Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IRCbot [RESOLVED]

Started by synesthesia , Aug 23 2008 05:15 PM

  • This topic is locked This topic is locked

#31
synesthesia
Posted 28 August 2008 - 04:32 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here's the new ComboFix log
I have to go out soon so i'll do the second thing when I get back home.

ComboFix 08-08-23.03 - Soleil Robichaud 2008-08-28 18:15:55.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.122 [GMT -4:00]
Running from: C:\Documents and Settings\Soleil Robichaud\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Soleil Robichaud\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)\Quarantine(2)\21-08-2008-22-11-20(2)\41.qit
C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)\Quarantine(2)\23-08-2008-17-03-57(2)\0.qit
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPY3OLEF\mumie[1].exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe
C:\WINDOWS\system32\wins :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmsncs.exe
C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)\Quarantine(2)\21-08-2008-22-11-20(2)\41.qit
C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)\Quarantine(2)\23-08-2008-17-03-57(2)\0.qit
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\interclick.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\interclick.com\ud.sol
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Soleil Robichaud\Cookies\soleil [email protected][2].txt
C:\Program Files\Common Files\System\wmsncs.exe
C:\WINDOWS\Fonts\wmsncs.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPY3OLEF\mumie[1].exe
C:\WINDOWS\system32\spool\drivers\wmsncs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86
-------\Service_NET Runtime Optimization Service v2.1.41329_X86


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-28 12:16 . 2008-08-28 12:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-28 12:16 . 2008-08-28 12:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-28 09:32 . 2008-08-28 09:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 09:14 . 2008-08-28 09:14 137 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-28 09:09 . 2002-12-11 20:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-28 09:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-28 08:56 . 2008-08-28 09:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 08:53 . 2006-06-26 13:47 140,288 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-08-28 08:53 . 2006-03-01 15:44 83,456 --a------ C:\WINDOWS\system32\mtxoci.dll
2008-08-28 08:53 . 2006-03-01 15:44 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2008-08-28 08:53 . 2006-06-26 13:47 6,144 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-08-28 08:25 . 2008-08-28 08:25 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\Yahoo!
2008-08-27 21:32 . 2008-08-27 21:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-27 21:32 . 2008-08-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-27 19:06 . 2008-08-27 19:06 <DIR> d-------- C:\WINDOWS\Sun
2008-08-27 19:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 19:03 . 2008-08-27 19:05 <DIR> d-------- C:\Program Files\Java
2008-08-27 19:03 . 2008-08-27 19:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-26 19:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 19:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 18:40 . 2008-08-26 18:40 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-26 16:55 . 2008-08-26 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:48 . 2008-08-26 16:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-26 09:16 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-26 09:16 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-26 09:16 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-26 09:16 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-26 09:16 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-26 09:16 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-26 09:16 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-25 14:33 . 2008-08-25 14:34 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\PrivacyControl
2008-08-24 19:54 . 2008-08-24 19:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-24 19:48 . 2008-08-24 20:05 <DIR> d-------- C:\SDFix
2008-08-24 12:30 . 2008-08-24 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 19:01 . 2008-08-23 19:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 18:49 . 2008-08-23 18:52 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)
2008-08-23 18:20 . 2008-08-26 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Malwarebytes
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 18:19 . 2008-08-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-23 18:13 . 2008-08-23 18:59 <DIR> d-------- C:\Program Files\ERUNT
2008-08-14 22:37 . 2008-08-14 22:37 <DIR> d-------- C:\Program Files\EPSON
2008-08-14 22:37 . 2004-06-24 01:20 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-08-14 22:37 . 2004-03-12 01:30 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2008-08-14 22:37 . 2004-11-25 05:07 79,679 --a------ C:\WINDOWS\system32\E_FLMABA.DLL
2008-08-14 22:37 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBABA.DLL
2008-08-14 22:37 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHABA.DLL
2008-08-14 22:37 . 2004-06-24 01:20 51 --a------ C:\WINDOWS\system32\EAL32.INI
2008-08-11 00:33 . 2008-08-11 00:33 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\acccore
2008-08-11 00:31 . 2008-08-11 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-11 00:30 . 2008-08-11 00:30 21 --a------ C:\WINDOWS\atid.ini
2008-08-11 00:29 . 2008-08-11 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-11 00:27 . 2008-08-11 00:33 <DIR> d-------- C:\Program Files\AIM6
2008-08-08 22:46 . 2008-08-08 22:46 53 --a------ C:\WINDOWS\system32\g.ftp
2008-08-07 17:31 . 2008-08-07 17:31 159,744 --a------ C:\WINDOWS\system32\Bsmtp.dll
2008-08-07 17:31 . 2008-08-07 17:31 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-07 15:46 . 2008-08-07 15:46 <DIR> d---s---- C:\Documents and Settings\Ron Robichaud\UserData
2008-08-01 23:09 . 2008-08-01 23:09 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2008-08-01 13:01 . 2008-08-15 12:21 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\OnRez
2008-08-01 12:07 . 2008-08-01 12:07 <DIR> d---s---- C:\Documents and Settings\Trevor Robichaud\UserData
2008-07-31 22:03 . 2008-08-15 01:49 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\SecondLife
2008-07-31 21:53 . 2008-07-31 21:53 <DIR> d---s---- C:\Documents and Settings\Soleil Robichaud\UserData
2008-07-31 21:40 . 2008-07-31 21:40 2,838 --a------ C:\WINDOWS\machine.ver
2008-07-31 14:02 . 2008-07-31 14:02 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\MAGIX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 01:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 04:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-08 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-02 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 15:16 --------- d-----w C:\Program Files\MindSpring 4.0
.

