 21:35:17 24,576 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
+ 2008-06-03 21:35:45 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
+ 2008-06-03 21:35:17 491,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.DLL
+ 2008-06-03 21:35:17 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.DLL
+ 2008-06-03 21:35:47 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
+ 2008-06-03 21:35:46 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.DLL
+ 2008-06-03 21:35:17 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI.Implementation\2.0.3054.18593__90ba9c70f846762e\CLI.Implementation.DLL
+ 2008-06-03 21:35:53 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2008-06-02 19:25:41 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-03 21:35:47 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
+ 2008-06-03 21:35:49 45,056 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2008-06-03 21:35:49 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
+ 2008-06-03 21:35:50 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
+ 2008-06-03 21:35:50 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2008-06-03 21:35:48 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.DLL
+ 2008-06-03 21:35:50 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.DLL
+ 2008-06-03 21:35:50 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.DLL
+ 2008-06-02 19:26:06 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-02 19:26:08 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-02 19:26:08 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-03 21:35:58 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2008-06-03 21:35:25 11,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.DLL
+ 2008-06-03 21:35:20 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.DLL
+ 2008-06-03 21:35:19 20,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
+ 2008-06-03 21:35:18 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
+ 2008-06-03 21:35:19 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.DLL
+ 2008-06-03 21:35:50 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.DLL
+ 2008-06-03 21:35:20 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3054.18908__90ba9c70f846762e\LOG.EXE
+ 2008-06-02 19:25:43 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-06-02 19:25:43 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-06-02 19:25:45 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-06-02 19:25:46 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-06-02 19:25:41 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-02 19:26:29 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-06-02 19:26:28 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-06-02 19:25:32 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-02 19:26:27 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-02 19:26:29 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-06-02 19:25:36 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-02 19:25:34 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-02 19:25:35 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-03 21:35:51 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.DLL
+ 2008-06-03 21:35:20 102,400 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.DLL
+ 2008-06-03 21:35:52 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2008-06-03 21:35:51 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.DLL
+ 2008-06-03 21:35:24 19,456 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3054.18950__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
+ 2008-06-03 21:35:20 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3005.17554__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
+ 2008-06-02 19:26:18 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-06-02 19:25:53 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-06-02 19:26:20 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-06-02 19:26:13 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-06-02 19:25:39 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-06-02 19:26:05 5,050,368 ----a-w C:\WINDOWS\assembl

#10
sage5

Posted 04 June 2008 - 04:50 PM

RIP 10/2009

Retired Staff
2,646 posts

Hi bstadts,

That log got cut off at

+ 2008-06-02 19:26:05 5,050,368 ----a-w C:\WINDOWS\assembl

Can you resend the remainder of that file please?

Cheers,

sage5

#11
sage5

Posted 14 June 2008 - 06:13 AM

RIP 10/2009

Retired Staff
2,646 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.