Infected Virtumonde [Archive] - Safer-Networking Forums

nahs003

2008-03-11, 09:21

Your help is greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:32 AM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Mercer\Global Peer Review\Mxda\mxda.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Interwise\Student\pull.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\eRoom 6\ERClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\nahs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mercer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.mercer.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\system32\pmnlkll.dll
O2 - BHO: (no name) - {4C86CA58-E03F-4C7D-8952-2C59D8F3BC39} - C:\WINDOWS\system32\pmkhg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C651565-5949-4EBE-83F4-CE8EFB975100} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B7769AE3-1B47-4556-B7E0-4F4CC5244DB1} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {BC858E5A-03EF-4F58-8235-0EC72A59BB60} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: {1839c622-660b-91bb-dd74-08d581dbdc0d} - {d0cdbd18-5d80-47dd-bb19-b066226c9381} - C:\WINDOWS\system32\iibekjmj.dll
O2 - BHO: (no name) - {D859D5BB-DC4D-40A3-8EFE-5D0B16DC9209} - C:\WINDOWS\system32\mllmn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMCAddinProtector] C:\Program Files\MMC\Office Automation\Protector\MMCAddinProtector.exe
O4 - HKLM\..\Run: [MXDA] C:\Program Files\Mercer\Global Peer Review\Mxda\mxda.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [409f0375] rundll32.exe "C:\WINDOWS\system32\mgrbbboe.dll",b
O4 - HKLM\..\Run: [BM43ac30e9] Rundll32.exe "C:\WINDOWS\system32\xstuqtfr.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: SetPowerScheme.lnk = C:\WINDOWS\system32\wscript.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SetPowerScheme.lnk = C:\WINDOWS\system32\wscript.exe (User 'Default user')
O4 - .DEFAULT User Startup: SetPowerScheme.lnk = C:\WINDOWS\system32\wscript.exe (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe
O4 - Startup: Work.url
O4 - Global Startup: Access Manager Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: Push Client.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.mercer.com
O15 - Trusted Zone: *.mercer.com
O15 - Trusted Zone: http://*.mercer.com
O15 - Trusted Zone: *.mmc.com
O15 - Trusted Zone: *.mercer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://connectv7.mercer.com/eRoomSetup/client.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - http://connect.mercer.com/eroomsetup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mercer.com
O17 - HKLM\Software\..\Telephony: DomainName = mercer.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mercer.com
O20 - Winlogon Notify: pmnlkll - C:\WINDOWS\SYSTEM32\pmnlkll.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

--
End of file - 9342 bytes

The above log file was run from:
"C:\Program Files\Trend Micro\HijackThis\nahs.exe"

I renamed the .exe file to nahs.exe.

km2357

2008-03-13, 19:46

Hello and welcome to Safer Networking Forums.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

I will be back as soon as possible with your first instructions!

km2357

2008-03-13, 19:55

Step # 1: Download and Run ComboFix

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to save ComboFix.exe to your Desktop

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Step # 2 Download CCleaner

Download CCleaner from here (http://www.ccleaner.com/) to clean temp files from your computer.

Double click on the ccsetup.exe file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location.
Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
Click Install then finish to complete installation.

Step # 3 Retrieve the Installed Programs List from CCleaner

Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

In your next post/reply, I need to see the ComboFix Log, CCleaner's install list, and a fresh HiJackThis Log. Use multiple posts/replies if you can't fit everything into one post.

nahs003

2008-03-13, 20:51

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Mercer\Global Peer Review\Mxda\mxda.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Interwise\Student\pull.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\eRoom 6\ERClient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\nahs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mercer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C651565-5949-4EBE-83F4-CE8EFB975100} - C:\WINDOWS\system32\gebca.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B7769AE3-1B47-4556-B7E0-4F4CC5244DB1} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {BC858E5A-03EF-4F58-8235-0EC72A59BB60} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {D859D5BB-DC4D-40A3-8EFE-5D0B16DC9209} - C:\WINDOWS\system32\mllmn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMCAddinProtector] C:\Program Files\MMC\Office Automation\Protector\MMCAddinProtector.exe
O4 - HKLM\..\Run: [MXDA] C:\Program Files\Mercer\Global Peer Review\Mxda\mxda.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: SetPowerScheme.lnk = C:\WINDOWS\system32\wscript.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SetPowerScheme.lnk = C:\WINDOWS\system32\wscript.exe (User 'Default user')
O4 - .DEFAULT User Startup: SetPowerScheme.lnk = C:\WINDOWS\system32\wscript.exe (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe
O4 - Startup: Work.url
O4 - Global Startup: Access Manager Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: Push Client.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.mercer.com
O15 - Trusted Zone: *.mercer.com
O15 - Trusted Zone: http://*.mercer.com
O15 - Trusted Zone: *.mmc.com
O15 - Trusted Zone: *.mercer.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://connectv7.mercer.com/eRoomSetup/client.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) -
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - http://connect.mercer.com/eroomsetup/client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mercer.com
O17 - HKLM\Software\..\Telephony: DomainName = mercer.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mercer.com
O20 - Winlogon Notify: pmnlkll - pmnlkll.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe

--
End of file - 8905 bytes

CCLEANER LOG

Access Manager
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
AiO_Scan
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
CCleaner (remove only)
Circular 230
Cisco Systems VPN Client 4.6.01.0019
Citrix ICA Client
Citrix Web Client
Compatibility Pack for the 2007 Office system
CONFIGNT
DB Utilities
DING!
DivX Web Player
eRoom 6
eRoom 7
Google Toolbar for Internet Explorer
GRS Shortcut
GTK+ Runtime 2.10.11 rev b (remove only)
GUI
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB893357)
HP Driver Diagnostics
HP PSC & OfficeJet 5.3.B
Installation Status MIF Generator
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD
InterwiseParticipant
iTunes
Java 2 Runtime Environment, SE v1.4.2_11
JInitiator 1.3.1.22
JInitiator 1.3.1.26
Kaspersky Online Scanner
Macro Liability Diagnostics
Macromedia Flash Player
McAfee Anti-Spyware Enterprise Module
McAfee Host Intrusion Prevention
McAfee VirusScan Enterprise
MeetingPlace For Outlook
Mercer Global Peer Review System
Mercer Link Portal
Mercer Portable People
Mercer SSCalc for Windows
Mercer US Screen Saver
mercer.remote Documentation
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ODBC .NET Data Provider
Microsoft Office Professional Edition 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Outlook Personal Folders Backup
Microsoft Windows User State Migration Tool version 2.6
MMC Global Templates
MMC People Directory Trusted Sites
Mouse Suite
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MYFILESREG
Oracle iExpense IE Shortcut
Oracle JInitiator 1.1.8.16 - Finance
OTS 5.9.2006
Pidgin
PMAC
PrimoPDF
PrimoPDF Redistribution Package
Proxy Master
QFolder
QuickTime
RealPlayer
Scan
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shadow Copy Client
Shockwave Player 7
Siebel Interactivity Framework
SMOC
SMS Advanced Client
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spybot Search and Destroy
Spybot Search and Destroy Updates
SSCalc for Windows 41 4000 USA
Tech Tools Offline
Technology Tools @ Mercer
ThinkPad Modem
ThinkPad Power Management Driver
TurboTax Deluxe 2007
Update for Windows XP (KB908531)
Update for Windows XP (KB931836)
Update for Windows XP (KB946627)
VZAccess Manager
WebFldrs XP
WhoAmI Script
WhyPeerReview Screen Saver
Windows Driver Package - Intel (NETw3x32) net (07/02/2006 10.5.1.57)
Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip 9

nahs003

2008-03-13, 20:56

COMBOFIX LOG

ComboFix 08-03-13.1 - shan-fernando 2008-03-13 12:13:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.417 [GMT -7:00]
Running from: C:\Documents and Settings\Shan-Fernando\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Temporary
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\acbeg.ini2
C:\WINDOWS\system32\atogefwu.dll
C:\WINDOWS\system32\atudmgco.ini
C:\WINDOWS\system32\buihwyjn.ini
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\drgbqfuj.dll
C:\WINDOWS\system32\eobbbrgm.ini
C:\WINDOWS\system32\fkdmkuxh.dll
C:\WINDOWS\system32\gakcaobh.ini
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\gnqmmgck.dll
C:\WINDOWS\system32\hboackag.dll
C:\WINDOWS\system32\hxukmdkf.ini
C:\WINDOWS\system32\iibekjmj.dll
C:\WINDOWS\system32\jufqbgrd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgrbbboe.dll
C:\WINDOWS\system32\njywhiub.dll
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\npjjyxfj.dll
C:\WINDOWS\system32\ocgmduta.dll
C:\WINDOWS\system32\ophniptx.dll
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pdnkiasm.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmnlkll.dll
C:\WINDOWS\system32\qfedaurx.dll
C:\WINDOWS\system32\ruvkmeux.ini
C:\WINDOWS\system32\shlwyuok.dll
C:\WINDOWS\system32\tgnimoui.dll
C:\WINDOWS\system32\vlrciebs.dll
C:\WINDOWS\system32\whugcwhv.dll
C:\WINDOWS\system32\xstuqtfr.dll
C:\WINDOWS\system32\xuemkvur.dll
C:\WINDOWS\system32\yobkqnay.dll
C:\WINDOWS\system32\yvuxjieh.dll