------- Sigcheck -------

2004-08-03 14:02 113944 4fe41a819f5a1ff0923f12b34830a6ca C:\WINDOWS\LastGood\System32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-24_20.47.45.80 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-04-29 17:21:22 6,656 -c--a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-28 13:38:24 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2003-04-29 17:23:12 32,768 -c--a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-28 13:38:27 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2003-04-29 17:23:02 712,704 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-28 13:38:46 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2003-04-29 17:23:01 286,720 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-28 13:38:28 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2003-04-29 17:23:11 1,564,672 -c--a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-08-28 13:38:47 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2003-04-29 17:23:11 32,768 -c--a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-08-28 13:38:39 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2003-04-29 17:23:10 77,824 -c--a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-28 13:38:31 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2003-04-29 17:23:09 1,175,552 -c--a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-08-28 13:38:41 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2003-04-29 17:23:09 1,691,648 -c--a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-28 13:38:25 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2003-04-29 17:23:08 86,016 -c--a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-28 13:38:45 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2003-04-29 17:23:07 65,536 -c--a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-28 13:38:51 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2003-04-29 17:23:07 462,848 -c--a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-28 13:38:38 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2003-04-29 17:23:07 212,992 -c--a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-28 13:38:29 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2003-04-29 17:23:07 47,104 -c--a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-08-28 13:38:29 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2003-04-29 17:23:06 348,160 -c--a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-28 13:38:37 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2003-04-29 17:23:06 241,664 -c--a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-28 13:38:48 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2003-04-29 17:23:06 307,200 -c--a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-28 13:38:35 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2003-04-29 17:23:05 131,072 -c--a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-28 13:38:30 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-04-29 17:21:20 77,824 -c--a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-28 13:38:33 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2003-04-29 17:23:03 126,976 -c--a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-28 13:38:42 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2003-04-29 17:23:05 61,440 -c--a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-28 13:38:28 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2003-04-29 17:23:04 503,808 -c--a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-28 13:38:26 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2003-04-29 17:23:01 1,187,840 -c--a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-28 13:38:44 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2003-04-29 17:23:03 1,982,464 -c--a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-28 13:38:32 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2003-04-29 17:23:02 1,294,336 -c--a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
+ 2008-08-28 13:38:36 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
- 2003-04-29 17:23:08 1,167,360 -c--a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-08-28 13:38:50 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-08-28 13:40:06 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_fcc84294\CustomMarshalers.dll
+ 2008-08-28 13:39:23 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_ae86a5b8\mscorlib.dll
+ 2008-08-28 13:39:50 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_76516206\System.Design.dll
+ 2008-08-28 13:40:05 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_f8cb9e5e\System.Drawing.Design.dll
+ 2008-08-28 13:39:34 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_c7b6a38e\System.Drawing.dll
+ 2008-08-28 13:40:05 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_bbb0ca0e\System.Windows.Forms.dll
+ 2008-08-28 13:39:58 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_2dc8b727\System.Xml.dll
+ 2008-08-28 13:39:14 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_bb57f4e6\System.dll
- 2002-11-18 18:27:40 392,576 -c--a-w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2004-10-12 16:22:52 436,608 ----a-w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2004-10-22 07:29:14 1,900,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2004-10-22 04:29:42 1,955,840 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2004-10-22 07:29:42 1,928,704 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2004-10-22 08:33:31 2,088,448 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2001-12-07 16:32:04 1,081,344 -c--a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
+ 2005-05-04 19:33:52 1,077,312 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
- 2002-09-22 03:13:26 10,752 -c--a-w C:\WINDOWS\hh.exe
+ 2005-05-25 22:44:31 10,752 ----a-w C:\WINDOWS\hh.exe
- 2002-10-18 02:08:12 6,550 -c--a-w C:\WINDOWS\jautoexp.dat
+ 2003-02-28 20:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2008-08-28 13:06:50 2,678 ----a-w C:\WINDOWS\java\Packages\Data\1RLVR93Z.DAT
+ 2008-08-28 13:06:56 2,678 ----a-w C:\WINDOWS\java\Packages\Data\MB33D37F.DAT
+ 2008-08-28 13:06:48 2,678 ----a-w C:\WINDOWS\java\Packages\Data\NDJVFLVZ.DAT
+ 2008-08-28 13:06:47 2,678 ----a-w C:\WINDOWS\java\Packages\Data\VDV3V9FJ.DAT
+ 2008-08-28 13:06:47 2,678 ----a-w C:\WINDOWS\java\Packages\Data\YBVLFDZ5.DAT
+ 2002-11-18 18:27:40 392,576 ----a-w C:\WINDOWS\LastGood\Driver Cache\i386\mrxsmb.sys
+ 2002-10-18 02:08:12 6,550 ----a-w C:\WINDOWS\LastGood\jautoexp.dat
+ 2002-10-18 03:44:56 46,352 ----a-w C:\WINDOWS\LastGood\setdebug.exe
+ 2004-07-01 22:08:18 361,984 ----a-w C:\WINDOWS\LastGood\System32\bits\qmgr.dll
+ 2004-08-03 18:00:12 71,448 ----a-w C:\WINDOWS\LastGood\System32\cdm.dll
+ 2002-10-18 03:44:48 49,424 ----a-w C:\WINDOWS\LastGood\System32\clspack.exe
+ 2002-08-29 12:00:00 89,600 ----a-w C:\WINDOWS\LastGood\System32\cscdll.dll
+ 2002-08-29 12:00:00 221,696 ----a-w C:\WINDOWS\LastGood\System32\dllcache\qmgr.dll
+ 2002-08-29 12:00:00 17,408 ----a-w C:\WINDOWS\LastGood\System32\dllcache\qmgrprxy.dll
+ 2002-08-29 12:00:00 163,328 ----a-w C:\WINDOWS\LastGood\System32\DRIVERS\rdbss.sys
+ 2002-10-18 02:07:28 313,856 ----a-w C:\WINDOWS\LastGood\System32\dx3j.dll
+ 2002-10-18 03:44:36 187,152 ----a-w C:\WINDOWS\LastGood\System32\javacypt.dll
+ 2002-10-18 03:44:36 139,536 ----a-w C:\WINDOWS\LastGood\System32\javaee.dll
+ 2002-10-18 03:44:38 63,248 ----a-w C:\WINDOWS\LastGood\System32\javaprxy.dll
+ 2002-10-18 03:44:38 404,752 ----a-w C:\WINDOWS\LastGood\System32\javart.dll
+ 2002-10-18 03:44:54 15,120 ----a-w C:\WINDOWS\LastGood\System32\jdbgmgr.exe
+ 2002-10-18 03:44:38 171,280 ----a-w C:\WINDOWS\LastGood\System32\jit.dll
+ 2002-10-18 03:44:54 172,304 ----a-w C:\WINDOWS\LastGood\System32\jview.exe
+ 2002-08-29 12:00:00 671,744 ----a-w C:\WINDOWS\LastGood\System32\lsasrv.dll
+ 2002-10-18 03:44:40 154,384 ----a-w C:\WINDOWS\LastGood\System32\msawt.dll
+ 2002-10-18 03:44:48 947,984 ----a-w C:\WINDOWS\LastGood\System32\msjava.dll
+ 2002-10-18 03:44:48 21,264 ----a-w C:\WINDOWS\LastGood\System32\msjdbc10.dll
+ 2002-08-29 12:00:00 1,947,904 ----a-w C:\WINDOWS\LastGood\System32\ntkrnlpa.exe
+ 2002-08-29 12:00:00 2,042,240 ----a-w C:\WINDOWS\LastGood\System32\ntoskrnl.exe
+ 2002-08-29 12:00:00 221,696 ----a-w C:\WINDOWS\LastGood\System32\qmgr.dll
+ 2002-08-29 12:00:00 17,408 ----a-w C:\WINDOWS\LastGood\System32\qmgrprxy.dll
+ 2002-08-29 12:00:00 116,224 ----a-w C:\WINDOWS\LastGood\System32\shsvcs.dll
+ 2002-10-18 03:44:48 286,992 ----a-w C:\WINDOWS\LastGood\System32\vmhelper.dll
+ 2002-08-29 12:00:00 310,272 ----a-w C:\WINDOWS\LastGood\System32\winhttp.dll
+ 2002-10-18 03:44:56 171,792 ----a-w C:\WINDOWS\LastGood\System32\wjview.exe
+ 2004-08-03 18:00:10 420,632 ----a-w C:\WINDOWS\LastGood\System32\wuapi.dll
+ 2004-08-03 18:07:38 1,081,112 ----a-w C:\WINDOWS\LastGood\System32\wuaueng.dll
+ 2004-08-03 18:02:52 118,552 ----a-w C:\WINDOWS\LastGood\System32\wucltui.dll
+ 2004-08-03 17:59:14 39,704 ----a-w C:\WINDOWS\LastGood\System32\wups.dll
+ 2004-08-03 17:59:18 120,288 ----a-w C:\WINDOWS\LastGood\System32\wuweb.dll
- 2002-01-05 09:55:46 126,976 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
+ 2004-07-15 06:41:06 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
- 2002-06-12 11:47:38 196,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-07-15 03:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2002-06-12 11:47:40 24,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2004-07-15 03:36:08 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-12 11:47:40 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-07-15 03:36:10 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2002-06-12 12:54:20 94,208 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
+ 2004-07-15 15:05:24 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
- 2002-06-12 11:03:56 69,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
+ 2004-07-15 02:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
- 2002-01-05 11:49:32 49,152 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
+ 2004-07-15 08:45:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
- 2002-06-12 19:19:02 589,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
+ 2004-07-15 14:27:20 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
- 2002-01-05 04:40:40 798,720 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
+ 2004-07-15 03:33:28 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
- 2002-06-12 11:01:54 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
+ 2004-07-15 02:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
- 2002-06-12 12:54:28 6,656 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-15 15:04:44 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2002-01-05 15:41:48 6,656 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
+ 2004-07-15 15:05:18 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
- 2002-06-12 12:54:32 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
+ 2004-07-15 15:04:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
- 2002-01-05 04:32:50 180,224 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
+ 2004-07-15 02:50:54 184,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
- 2002-06-12 12:54:34 24,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
+ 2004-07-15 15:05:28 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
- 2002-06-12 12:54:36 40,960 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
+ 2004-07-15 15:05:00 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
- 2002-06-12 12:54:42 712,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
+ 2004-07-15 15:05:48 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
- 2002-06-12 12:54:44 286,720 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
+ 2004-07-15 15:05:16 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
- 2002-06-12 12:55:00 1,564,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
+ 2004-07-15 15:05:52 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
- 2002-01-05 04:32:38 69,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
+ 2004-07-15 02:50:28 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
- 2002-01-05 04:32:38 221,184 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
+ 2004-07-15 02:50:28 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
- 2002-01-05 04:32:40 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-07-15 02:50:30 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2002-06-12 04:02:02 303,104 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-15 02:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2002-06-12 04:04:04 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-07-15 02:50:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2002-06-12 19:55:02 1,953,792 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-15 15:05:34 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2002-01-05 04:31:46 61,440 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
+ 2004-07-15 02:50:32 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
- 2002-01-05 04:32:38 143,360 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
+ 2004-07-15 02:50:32 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
- 2002-01-05 04:32:38 57,344 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
+ 2004-07-15 02:50:34 46,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
- 2002-01-05 04:32:40 65,536 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
+ 2004-07-15 02:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
- 2002-06-12 11:02:40 2,260,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-15 02:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2002-01-05 04:32:44 8,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