----- BITS: Possible infected sites -----

hxxp://SFOWPFS01
.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-10 19:09 . 2008-03-10 19:09 92 --a------ C:\WINDOWS\wininit.ini
2008-03-09 20:05 . 2008-03-09 21:57 1,835,008 --a------ C:\Documents and Settings\~Cecil-Long\ntuser.dat
2008-03-04 10:57 . 2008-03-06 20:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 10:57 . 2008-03-04 10:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 01:13 . 2008-03-03 23:48 <DIR> d-------- C:\Documents and Settings\Shan-Fernando\OngameNetwork
2008-02-28 10:54 . 2008-02-28 10:54 <DIR> d-------- C:\Program Files\WhoAmI_Script
2008-02-17 13:37 . 2008-02-17 13:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 13:37 . 2008-02-17 13:37 3,460 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 19:03 --------- d-----w C:\Documents and Settings\Shan-Fernando\Application Data\.purple
2008-03-10 15:25 --------- d-----w C:\Program Files\Novatel Wireless
2008-03-10 04:57 1,835,008 ----a-w C:\Documents and Settings\~Cecil-Long\ntuser.dat
2008-03-10 03:51 --------- d-----w C:\Program Files\SafeBoot
2008-03-06 19:42 --------- d-----w C:\Documents and Settings\Shan-Fernando\Application Data\gtk-2.0
2008-02-20 02:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 19:00 --------- d-----w C:\Program Files\Network Associates
2008-02-07 07:51 --------- d-----w C:\Documents and Settings\Shan-Fernando\Application Data\Intuit
2008-02-07 07:48 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-07 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 07:47 --------- d-----w C:\Program Files\Common Files\Intuit
2008-02-07 07:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-07 07:46 --------- d-----w C:\Program Files\TurboTax
2008-02-05 21:59 --------- d-----w C:\Program Files\Mercer
2008-01-16 18:50 --------- d-----w C:\Program Files\QuickTime
.

((((((((((((((((((((((((((((( snapshot@2007-10-10_21.10.51.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2004-08-04 08:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-15 08:12:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-15 08:12:28 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-15 08:12:28 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-15 08:12:28 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-15 08:12:28 205,824 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-15 08:12:28 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 10:32:36 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-15 08:12:28 251,904 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-15 08:12:28 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-15 08:12:28 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-15 08:12:29 3,064,320 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-15 08:12:29 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-15 08:12:29 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-15 08:12:29 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-15 08:12:29 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-15 08:12:30 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-15 08:12:30 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-06-30 20:22:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-15 08:12:30 616,960 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:35:54 665,600 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 10:08:46 350,720 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-28 00:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-28 00:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 03:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-08-22 12:55:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 12:55:29 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 12:55:30 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:19:39 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 12:55:32 251,904 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 12:55:32 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 12:55:32 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-23 02:25:38 3,064,832 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 12:55:37 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 12:55:38 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 12:55:38 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-06-30 20:22:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 12:55:43 617,984 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 12:55:44 665,600 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2006-07-13 13:33:27 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:13:33 350,720 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2004-08-04 08:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
- 2007-09-25 00:00:27 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-03-13 16:53:41 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-09-25 00:00:37 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-03-13 16:53:55 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-09-25 00:00:38 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-03-13 16:53:56 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-09-25 00:00:39 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-03-13 16:53:59 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-09-25 00:00:34 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-03-13 16:53:52 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-09-25 00:00:21 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-03-13 16:53:31 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-09-25 00:00:22 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-03-13 16:53:31 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-09-25 00:00:45 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-03-13 16:54:05 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-09-25 00:00:30 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-03-13 16:53:45 5,156,864 ----a-w