+ 2004-07-15 02:50:40 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
- 2002-06-12 11:03:24 2,260,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-15 02:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2002-05-09 09:38:44 45,056 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2004-08-10 20:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2002-01-05 04:32:52 143,360 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
+ 2004-07-15 02:50:58 147,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
- 2002-01-05 04:40:42 20,480 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
+ 2004-07-15 03:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
- 2002-06-12 12:55:06 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
+ 2004-07-15 15:05:12 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
- 2002-06-12 12:55:08 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
+ 2004-07-15 15:04:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
- 2002-06-12 19:55:12 11,264 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
+ 2004-07-15 15:04:12 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
- 2002-06-12 12:55:22 77,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
+ 2004-07-15 15:05:10 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
- 2002-06-12 12:55:24 1,175,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
+ 2004-07-15 15:05:50 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
- 2002-06-12 12:55:26 1,691,648 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
+ 2004-07-15 15:05:22 1,695,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
- 2002-06-12 12:55:30 86,016 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
+ 2004-07-15 15:05:40 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
- 2002-06-12 19:55:32 1,167,360 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2004-07-15 15:05:20 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
- 2002-06-12 12:55:32 65,536 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
+ 2004-07-15 15:05:20 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
- 2002-06-12 12:55:34 462,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
+ 2004-07-15 15:05:18 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
- 2002-06-12 12:55:38 212,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
+ 2004-07-15 15:05:46 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
- 2002-06-12 04:04:28 47,104 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 02:50:50 48,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
- 2002-06-12 19:55:40 348,160 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
+ 2004-07-15 15:05:18 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
- 2002-06-12 12:55:42 241,664 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
+ 2004-07-15 15:05:28 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
- 2002-06-12 12:53:44 307,200 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
+ 2004-07-15 15:05:30 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
- 2002-06-12 12:53:46 131,072 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 15:05:14 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
- 2002-01-05 16:12:50 77,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2004-07-15 15:05:22 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
- 2002-06-12 12:53:52 126,976 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
+ 2004-07-15 15:05:26 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
- 2002-06-12 19:53:54 1,187,840 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-15 15:05:34 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2002-06-12 12:53:56 61,440 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
+ 2004-07-15 15:05:38 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
- 2002-06-12 12:53:58 503,808 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
+ 2004-07-15 15:05:30 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
- 2002-06-12 19:54:00 1,982,464 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
+ 2004-07-15 15:05:22 2,002,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
- 2002-06-12 19:54:04 1,294,336 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-07-15 15:05:22 1,302,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-06-22 17:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe
- 2002-01-05 15:00:58 712,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
+ 2004-07-15 14:27:02 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
- 2002-01-05 11:39:32 999,424 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
+ 2004-07-15 08:36:38 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
- 2002-10-18 03:44:56 46,352 -c--a-w C:\WINDOWS\setdebug.exe
+ 2003-02-28 22:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2004-07-01 22:08:18 361,984 ------w C:\WINDOWS\system32\bits\qmgr.dll
+ 2004-07-01 22:08:18 7,680 ------w C:\WINDOWS\system32\bitsprx2.dll
+ 2004-07-01 22:08:18 7,168 ------w C:\WINDOWS\system32\bitsprx3.dll
- 2002-08-29 12:00:00 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2005-06-18 04:16:18 1,017,856 ----a-w C:\WINDOWS\system32\BROWSEUI.DLL
- 2002-08-29 12:00:00 142,336 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2004-12-07 22:43:02 143,360 ----a-w C:\WINDOWS\system32\CDFVIEW.DLL
- 2002-08-29 12:00:00 14,848 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2002-10-18 03:44:48 49,424 -c--a-w C:\WINDOWS\system32\clspack.exe
+ 2003-02-28 22:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
- 2002-08-29 12:00:00 557,056 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:53:55 561,664 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2008-08-23 18:57:18 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-26 12:28:00 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-23 18:57:18 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-26 12:28:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-23 18:57:18 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-26 12:28:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2002-08-29 12:00:00 89,600 ----a-w C:\WINDOWS\system32\cscdll.dll
+ 2004-10-28 01:29:54 92,160 ----a-w C:\WINDOWS\system32\cscdll.dll
- 2002-08-29 12:00:00 986,112 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2005-10-21 00:08:44 986,112 ----a-w C:\WINDOWS\system32\DANIM.DLL
+ 2004-07-01 22:08:18 7,680 -c----w C:\WINDOWS\system32\dllcache\bitsprx2.dll
+ 2004-07-01 22:08:18 7,168 -c----w C:\WINDOWS\system32\dllcache\bitsprx3.dll
+ 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2006-08-25 15:53:55 561,664 -c----w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2002-08-29 12:00:00 986,112 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2005-10-21 00:08:44 986,112 -c--a-w C:\WINDOWS\system32\dllcache\DANIM.DLL
+ 2004-08-20 22:01:15 82,432 -c----w C:\WINDOWS\system32\dllcache\fldrclnr.dll
+ 2006-07-21 08:30:50 72,704 -c----w C:\WINDOWS\system32\dllcache\hlink.dll
- 2002-08-29 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2004-08-26 14:53:48 69,632 -c--a-w C:\WINDOWS\system32\dllcache\INSENG.DLL
+ 2006-05-13 10:13:31 74,368 -c----w C:\WINDOWS\system32\dllcache\ipsec.sys
- 2002-08-29 12:00:00 332,800 -c--a-w C:\WINDOWS\system32\dllcache\ipsecsnp.dll
+ 2006-05-14 09:13:41 334,848 -c--a-w C:\WINDOWS\system32\dllcache\ipsecsnp.dll
+ 2006-05-14 09:13:41 159,744 -c----w C:\WINDOWS\system32\dllcache\ipsecsvc.dll
- 2002-08-29 12:00:00 364,032 -c--a-w C:\WINDOWS\system32\dllcache\ipsmsnap.dll
+ 2006-05-14 09:13:41 364,544 -c--a-w C:\WINDOWS\system32\dllcache\ipsmsnap.dll
- 2003-01-10 21:43:48 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 01:59:52 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2002-08-29 12:00:00 166,912 -c--a-w C:\WINDOWS\system32\dllcache\iuengine.dll
+ 2004-08-03 18:04:40 185,624 -c--a-w C:\WINDOWS\system32\dllcache\iuengine.dll
- 2002-08-29 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-04-28 14:58:48 12,288 -c--a-w C:\WINDOWS\system32\dllcache\JSPROXY.DLL
- 2002-08-29 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2004-03-30 01:48:36 36,864 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2002-08-29 12:00:00 359,936 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:44:39 368,640 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2002-08-29 12:00:00 869,376 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:44:39 974,336 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2002-08-29 12:00:00 151,040 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:44:39 150,528 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2002-08-29 12:00:00 847,872 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 18:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2002-08-29 12:00:00 496,128 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2006-03-03 20:13:30 498,176 -c--a-w C:\WINDOWS\system32\dllcache\MSTIME.DLL
+ 2006-05-14 09:13:41 257,536 -c----w C:\WINDOWS\system32\dllcache\oakley.dll
- 2002-08-29 12:00:00 87,552 -c--a-w C:\WINDOWS\system32\dllcache\polstore.dll
+ 2006-05-14 09:13:41 98,304 -c--a-w C:\WINDOWS\system32\dllcache\polstore.dll
- 2002-08-29 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\dllcache\qmgr.dll
+ 2004-07-01 22:08:18 361,984 -c--a-w C:\WINDOWS\system32\dllcache\qmgr.dll
- 2002-08-29 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\dllcache\qmgrprxy.dll
+ 2004-07-01 22:08:18 17,408 -c--a-w C:\WINDOWS\system32\dllcache\qmgrprxy.dll
- 2003-05-30 16:00:02 1,962,496 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2005-08-30 13:14:00 1,227,776 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2006-06-22 10:59:17 169,984 -c----w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2002-08-29 12:00:00 115,976 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:30:15 116,104 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2002-08-29 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:41:42 199,936 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2002-11-27 18:50:24 8,239,616 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2006-07-13 13:46:56 8,353,280 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2006-08-14 08:59:20 321,536 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2004-08-20 22:01:15 700,928 -c----w C:\WINDOWS\system32\dllcache\sxs.dll
- 2002-08-29 12:00:00 560,128 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2005-03-02 18:20:03 561,152 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2002-08-29 12:00:00 599,040 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-06-23 15:33:58 575,488 -c--a-w C:\WINDOWS\system32\dllcache\WININET.DLL
+ 2006-05-14 09:13:41 29,184 -c----w C:\WINDOWS\system32\dllcache\winipsec.dll
+ 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2002-08-29 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:44:39 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2002-08-29 12:00:00 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-06-26 17:47:50 140,288 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-04-29 15:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 15:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
- 2002-08-29 12:00:00 57,984 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2006-05-13 10:13:31 74,368 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
- 2002-11-18 18:27:40 392,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2004-10-12 16:22:52 436,608 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2008-04-29 15:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2002-08-29 12:00:00 163,328 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2004-10-12 16:22:24 170,112 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2002-08-29 12:00:00 115,976 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:30:15 116,104 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2002-08-29 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2002-12-20 19:36:00 322,048 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2002-10-18 02:07:28 313,856 -c--a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 20:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2002-08-29 12:00:00 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2006-06-09 18:35:50 351,744 ----a-w C:\WINDOWS\system32\DXTMSFT.DLL
- 2002-08-29 12:00:00 194,560 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2006-06-09 18:35:30 192,512 ----a-w C:\WINDOWS\system32\DXTRANS.DLL
- 2002-08-29 12:00:00 82,432 ----a-w C:\WINDOWS\system32\fldrclnr.dll
+ 2004-08-20 22:01:15 82,432 ----a-w C:\WINDOWS\system32\fldrclnr.dll
- 2008-08-05 03:11:50 391,184 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-28 13:41:58 391,184 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2002-08-29 12:00:00 250,368 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2005-10-06 03:19:32 260,608 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2003-01-10 21:43:46 37,888 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 01:59:52 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2002-08-29 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:30:50 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2002-08-29 12:00:00 236,032 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:54:58 237,056 ----a-w C:\WINDOWS\system32\icm32.dll
- 2002-08-29 12:00:00 231,424 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-02-24 19:24:42 236,032 ----a-w C:\WINDOWS\system32\IEPEERS.DLL
- 2002-08-29 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\inseng.dll