nahs003

2008-03-13, 20:58

C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-09-25 00:00:26 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-03-13 16:53:39 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-09-25 00:00:21 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-03-13 16:53:30 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-09-25 00:00:23 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-03-13 16:53:32 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-09-25 00:00:36 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-03-13 16:53:54 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-09-25 00:00:36 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-03-13 16:53:54 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-09-25 00:00:37 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-03-13 16:53:55 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-09-25 00:00:24 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-03-13 16:53:34 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-09-25 00:00:24 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-03-13 16:53:37 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-09-25 00:00:25 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-03-13 16:53:38 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-09-25 00:00:25 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-03-13 16:53:39 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-09-25 00:00:23 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-03-13 16:53:33 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-09-25 00:00:47 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-03-13 16:54:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-09-25 00:00:47 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-03-13 16:54:07 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-09-25 00:00:19 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-03-13 16:53:25 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-09-25 00:00:46 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-03-13 16:54:06 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-09-25 00:00:48 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-03-13 16:54:08 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-09-25 00:00:20 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-03-13 16:53:30 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-09-25 00:00:20 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-03-13 16:53:28 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-09-25 00:00:20 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-03-13 16:53:29 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-09-25 00:00:42 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-03-13 16:54:02 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-09-25 00:00:27 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-03-13 16:53:42 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-09-25 00:00:42 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-03-13 16:54:02 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-09-25 00:00:40 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-03-13 16:53:59 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-09-25 00:00:22 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-03-13 16:53:32 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-09-25 00:00:35 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-03-13 16:53:53 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-09-25 00:00:28 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-03-13 16:53:43 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-09-25 00:00:28 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-03-13 16:53:43 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-09-25 00:00:29 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-03-13 16:53:44 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-09-25 00:00:44 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-03-13 16:54:03 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-09-25 00:00:40 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-03-13 16:54:00 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-09-25 00:00:44 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-03-13 16:54:04 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-09-25 00:00:41 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-03-13 16:54:01 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-09-25 00:00:41 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-03-13 16:54:01 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-09-25 00:00:26 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-03-13 16:53:40 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-09-25 00:00:29 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-03-13 16:53:44 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-09-25 00:00:46 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-03-13 16:54:05 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-09-25 00:00:31 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-03-13 16:53:47 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-09-25 00:00:31 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-03-13 16:53:48 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-09-25 00:00:32 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-03-13 16:53:49 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-09-25 00:00:33 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-03-13 16:53:50 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-09-25 00:00:43 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-03-13 16:54:03 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2000-08-31 15:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 17:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 15:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-12-26 21:16:52 102,262 ----a-w C:\WINDOWS\hpoins05.dat
+ 2005-12-17 05:56:02 17,505 ------w C:\WINDOWS\hpomdl07.dat
+ 2005-12-17 05:56:02 17,505 ------w C:\WINDOWS\hpomdl07.dat.temp
+ 2006-10-27 05:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2005-03-17 21:36:34 161,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.7969\IETAG.DLL
+ 2005-07-23 00:47:14 12,242,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.7969\MSO.DLL
+ 2005-06-29 02:15:24 6,146,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.7969\POWERPNT.EXE
+ 2005-03-17 21:41:56 2,812,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.7969\STSLIST.DLL
+ 2004-05-25 02:45:10 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.7969\VBE6.DLL
+ 2005-07-23 00:21:40 12,061,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.7969\WINWORD.EXE
- 2007-09-14 16:39:16 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-10 15:21:28 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-09-14 16:39:16 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-10 15:21:28 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-09-14 16:39:16 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-03-10 15:21:28 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-09-14 16:39:16 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-10 15:21:28 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-09-14 16:39:16 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-10 15:21:28 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-09-14 16:39:16 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-10 15:21:28 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-09-14 16:39:16 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-10 15:21:28 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-09-14 16:39:16 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-10 15:21:28 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-09-14 16:39:16 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-10 15:21:28 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-09-14 16:39:16 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-03-10 15:21:28 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-09-14 16:39:16 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-10 15:21:28 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-09-14 16:39:16 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-10 15:21:28 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-09-14 16:39:16 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-10 15:21:27 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-01-09 17:32:58 35,600 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 1998-10-30 00:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2004-08-04 08:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-04 08:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-04 08:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-04 08:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-04 08:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-04 08:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 08:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2007-06-15 08:12:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-11-07 06:50:00 310,056 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\advertisement.dll
+ 2006-11-07 06:50:00 154,408 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\PatchDownloader.dll
+ 2006-11-07 06:50:00 207,656 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\ScanHlpr.dll
+ 2006-11-07 06:50:00 355,112 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\ScanWrapper.exe
+ 2006-11-07 06:50:00 203,560 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\SmsWusHandler.exe
+ 2006-11-07 06:50:00 166,856 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\syncxml.exe
+ 2006-11-07 06:50:00 236,328 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.19.System\UpdateWUSCatalog.exe
+ 2006-11-07 06:50:00 310,056 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\advertisement.dll
+ 2006-11-07 06:50:00 154,408 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\PatchDownloader.dll
+ 2006-11-07 06:50:00 207,656 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\ScanHlpr.dll
+ 2006-11-07 06:50:00 355,112 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\ScanWrapper.exe
+ 2006-11-07 06:50:00 203,560 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\SmsWusHandler.exe
+ 2006-11-07 06:50:00 166,856 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\syncxml.exe
+ 2006-11-07 06:50:00 236,328 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.20.System\UpdateWUSCatalog.exe
+ 2006-11-07 06:50:00 310,056 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\advertisement.dll
+ 2006-11-07 06:50:00 154,408 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\PatchDownloader.dll
+ 2006-11-07 06:50:00 207,656 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\ScanHlpr.dll
+ 2006-11-07 06:50:00 355,112 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\ScanWrapper.exe
+ 2006-11-07 06:50:00 203,560 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\SmsWusHandler.exe
+ 2006-11-07 06:50:00 166,856 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\syncxml.exe
+ 2006-11-07 06:50:00 236,328 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000006.21.System\UpdateWUSCatalog.exe
+ 2008-01-08 16:39:12 166,816 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000108.1.System\office2003-KB924423-FullFile-ENU.exe
+ 2008-01-31 21:08:54 7,851 ----a-w C:\WINDOWS\system32\CCM\Cache\AM000108.1.System\Outlook_2003_Holiday_Patch.vbs
+ 2007-12-19 14:46:00 3,821,205 ----a-w C:\WINDOWS\system32\CCM\Cache\AM100711.1.System\FramePkg.exe
- 2007-06-15 08:12:28 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2004-08-04 08:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv

nahs003

2008-03-13, 20:59

- 2007-06-15 08:12:28 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-15 08:12:28 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 00:44:30 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-15 08:12:28 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 00:44:30 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-15 08:12:28 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 00:44:32 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-15 08:12:28 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 00:44:33 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 00:44:33 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-15 08:12:28 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 00:44:33 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 10:32:36 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 10:05:52 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-15 08:12:28 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 00:44:33 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-06-15 08:12:28 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 00:44:33 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-06-15 08:12:28 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 00:44:33 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-08-04 08:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2004-08-04 08:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2004-08-04 08:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
- 2004-08-04 08:00:00 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-04 08:00:00 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-04 08:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-04 08:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-04 08:00:00 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-04 08:00:00 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-04 08:00:00 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-04 08:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-04 08:00:00 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2004-08-04 08:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-06-15 08:12:29 3,064,320 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 00:44:35 3,066,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-15 08:12:29 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 00:44:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-15 08:12:29 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 00:44:36 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-15 08:12:29 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 00:44:36 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-15 08:12:29 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 00:44:36 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 08:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-15 08:12:30 1,498,112 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 00:44:37 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-07-13 13:33:27 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-15 08:12:30 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 00:44:38 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2004-08-04 08:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2004-08-04 08:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2007-06-15 08:12:30 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 00:44:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2004-08-04 07:01:26 25,856 -c--a-w C:\WINDOWS\system32\dllcache\usbprint.sys
+ 2004-08-04 08:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2007-06-26 14:35:54 665,600 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 00:44:39 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-04 08:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
- 2005-01-28 03:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 01:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-09-15 03:00:00 8,320 ----a-w C:\WINDOWS\system32\drivers\entdrv51.sys
+ 2007-01-19 04:00:00 8,320 ----a-w C:\WINDOWS\system32\drivers\entdrv51.sys
+ 2005-12-17 05:56:00 51,120 ----a-w C:\WINDOWS\system32\drivers\HPZid412.sys
+ 2005-12-17 05:56:00 16,496 ----a-w C:\WINDOWS\system32\drivers\HPZipr12.sys
+ 2005-12-17 05:56:00 21,744 ----a-w C:\WINDOWS\system32\drivers\HPZius12.sys
- 2004-08-04 08:00:00 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 08:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2006-09-15 03:00:00 58,464 ----a-w C:\WINDOWS\system32\drivers\mvstdi5x.sys
+ 2007-01-19 04:00:00 59,904 ----a-w C:\WINDOWS\system32\drivers\mvstdi5x.sys
- 2006-09-15 03:00:00 116,992 ----a-w C:\WINDOWS\system32\drivers\naiavf5x.sys
+ 2007-01-19 04:00:00 117,024 ----a-w C:\WINDOWS\system32\drivers\naiavf5x.sys
- 2004-08-04 08:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2004-08-04 07:01:26 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
- 2004-09-23 03:00:00 11,264 ----a-w C:\WINDOWS\system32\dssdata.dll
+ 2004-09-23 04:00:00 11,264 ----a-w C:\WINDOWS\system32\dssdata.dll
- 2007-06-15 08:12:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-09-15 03:00:00 36,922 ----a-w C:\WINDOWS\system32\entapi.dll
+ 2007-01-19 04:00:00 36,922 ----a-w C:\WINDOWS\system32\entapi.dll
- 2007-06-15 08:12:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe
- 2007-06-06 16:22:13 152,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-12 01:03:28 171,488 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe
+ 2005-12-17 05:56:01 278,528 ----a-w C:\WINDOWS\system32\hpgwiamd.dll
+ 2005-12-17 05:56:02 606,208 ----a-w C:\WINDOWS\system32\hpotscl.dll
+ 2005-12-17 05:56:02 258,122 ----a-w C:\WINDOWS\system32\hpovst08.dll
+ 2005-12-17 05:56:02 274,432 ----a-w C:\WINDOWS\system32\HPZc3212.dll
+ 2005-12-17 05:55:59 196,608 ----a-w C:\WINDOWS\system32\hpzcoi12.dll
+ 2005-12-17 05:55:59 393,216 ----a-w C:\WINDOWS\system32\hpzcon12.dll
+ 2004-09-29 20:12:48 278,584 ----a-w C:\WINDOWS\system32\HPZidr12.dll
+ 2004-09-29 20:08:08 61,440 ----a-w C:\WINDOWS\system32\HPZinw12.exe
+ 2004-09-29 20:14:36 69,632 ----a-w C:\WINDOWS\system32\HPZipm12.exe
+ 2004-09-29 20:15:16 204,800 ----a-w C:\WINDOWS\system32\HPZipr12.dll
+ 2004-09-29 20:09:26 94,208 ----a-w C:\WINDOWS\system32\HPZipt12.dll
+ 2004-09-29 20:09:32 57,344 ----a-w C:\WINDOWS\system32\HPZisn12.dll
+ 2005-12-17 05:56:21 98,304 ----a-w C:\WINDOWS\system32\hpzjsn01.dll
+ 2005-12-17 05:55:59 139,345 ----a-w C:\WINDOWS\system32\hpzlnt12.dll
- 2007-06-15 08:12:28 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-11-09 21:51:24 1,721,712 ----a-w C:\WINDOWS\system32\InetClnt.dll
+ 2003-01-19 00:32:28 49,152 ----a-w C:\WINDOWS\system32\INETWH32.DLL
- 2007-06-15 08:12:28 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2002-11-21 18:57:24 20,480 ----a-w C:\WINDOWS\system32\IVIresize.dll
+ 2002-11-21 18:57:26 200,704 ----a-w C:\WINDOWS\system32\IVIresizeA6.dll
+ 2002-11-21 18:57:26 192,512 ----a-w C:\WINDOWS\system32\IVIresizeM6.dll
+ 2002-11-21 18:57:26 192,512 ----a-w C:\WINDOWS\system32\IVIresizeP6.dll
+ 2002-11-21 18:57:26 188,416 ----a-w C:\WINDOWS\system32\IVIresizePX.dll
+ 2002-11-21 18:57:26 204,800 ----a-w C:\WINDOWS\system32\IVIresizeW7.dll
- 2007-06-15 08:12:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2004-08-04 08:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
+ 2007-07-26 23:06:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-06-11 20:04:36 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
- 2007-06-20 21:04:57 48,238 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-11-07 16:33:02 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 08:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-04 08:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-04 08:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
+ 2007-10-15 16:30:46 3,520,574 ----a-w C:\WINDOWS\system32\mercer_screen_saver_scr2.scr
- 2004-08-04 08:00:00 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 08:00:00 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 08:00:00 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 08:00:00 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 08:00:00 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 08:00:00 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 08:00:00 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 08:00:00 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2004-08-04 08:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2004-08-04 08:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 08:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv

nahs003

2008-03-13, 21:00

- 2007-06-15 08:12:29 3,064,320 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-15 08:12:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-15 08:12:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-15 08:12:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2003-04-18 23:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2003-04-19 00:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-09-25 00:00:59 64,166 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-13 16:54:22 64,684 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-09-25 00:00:59 406,258 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-13 16:54:22 407,134 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-15 08:12:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-03-10 04:23:28 213,628 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2003-07-25 01:01:04 1,044,480 ----a-w C:\WINDOWS\system32\ROBOEX32.DLL
- 2004-08-04 08:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe
- 2007-06-15 08:12:30 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-07-13 13:33:27 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-15 08:12:30 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2005-03-25 01:04:26 17,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcabout.dll
+ 2005-03-25 02:04:26 17,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcabout.dll
- 2005-03-25 01:04:26 23,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCJRUI.DLL
+ 2005-03-25 02:04:26 23,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPCJRUI.DLL
- 2003-03-25 08:44:30 8,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcstr.dll
+ 2003-03-25 09:44:30 8,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcstr.dll
+ 2001-08-18 06:36:16 435,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPF900AL.DLL
+ 2001-08-18 06:36:16 891,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPF940AL.DLL
+ 2001-08-18 06:36:16 1,853,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
+ 2004-08-04 08:56:44 87,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFUD50.DLL
+ 2001-08-18 06:36:16 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFUI50.DLL
+ 2005-12-17 05:56:02 179,931 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpop1512.dat
+ 2005-12-17 05:55:59 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku12.dll
+ 2005-12-17 05:55:59 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
+ 2005-12-17 05:55:59 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi12.dll
+ 2005-12-17 05:55:59 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon12.dll
+ 2005-12-17 05:55:59 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
+ 2005-12-17 05:55:59 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt12.dll
+ 2005-12-17 05:55:59 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc12.dll
+ 2005-12-17 05:55:59 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime12.dll
+ 2005-12-17 05:55:59 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzims12.dll
+ 2005-12-17 05:55:59 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui12.dll
+ 2005-12-17 05:55:59 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt12.dll
+ 2005-12-17 05:55:59 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpcl12.dll
+ 2005-12-17 05:55:59 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm312.dll
+ 2005-12-17 05:55:59 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
+ 2005-12-17 05:56:02 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3212.dll
+ 2005-12-17 05:55:59 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres12.dll
+ 2005-12-17 05:56:02 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm312.dll
+ 2005-12-17 05:55:59 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzslk12.dll
+ 2005-12-17 05:55:59 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsnt12.dll
+ 2005-12-17 05:55:59 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
+ 2005-12-17 05:55:59 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
+ 2005-12-17 05:55:59 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi12.dll
+ 2005-12-17 05:55:59 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
+ 2005-12-17 05:55:59 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
+ 2005-12-17 05:55:59 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip12.dll
- 2005-03-25 02:26:12 269,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2006-09-28 16:48:44 269,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2005-12-17 05:56:02 179,931 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpop1512.dat
+ 2005-12-17 05:55:59 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpz2ku12.dll
+ 2005-12-17 05:55:59 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzcfg12.exe
+ 2005-12-17 05:55:59 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzcoi12.dll
+ 2005-12-17 05:55:59 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzcon12.dll
+ 2005-12-17 05:55:59 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzeng12.exe
+ 2005-12-17 05:55:59 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzflt12.dll
+ 2005-12-17 05:55:59 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzimc12.dll
+ 2005-12-17 05:55:59 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzime12.dll
+ 2005-12-17 05:55:59 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzims12.dll
+ 2005-12-17 05:55:59 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzjui12.dll
+ 2005-12-17 05:55:59 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzlnt12.dll
+ 2005-12-17 05:55:59 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzpcl12.dll
+ 2005-12-17 05:55:59 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzpm312.dll
+ 2005-12-17 05:55:59 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzpre12.exe
+ 2005-12-17 05:56:02 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzr3212.dll
+ 2005-12-17 05:55:59 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzres12.dll
+ 2005-12-17 05:56:02 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzrm312.dll
+ 2005-12-17 05:55:59 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzslk12.dll
+ 2005-12-17 05:55:59 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzsnt12.dll
+ 2005-12-17 05:55:59 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzstc12.exe
+ 2005-12-17 05:55:59 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzstw12.exe
+ 2005-12-17 05:55:59 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpztbi12.dll
+ 2005-12-17 05:55:59 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpztbu12.exe
+ 2005-12-17 05:55:59 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpztbx12.exe
+ 2005-12-17 05:55:59 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hppsc_1500_series2609\hpzvip12.dll
+ 2007-07-26 23:06:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
- 2007-10-05 17:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2004-08-04 08:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2004-08-04 08:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-06-15 08:12:30 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-04 08:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 08:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2007-06-26 14:35:54 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 08:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
- 2005-01-28 03:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2007-06-14 10:08:46 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe
+ 2008-03-13 19:28:43 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a4c.dat
- 2005-04-21 08:15:08 151,552 ----a-w C:\WINDOWS\UNWISE.EXE
+ 2005-04-21 09:15:08 151,552 ----a-w C:\WINDOWS\UNWISE.EXE
+ 2006-06-05 21:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 21:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 21:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 22:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 22:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 22:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 22:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
- 2007-09-25 00:00:21 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-03-13 16:53:31 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-09-25 00:00:22 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-03-13 16:53:31 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C651565-5949-4EBE-83F4-CE8EFB975100}]
C:\WINDOWS\system32\gebca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7769AE3-1B47-4556-B7E0-4F4CC5244DB1}]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC858E5A-03EF-4F58-8235-0EC72A59BB60}]
C:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D859D5BB-DC4D-40A3-8EFE-5D0B16DC9209}]
C:\WINDOWS\system32\mllmn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMCAddinProtector"="C:\Program Files\MMC\Office Automation\Protector\MMCAddinProtector.exe" [2007-07-11 01:40 49152]
"MXDA"="C:\Program Files\Mercer\Global Peer Review\Mxda\mxda.exe" [2005-10-20 19:08 262144]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 16:06 136512]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 98304]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
SetPowerScheme.lnk - C:\WINDOWS\system32\wscript.exe [2006-08-21 05:12:45 114688]

C:\Documents and Settings\~Cecil-Long\Start Menu\Programs\Startup\
SetPowerScheme.lnk - C:\WINDOWS\system32\wscript.exe [2006-08-21 05:12:45 114688]

C:\Documents and Settings\Shan-Fernando\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 14:15:48 462848]
Launch Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2006-01-20 15:35:58 196296]
Monitor My eRooms.lnk - C:\Program Files\eRoom 6\ERClient.exe [2007-11-15 11:09:32 65586]
Work.url [2008-02-26 15:23:50 378]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Access Manager Client.lnk - C:\WINDOWS\Installer\{9FAD4AF9-68DB-4AD1-85D4-03E06B0E388A}\AccessManStartup.exe [2007-05-30 12:34:08 45056]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
McAfee Host Intrusion Prevention Tray.lnk - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2007-08-28 09:57:40 847872]
Push Client.lnk - C:\WINDOWS\Installer\{892B84C6-D06D-4423-A4F9-AE1F5575D165}\Icon892B84C6.exe [2007-06-04 08:34:22 9728]
VPN Client.lnk - C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2007-05-30 12:31:13 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoManageMyComputerVerb"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"PromptRunasInstallNetPath"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSetTaskbar"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoPropertiesMyComputer"= 1 (0x1)
"NoPropertiesMyDocuments"= 1 (0x1)
"NoNetworkConnections"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"DisallowCpl"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkll]
pmnlkll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2140084481-2073829295-449275081-140507\Scripts\Logon\0\0]
"Script"=US_W_SFO_Login.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2140084481-2073829295-449275081-19062\Scripts\Logon\0\0]
"Script"=US_W_SFO_Login.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-06-28 11:23]
R0 SBAlg;SBAlg;C:\WINDOWS\system32\drivers\SBAlg.sys [2007-06-28 11:23]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-06-28 11:23]
R1 SBFlop;SBFlop;C:\WINDOWS\system32\drivers\SBFlop.sys [2007-06-28 11:23]
R1 SbPrcCtl;SbPrcCtl;C:\WINDOWS\system32\drivers\SbPrcCtl.sys [2007-06-28 11:23]
R2 CCMEXEC;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-03-24 10:52]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;"C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe" [2006-07-24 15:16]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;C:\Program Files\SafeBoot\SBMGRNT.EXE [2007-06-28 11:23]
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 03:50]

nahs003

2008-03-13, 21:01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1F73C5C7-4B6C-497F-932E-05FAEC9B1658}]
msiexec /fu {1F73C5C7-4B6C-497F-932E-05FAEC9B1658}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66612A52-0092-4139-991B-456A06FC1DF6}]
msiexec /fu {66612A52-0092-4139-991B-456A06FC1DF6}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72F335EE-5E2E-47C1-BA0D-9B2BE612F336}]
msiexec.exe /f {72F335EE-5E2E-47C1-BA0D-9B2BE612F336} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7BDFBCB2-43A1-45B3-98AD-33F1481F2538}]
wscript.exe "C:\Program Files\MMC People Directory Trusted Sites\\TrustedSite.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{86F19C2F-D631-4E19-A8CD-B429527443D7}]
wscript.exe "C:\Program Files\\Mercer US Screen Saver\HKCU.vbs"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-12 21:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 12:29:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Interwise\Student\pull.exe
.
**************************************************************************
.
Completion time: 2008-03-13 12:31:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 19:31:33
ComboFix2.txt 2007-10-11 19:36:52

km2357

2008-03-13, 21:21

Seems your missing an important part of you're operating system. Let's get it reinstalled in case you ever need it.
Nothing is going to change on your computer other than we are going to reinstall the Recovery Console.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

http://i266.photobucket.com/albums/ii277/sUBs_/KB310994.gif

Download the file & save it as it's originally named, to your desktop along with ComboFix.exe.

http://i266.photobucket.com/albums/ii277/sUBs_/rc1.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until I have reviewed the log.

km2357

2008-03-13, 21:52

Also, is this your home computer or a computer at your work?

nahs003

2008-03-13, 22:14

Work computer.

COMBOFIX LOG
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

km2357

2008-03-13, 23:49

Hi.

Since this is your work computer, it'd be best if you contact your IT department and let them fix your computer. I don't want to change any settings on your computer that aren't supposed to be changed.

Make sure to show them this thread so they can see what has been done so far.