+ 2004-08-26 14:53:48 69,632 ----a-w C:\WINDOWS\system32\INSENG.DLL
- 2002-08-29 12:00:00 332,800 -c--a-w C:\WINDOWS\system32\ipsecsnp.dll
+ 2006-05-14 09:13:41 334,848 ----a-w C:\WINDOWS\system32\ipsecsnp.dll
- 2002-08-29 12:00:00 155,648 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
+ 2006-05-14 09:13:41 159,744 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
- 2002-08-29 12:00:00 364,032 -c--a-w C:\WINDOWS\system32\ipsmsnap.dll
+ 2006-05-14 09:13:41 364,544 ----a-w C:\WINDOWS\system32\ipsmsnap.dll
- 2003-01-10 21:43:48 143,872 -c--a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 01:59:52 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2003-01-10 21:43:48 122,368 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 01:59:52 128,000 ----a-w C:\WINDOWS\system32\itss.dll
- 2002-08-29 12:00:00 166,912 -c--a-w C:\WINDOWS\system32\iuengine.dll
+ 2004-08-03 18:04:40 185,624 ----a-w C:\WINDOWS\system32\iuengine.dll
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2002-10-18 03:44:36 187,152 -c--a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 22:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
- 2002-10-18 03:44:36 139,536 -c--a-w C:\WINDOWS\system32\javaee.dll
+ 2003-02-28 22:26:18 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
- 2002-10-18 03:44:38 63,248 -c--a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-02-28 22:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2002-10-18 03:44:38 404,752 -c--a-w C:\WINDOWS\system32\javart.dll
+ 2003-02-28 22:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2002-10-18 03:44:54 15,120 -c--a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-02-28 22:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2002-10-18 03:44:38 171,280 -c--a-w C:\WINDOWS\system32\jit.dll
+ 2003-02-28 22:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2002-08-29 12:00:00 12,288 -c--a-w C:\WINDOWS\system32\jsproxy.dll
+ 2006-04-28 14:58:48 12,288 ----a-w C:\WINDOWS\system32\JSPROXY.DLL
- 2002-10-18 03:44:54 172,304 -c--a-w C:\WINDOWS\system32\jview.exe
+ 2003-02-28 22:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
- 2002-08-29 12:00:00 272,896 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:50:24 285,184 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2002-08-29 12:00:00 15,360 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:49:29 16,384 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2002-08-29 12:00:00 671,744 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-10-28 01:29:54 681,984 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2008-05-16 15:58:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2002-08-29 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\mf3216.dll
+ 2004-03-30 01:48:36 36,864 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2008-08-05 15:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2002-10-18 03:44:40 154,384 -c--a-w C:\WINDOWS\system32\msawt.dll
+ 2003-02-28 22:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 2002-08-29 12:00:00 68,096 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:54:58 68,608 ----a-w C:\WINDOWS\system32\mscms.dll
- 2002-01-05 04:31:44 131,072 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2004-07-15 02:48:24 131,072 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2002-08-29 12:00:00 359,936 -c--a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:44:39 368,640 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2002-08-29 12:00:00 869,376 -c--a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:44:39 974,336 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2002-08-29 12:00:00 151,040 -c--a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:44:39 150,528 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2002-12-02 17:06:38 2,783,232 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2006-06-30 14:28:26 2,703,872 ----a-w C:\WINDOWS\system32\MSHTML.DLL
- 2002-08-29 12:00:00 2,086,400 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 18:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2002-08-29 12:00:00 64,512 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 18:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2002-08-29 12:00:00 305,664 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 18:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2002-08-29 12:00:00 847,872 -c--a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 18:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2002-08-29 12:00:00 39,936 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 18:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2002-10-18 03:44:48 947,984 -c--a-w C:\WINDOWS\system32\msjava.dll
+ 2003-02-28 22:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2002-10-18 03:44:48 21,264 -c--a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-02-28 22:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2002-08-29 12:00:00 132,096 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2005-02-24 16:54:42 132,096 ----a-w C:\WINDOWS\system32\MSRATING.DLL
- 2002-08-29 12:00:00 496,128 -c--a-w C:\WINDOWS\system32\mstime.dll
+ 2006-03-03 20:13:30 498,176 ----a-w C:\WINDOWS\system32\MSTIME.DLL
- 2002-08-29 12:00:00 154,112 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:36:34 154,624 ----a-w C:\WINDOWS\system32\netman.dll
- 2002-08-29 12:00:00 1,947,904 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2004-10-22 04:29:42 1,955,840 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2002-08-29 12:00:00 2,042,240 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2004-10-22 08:33:31 2,088,448 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2002-08-29 12:00:00 328,704 ----a-w C:\WINDOWS\system32\oakley.dll
+ 2006-05-14 09:13:41 257,536 ----a-w C:\WINDOWS\system32\oakley.dll
- 2002-08-29 12:00:00 34,304 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2005-04-27 14:53:06 34,816 ----a-w C:\WINDOWS\system32\PNGFILT.DLL
- 2002-08-29 12:00:00 87,552 -c--a-w C:\WINDOWS\system32\polstore.dll
+ 2006-05-14 09:13:41 98,304 ----a-w C:\WINDOWS\system32\polstore.dll
- 2002-08-29 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\qmgr.dll
+ 2004-07-01 22:08:18 361,984 ----a-w C:\WINDOWS\system32\qmgr.dll
- 2002-08-29 12:00:00 17,408 -c--a-w C:\WINDOWS\system32\qmgrprxy.dll
+ 2004-07-01 22:08:18 17,408 ----a-w C:\WINDOWS\system32\qmgrprxy.dll
- 2003-05-30 16:00:02 1,962,496 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2005-08-30 13:14:00 1,227,776 ----a-w C:\WINDOWS\system32\quartz.dll
- 2002-08-29 12:00:00 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:47:50 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2002-08-29 12:00:00 158,720 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:59:17 169,984 ----a-w C:\WINDOWS\system32\rasmans.dll

Edited by synesthesia, 28 August 2008 - 07:12 PM.

  • 0

Advertisements

#32
synesthesia
Posted 28 August 2008 - 07:11 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ComboFix got cut off, so heres the rest of it



- 2003-01-07 23:37:16 1,338,880 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-05-26 19:40:58 1,339,904 ----a-w C:\WINDOWS\system32\SHDOCVW.DLL
- 2002-11-27 18:50:24 8,239,616 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-07-13 13:46:56 8,353,280 ----a-w C:\WINDOWS\system32\shell32.dll
- 2002-08-29 12:00:00 401,920 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-01 01:49:30 409,088 ----a-w C:\WINDOWS\system32\SHLWAPI.DLL
- 2002-08-29 12:00:00 116,224 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2004-10-28 01:29:54 116,736 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2003-05-10 04:03:40 6,656 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2002-08-29 12:00:00 51,200 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:55:46 53,248 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2002-08-29 12:00:00 226,304 ----a-w C:\WINDOWS\system32\srrstr.dll
+ 2005-10-27 19:06:37 226,816 ----a-w C:\WINDOWS\system32\srrstr.dll
- 2002-08-29 12:00:00 674,816 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2004-08-20 22:01:15 700,928 ----a-w C:\WINDOWS\system32\sxs.dll
- 2003-02-09 00:24:42 483,328 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-08-31 00:42:56 461,824 ----a-w C:\WINDOWS\system32\URLMON.DLL
- 2002-08-29 12:00:00 560,128 ----a-w C:\WINDOWS\system32\user32.dll
+ 2005-03-02 18:20:03 561,152 ----a-w C:\WINDOWS\system32\user32.dll
+ 2006-03-17 00:49:30 25,600 ------w C:\WINDOWS\system32\verclsid.exe
- 2002-10-18 03:44:48 286,992 -c--a-w C:\WINDOWS\system32\vmhelper.dll
+ 2003-02-28 22:26:26 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
- 2002-11-18 22:25:10 1,694,464 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2005-10-04 01:38:18 1,799,552 ----a-w C:\WINDOWS\system32\win32k.sys
- 2002-08-29 12:00:00 99,328 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2005-06-11 02:41:12 102,400 ----a-w C:\WINDOWS\system32\win32spl.dll
- 2002-08-29 12:00:00 310,272 ----a-w C:\WINDOWS\system32\winhttp.dll
+ 2004-07-01 22:08:18 331,776 ----a-w C:\WINDOWS\system32\winhttp.dll
- 2002-08-29 12:00:00 599,040 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-06-23 15:33:58 575,488 ----a-w C:\WINDOWS\system32\WININET.DLL
- 2002-08-29 12:00:00 25,600 ----a-w C:\WINDOWS\system32\winipsec.dll
+ 2006-05-14 09:13:41 29,184 ----a-w C:\WINDOWS\system32\winipsec.dll
- 2002-08-29 12:00:00 276,480 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2005-09-01 01:49:31 278,016 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2002-10-18 03:44:56 171,792 -c--a-w C:\WINDOWS\system32\wjview.exe
+ 2003-02-28 22:26:32 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
- 2002-12-12 00:27:24 4,648,960 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-04-24 19:40:00 4,730,880 ----a-w C:\WINDOWS\system32\wmp.dll
- 2002-08-29 12:00:00 189,440 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2002-08-29 12:00:00 9,728 -c--a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:44:39 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2004-06-30 23:59:25 158,720 ------w C:\WINDOWS\system32\xpob2res.dll
+ 2006-08-25 09:14:17 595,968 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2005-08-31 22:49:28 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
+ 2006-03-17 02:04:12 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
+ 2006-08-25 15:53:52 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 23:01 258048]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07 114688]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 22:54 40960]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 20:16 172032]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 17:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 21:00 126976]
"NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" [2003-01-17 23:26 458752]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 16:21 159744]
"AccessRampMonitor"="C:\Program Files\AccessRamp\ARMon32.exe" [1999-08-03 13:13 68096]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2006-08-20 22:28 28672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 02:12 49152]
"NvidMediaCenter"="C:\Program Files\Common Files\System\wmsncs.exe" [2008-08-07 15:17 126823]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 04:00 98304]
"Background Intelligent Transfer Service"="C:\WINDOWS\help\svchost.exe" [BU]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [BU]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [BU]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-08-07 15:17 126823]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"000StTHK"="000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 14:20 88363 C:\WINDOWS\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2001-08-03 20:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-12-10 13:49 237568 C:\WINDOWS\system32\TPWRTRAY.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvidMediaCenter"="C:\Program Files\Common Files\System\wmsncs.exe" [2008-08-07 15:17 126823]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [BU]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [BU]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [2008-08-07 15:17 126823]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 02:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 18:23:00 65588]
wmsncs.exe [2008-08-07 15:17:21 126823]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe \"C:\\WINDOWS\\Fonts\\wmsncs.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM

R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;C:\WINDOWS\Fonts\wmsncs.exe []
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\System32\DRIVERS\cben5.sys [2001-08-17 08:13]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 19:29]

*Newly Created Service* - NET_RUNTIME_OPTIMIZATION_SERVICE_V2.1.41329_X86

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
.
Contents of the 'Scheduled Tasks' folder

2003-10-11 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 12:04]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 18:21:44
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

C:\WINDOWS\Fonts\wmsncs.exe [1164] 0x811952A0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-08-28 18:26:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 22:26:10
ComboFix2.txt 2008-08-26 23:40:18
ComboFix3.txt 2008-08-26 00:14:38
ComboFix4.txt 2008-08-25 00:48:59

Pre-Run: 633,667,584 bytes free
Post-Run: 842,129,408 bytes free

730 --- E O F --- 2008-08-28 13:39:55
  • 0

#33
synesthesia
Posted 28 August 2008 - 07:15 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
here's the GMER

I hope you don't mind that i attached it. It was way to big to post on here.

Attached Files


Edited by synesthesia, 28 August 2008 - 07:21 PM.

  • 0

#34
Rorschach112
Posted 29 August 2008 - 10:44 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to delete:
C:\WINDOWS\Fonts\wmsncs.exe

Drivers to delete:
NET Runtime Optimization Service v2.1.41329_X86

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}
HKEY_CLASSES_ROOT\CLSID\{103L3C30-C3B3-4130-9363-E59E1375PERM}


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
  • 0

#35
synesthesia
Posted 29 August 2008 - 04:04 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
whenever I try to extract the avenger.zip file it says "No files to extract" =/
  • 0

#36
Rorschach112
Posted 29 August 2008 - 04:15 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I have uploaded the .exe file here

http://www.mediafire...2db6fb9a8902bda

Download that to your desktop and run it with those instructions
  • 0

#37
synesthesia
Posted 29 August 2008 - 05:03 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
this error comes up when I press "execute"

Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{103L3C30-C3B3-4130-9363-E59E1375PERM}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
  • 0

#38
Rorschach112
Posted 30 August 2008 - 06:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try it once more with this

Begin copying here:

Files to delete:
C:\WINDOWS\Fonts\wmsncs.exe

Drivers to delete:
NET Runtime Optimization Service v2.1.41329_X86

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}
  • 0

#39
synesthesia
Posted 30 August 2008 - 03:26 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 1)
Fri Aug 29 18:57:45 2008

18:57:41: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{103L3C30-C3B3-4130-9363-E59E1375PERM}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
18:57:45: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 1)
Fri Aug 29 18:58:42 2008

18:58:39: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{103L3C30-C3B3-4130-9363-E59E1375PERM}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
18:58:42: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 1)
Fri Aug 29 19:00:03 2008

19:00:01: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{103L3C30-C3B3-4130-9363-E59E1375PERM}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
19:00:03: Error: Execution aborted by user!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 1)
Fri Aug 29 19:03:15 2008

19:03:11: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\CLSID\{103L3C30-C3B3-4130-9363-E59E1375PERM}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
19:03:15: Error: Execution aborted by user!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\Fonts\wmsncs.exe" deleted successfully.
Driver "NET Runtime Optimization Service v2.1.41329_X86" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:01 PM, on 8/30/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\AccessRamp\ARMon32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AccessRampMonitor] C:\Program Files\AccessRamp\ARMon32.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"
O4 - HKLM\..\Run: [Background Intelligent Transfer Service] C:\WINDOWS\help\svchost.exe
O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe
O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe
O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: wmsncs.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.mindspring.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=23100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8053 bytes
  • 0

#40
Rorschach112
Posted 30 August 2008 - 05:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Then run ComboFix again and post the log
  • 0

Advertisements

#41
synesthesia
Posted 30 August 2008 - 06:14 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
while doing the Dr.Web thing, it says:


C:\Documents and Settings\Soleil Robichaud\Desktop\ComboFix.exe

Archive contains infected objects

Move?



should I say yes?
  • 0

#42
Rorschach112
Posted 30 August 2008 - 06:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No ignore that and anything else about ComboFix
  • 0

#43
synesthesia
Posted 30 August 2008 - 06:58 PM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
would it be bad if i said "yes"?

it said that for SDFix also =/

Edited by synesthesia, 30 August 2008 - 06:58 PM.

  • 0

#44
Rorschach112
Posted 31 August 2008 - 07:49 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Fix everything it finds
  • 0

#45
synesthesia
Posted 31 August 2008 - 08:23 AM

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
when i clicked yes to that thing for combofix it disappeared from my desktop, so i'm not sure if it's still on my computer somewhere or not. should i just download it again?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP