954,234 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

Internet Connection Troubles due to virus?

Hello, I'm here asking for help about a weird virus that has somehow infected my system. This virus has very odd behavior as it only is effecting my system and MBAM, AVG 8.0, Spyboy S&D are unable to detect it.
This virus seems to close down all my ports I believe, as when it 'activates' its script; I did a port scan and all my ports are closed down except a few.
Now what I do know is this threat's behavior. When it is active, and if I try to "reconnect" my wireless adapter it says that retrieving a new IP has failed. The other 3 computers in the household are up, and also connected to wireless.
This virus seems to turn itself on at weird times in the day, and shuts itself off [giving me net access] at usually 8:55 PM EST.
I'll post my Hijackthis log which was taken now with my internet up and running... MBAM shows no infections anywhere, and I'm not sure it'd help. If the Hijackthis log isn't of help, I'll get a log of when my net is down.
-----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:35 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1004\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-725345543-1965331169-1801674531-1004 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_10) -
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) -
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx3013.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: SoftEther VPN Client 2.0 (vpnclient) - Unknown owner - C:\Program Files\SoftEther VPN Client 2.0\vpnclient.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 8468 bytes

------
Please help, I'll try to do anything I can.

SuyaTroubled
Newbie Poster
6 posts since Dec 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

For one thing you are running two anti-virus programs Avast and AVG8 on your computer. This is an absolute NO-NO. One of these MUST be UNINSTALLED.
You also are running the beta program RUBotted from Trend Micro. While this is a legitimate program, from a well respected company it IS a beta version, meaning TEST. If you note the information on their website for this program they offer NO technical support for this, they just want feed back at this time of any problems so they can fix these problems in the official version.
You have Zone Alarm running, fine you need a firewall, and you also have Malwarebytes's Anti-Malware running as a service, so it is running all the time in the background. This is unnecessary. You also have Uniblue SpeedUpMyPC, Registry Mechanic, Lavasoft Ad-Aware Service also running, all not necessary. Turn off ALL of these. I would also recommend you uninstall the beta program RUBotted.
What I am getting at here is this, you have all these security programs running, you feel there is "something" halting your internet access, it could be the something is all these security programs running at the same time. Sometimes "less is more".
Uninstall one of the anti-virus programs, disable these services;
MBA-M, AdAware Services. Take the following out of auto-start, SpeedUpMyPc(basically programs like these don't do a lot to speed up a pc) Two anti-virus programs running at the same time, alone would slow a pc. Registry cleaning isn't something either that generally is advise or generally something that speeds a pc a great deal, and one certainly doesn't need something like this running all the time. So do all that, reboot and see what happens.
It would be nice to see a Full System scan with an Updated MBA-M too.

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

Alright, still having troubles with it; Internet is cutting off at new times and starting up at different times which threw me off.
Scanned during downtime.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:37 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-1004\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (User '?')
O4 - S-1-5-21-725345543-1965331169-1801674531-1004 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_10) -
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) -
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx3013.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 6965 bytes

Malwarebytes' Anti-Malware 1.31
Database version: 1479
Windows 5.1.2600 Service Pack 3

12/11/2008 10:58:18 PM
mbam-log-2008-12-11 (22-58-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134471
Time elapsed: 1 hour(s), 11 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{6A27511F-2BFE-4833-B1AC-792E5AC7A419}\RP366\A0310506.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\wuauclt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

And.. Combo Fix.

ComboFix 08-12-01.01 - Account 2 2008-12-12 1:20:29.7 - NTFSx86

Running from: c:\documents and settings\owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cmd.exe
c:\windows\linkinfo.dll
c:\windows\system32\svchost.dll
c:\windows\update.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-11 18:57 . 2008-12-11 18:57 123 --a------ c:\windows\rootkitno.ini
2008-12-11 18:38 . 2008-12-11 18:57 d-------- C:\RootkitNO
2008-12-10 01:08 . 2008-12-11 18:34 d-------- c:\windows\RestoreSafeDeleted
2008-12-10 01:02 . 2008-12-10 01:02 d-------- c:\documents and settings\NetworkService\Application Data\WTablet
2008-12-10 00:42 . 2008-12-10 00:42 30,946 --a------ c:\windows\system32\drivers\Partizan.sys
2008-12-10 00:42 . 2008-12-10 00:42 28,672 --a------ c:\windows\system32\Partizan.exe
2008-12-10 00:42 . 2008-12-10 00:42 (2) -rahs-ot- c:\windows\winstart.bat
2008-12-10 00:41 . 2008-12-10 00:43 d-------- c:\program files\UnHackMe
2008-12-10 00:41 . 2005-04-03 15:02 8,944 --a------ c:\windows\system32\drivers\UnHackMeDrv.sys
2008-12-09 22:44 . 2008-05-19 05:33 4,445,184 --a------ c:\windows\msi.dll
2008-12-09 22:43 . 2008-04-23 05:05 2,185,984 --a------ c:\windows\ntoskrnl.exe
2008-12-09 22:42 . 2008-09-09 18:08 d-------- c:\windows\svcpack
2008-12-09 15:16 . 2008-12-09 15:16 d-------- c:\program files\Alwil Software
2008-12-09 13:36 . 2008-12-12 01:17 d-------- c:\documents and settings\Account 2\Application Data\OpenOffice.org2
2008-12-09 04:14 . 2008-07-29 11:27 208,896 --a------ c:\windows\system32\ConTest.dll
2008-12-09 04:14 . 2008-08-20 17:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2008-12-09 04:14 . 2007-07-03 11:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2008-12-08 23:04 . 2008-12-08 23:06 d--h----- c:\documents and settings\Account 2\Application Data\netmarble
2008-12-08 14:07 . 2005-01-03 01:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-08 03:40 . 2008-12-08 03:40 d--h----- c:\windows\system32\GroupPolicy
2008-12-08 00:46 . 2008-12-08 00:46 d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-07 06:16 . 2008-12-10 09:06 d--h----- C:\$AVG8.VAULT$
2008-12-07 01:57 . 2008-12-11 08:38 d-------- c:\windows\system32\drivers\Avg
2008-12-07 01:57 . 2008-12-07 01:57 d-------- c:\program files\AVG
2008-12-07 01:57 . 2008-12-07 01:57 d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-07 01:57 . 2008-12-08 05:37 d-------- c:\documents and settings\Account 2\Application Data\AVGTOOLBAR
2008-12-07 01:57 . 2008-12-07 01:57 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-07 01:57 . 2008-12-07 01:57 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-07 01:57 . 2008-12-07 01:57 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-07 01:57 . 2008-12-07 01:57 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-06 22:35 . 2008-12-06 22:35 d-------- c:\windows\system32\ZoneLabs
2008-12-06 22:35 . 2008-12-06 22:35 d-------- c:\program files\Zone Labs
2008-12-06 22:35 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-06 22:35 . 2008-12-06 22:35 4,212 --ah----- c:\windows\system32\zllictbl.dat
2008-12-06 22:34 . 2008-12-12 01:15 348,371 --a------ c:\windows\system32\vsconfig.xml
2008-12-06 21:53 . 2008-12-06 21:53 d-------- c:\windows\system32\scripting
2008-12-06 21:52 . 2008-12-06 21:52 d-------- c:\windows\system32\en
2008-12-06 21:52 . 2008-12-06 21:52 d-------- c:\windows\system32\bits
2008-12-06 21:52 . 2008-12-06 21:53 d-------- c:\windows\l2schemas
2008-12-06 21:49 . 2008-12-06 21:49 d-------- c:\windows\ServicePackFiles
2008-12-06 20:58 . 2008-12-06 20:58 d-------- c:\documents and settings\Account 2\Contacts
2008-12-06 18:41 . 2008-12-06 18:41 d-------- c:\documents and settings\Account 2\Application Data\Uniblue
2008-12-06 17:43 . 2008-12-06 17:43 d-------- c:\documents and settings\Account 2\Application Data\Malwarebytes
2008-12-06 17:15 . 2008-12-06 17:15 d-------- c:\documents and settings\LocalService\Application Data\WTablet
2008-12-06 17:15 . 2008-12-06 17:15 d-------- c:\documents and settings\Account 2\Application Data\WTablet
2008-12-06 17:15 . 2008-12-11 18:38 d-------- c:\documents and settings\Account 2
2008-12-05 15:37 . 2008-12-05 15:37 d-------- C:\download
2008-12-04 04:14 . 2008-12-05 21:38 d-------- c:\documents and settings\owner\.gimp-2.6
2008-12-04 04:12 . 2008-12-04 04:13 d-------- c:\program files\GIMP-2.0
2008-12-03 19:49 . 2008-12-06 15:53 d-------- c:\documents and settings\owner\Application Data\WTablet
2008-12-03 00:14 . 2007-04-13 16:19 2,659,888 --a------ c:\windows\system32\PenTablet.cpl
2008-12-03 00:14 . 2007-03-30 19:45 1,378,779 --a------ c:\windows\system32\PenTablet.znc
2008-12-03 00:14 . 2007-02-16 14:12 11,312 --a------ c:\windows\system32\drivers\wacommousefilter.sys
2008-12-03 00:12 . 2008-12-03 00:12 d-------- c:\windows\system32\WTablet
2008-12-03 00:12 . 2008-12-03 00:14 d-------- c:\program files\Tablet
2008-12-03 00:12 . 2007-04-13 16:32 1,189,424 --a------ c:\windows\system32\Tablet.exe
2008-12-03 00:12 . 2007-04-13 16:07 124,464 --a------ c:\windows\system32\Wintab32.dll
2008-12-03 00:12 . 2007-02-16 13:30 12,848 --a------ c:\windows\system32\drivers\wacomvhid.sys
2008-12-02 02:17 . 2008-12-02 05:45 d-------- c:\program files\Game Optimizer Pro
2008-12-01 23:13 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-01 23:08 . 2008-12-01 23:08 d-------- c:\program files\Lavasoft
2008-12-01 23:08 . 2008-12-08 01:24 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-01 23:08 . 2008-12-01 23:08 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-01 22:06 . 2008-12-01 22:06 d-------- C:\VundoFix Backups
2008-12-01 22:04 . 2008-12-04 08:12 d-------- c:\windows\system32\VC
2008-12-01 22:04 . 2008-12-04 08:12 d-------- c:\windows\system32\uv9
2008-12-01 22:04 . 2008-12-04 08:12 d-------- c:\windows\system32\ki3
2008-12-01 22:04 . 2008-12-09 08:46 d-------- c:\windows\system32\hov
2008-12-01 22:04 . 2008-12-04 08:12 d-------- c:\windows\system32\bin
2008-12-01 20:13 . 2008-12-01 20:17 d-------- c:\documents and settings\owner\Application Data\Xfire
2008-12-01 20:13 . 2008-12-10 01:35 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 20:12 . 2008-12-01 20:12 d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-30 23:18 . 2004-08-03 22:29 25,471 --------- c:\windows\system32\drivers\watv10nt.sys
2008-11-30 23:18 . 2004-08-03 22:29 22,271 --------- c:\windows\system32\drivers\watv06nt.sys
2008-11-30 23:18 . 2004-08-03 22:29 11,935 --------- c:\windows\system32\drivers\wadv11nt.sys
2008-11-30 23:18 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
2008-11-30 23:18 . 2004-08-03 22:29 11,807 --------- c:\windows\system32\drivers\wadv07nt.sys
2008-11-30 23:18 . 2004-08-03 22:29 11,295 --------- c:\windows\system32\drivers\wadv08nt.sys
2008-11-30 23:16 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-11-30 22:55 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-30 22:55 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-30 22:55 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-30 22:55 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-30 22:55 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-30 22:54 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-30 22:52 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-30 22:52 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-30 22:52 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-30 15:27 . 2008-12-01 20:13 d-------- c:\program files\Xfire
2008-11-26 17:26 . 2008-12-01 20:09 d-------- c:\program files\NetworkActiv Port Scanner 4.0
2008-11-26 16:04 . 2008-12-10 00:04 d-------- c:\program files\Trend Micro
2008-11-26 15:50 . 2008-12-01 20:10 d-------- c:\program files\Advanced Port Scanner
2008-11-26 11:48 . 2008-12-06 22:24 2,206 --a------ c:\windows\system32\wpa.dbl
2008-11-25 21:05 . 2008-12-12 01:18 d-------- c:\windows\Internet Logs
2008-11-20 15:45 . 2008-11-20 15:45 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-20 12:18 . 2008-12-08 00:20 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-20 12:18 . 2008-11-20 12:18 d-------- c:\documents and settings\owner\Application Data\Malwarebytes
2008-11-20 12:18 . 2008-11-20 12:18 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-20 12:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 12:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 05:11 . 2008-12-06 16:15 d-------- C:\Temp
2008-11-20 05:11 . 2008-11-20 05:11 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 05:11 . 2008-11-20 05:11 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-20 05:11 . 2008-11-20 05:11 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-18 18:36 . 2008-11-18 18:36 345,640 --a------ c:\windows\NMDownloadUpdater.exe
2008-11-16 12:38 . 2008-11-16 12:38 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-14 14:30 . 2008-12-11 16:52 192,512 --a------ c:\windows\system32\kdfvmgr.exe
2008-11-12 20:55 . 2008-10-18 00:32 131,072 --a------ c:\windows\system32\drivers\Mkd2kfNT.sys
2008-11-12 20:55 . 2008-10-18 00:32 79,104 --a------ c:\windows\system32\drivers\MKD2NADR.del
2008-11-12 20:54 . 2008-11-12 20:54 d-------- c:\program files\AhnLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 21:52 77,824 ----a-w c:\windows\system32\kdfapi.dll
2008-12-11 21:52 640,352 ----a-w c:\windows\system32\kdfmgr.exe
2008-12-11 21:52 53,248 ----a-w c:\windows\system32\Kdfhok.dll
2008-12-11 06:03 --------- d-----w c:\program files\Cheat Engine
2008-12-10 05:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 19:04 580,588 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2008-12-08 05:49 1,423,360 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-07 23:20 116,677 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_07_18_18_40_small.dmp.zip
2008-12-07 22:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-07 03:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-06 21:36 --------- d-----w c:\program files\BYOND
2008-12-06 21:29 --------- d-----w c:\documents and settings\owner\Application Data\OpenOffice.org2
2008-12-05 21:11 --------- d--h--w c:\documents and settings\owner\Application Data\netmarble
2008-12-04 09:45 --------- d-----w c:\documents and settings\owner\Application Data\gtk-2.0
2008-12-02 01:13 --------- d-----w c:\program files\GemFighter
2008-12-02 01:12 --------- d-----w c:\documents and settings\owner\Application Data\DNA
2008-12-02 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-28 09:05 --------- d-----w c:\program files\DNA
2008-11-26 04:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 05:50 --------- d-----w c:\program files\Audacity
2008-11-16 21:48 --------- d-----w c:\program files\Common Files\Adobe
2008-11-16 17:38 --------- d-----w c:\program files\Java
2008-11-13 01:55 767,328 ----a-w c:\windows\system32\kdfinj.dll
2008-11-10 18:00 --------- d-----w c:\program files\Common Files\AVSMedia
2008-11-10 18:00 --------- d-----w c:\program files\AVS4YOU
2008-11-10 17:54 --------- d-----w c:\program files\Trillian
2008-11-10 17:48 --------- d-----w c:\program files\GRETECH
2008-11-05 06:46 243,992 ----a-w c:\windows\NetmarbleDownLoadUpdaterEx.exe
2008-10-29 08:56 --------- d-----w c:\program files\GrandChaseTW
2008-10-26 21:49 --------- d-----w c:\documents and settings\owner\Application Data\Winamp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-13 00:29 --------- d-----w c:\program files\Game Elements
2008-10-12 16:55 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-12 16:55 249,856 ------w c:\windows\Setup1.exe
2008-03-14 22:26 51,973 ----a-w c:\program files\openoffice.org-onlineupdate.cab
2008-03-14 22:26 37,375 ----a-w c:\program files\openoffice.org-xsltfilter.cab
2008-03-14 22:26 207,388 ----a-w c:\program files\openoffice.org-testtool.cab
2008-03-14 22:26 2,504,855 ----a-w c:\program files\openoffice.org-pyuno.cab
2008-03-14 22:26 2,489,204 ----a-w c:\program files\openoffice.org-writer.cab
2008-03-14 22:26 1,090,334 ----a-w c:\program files\openoffice.org-math.cab
2008-03-14 22:25 919,329 ----a-w c:\program files\openoffice.org-draw.cab
2008-03-14 22:25 86,870 ----a-w c:\program files\openoffice.org-graphicfilter.cab
2008-03-14 22:25 3,842,531 ----a-w c:\program files\openoffice.org-core07.cab
2008-03-14 22:25 293,054 ----a-w c:\program files\openoffice.org-core08.cab
2008-03-14 22:25 28,861,971 ----a-w c:\program files\openoffice.org-core06.cab
2008-03-14 22:25 2,769 ----a-w c:\program files\openoffice.org-emailmerge.cab
2008-03-14 22:25 2,031,954 ----a-w c:\program files\openoffice.org-core09.cab
2008-03-14 22:25 118,910 ----a-w c:\program files\openoffice.org-javafilter.cab
2008-03-14 22:25 1,254,017 ----a-w c:\program files\openoffice.org-impress.cab
2008-03-14 22:21 18,636,793 ----a-w c:\program files\openoffice.org-core05.cab
2008-03-14 22:19 16,453,751 ----a-w c:\program files\openoffice.org-core04.cab
2008-03-14 22:18 9,118,219 ----a-w c:\program files\openoffice.org-core03.cab
2008-03-14 22:18 3,860,200 ----a-w c:\program files\openoffice.org-core02.cab
2008-03-14 22:18 15,102,497 ----a-w c:\program files\openoffice.org-core01.cab
2008-03-14 22:17 43,005 ----a-w c:\program files\openoffice.org-activex.cab
2008-03-14 22:17 4,696,905 ----a-w c:\program files\openoffice.org-calc.cab
2008-03-14 22:17 4,372,992 ----a-w c:\program files\openofficeorg24.msi
2008-03-14 22:17 217 ----a-w c:\program files\setup.ini
2008-03-14 22:17 1,802,028 ----a-w c:\program files\openoffice.org-base.cab
2002-03-11 09:06 1,822,520 ----a-w c:\program files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((( snapshot_2008-12-07_15.36.11.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\6to4svc.dll
+ 2008-05-05 19:58:38 136,192 ----a-w c:\windows\aaclient.dll
+ 2008-07-22 15:23:10 39,424 ----a-w c:\windows\acadproc.dll
+ 2007-06-26 09:13:18 1,852,928 ----a-w c:\windows\acgenral.dll
+ 2006-09-11 11:15:39 450,048 ----a-w c:\windows\aclayers.dll
+ 2006-09-11 11:15:39 141,312 ----a-w c:\windows\aclua.dll
+ 2007-06-26 09:13:18 245,248 ----a-w c:\windows\acspecfc.dll
+ 2006-09-11 11:15:39 116,224 ----a-w c:\windows\acxtrnal.dll
+ 2008-05-05 11:08:20 176,128 ----a-w c:\windows\adsldp.dll
+ 2008-05-05 11:08:20 68,096 ----a-w c:\windows\adsmsext.dll
+ 2007-10-04 18:24:16 624,640 ----a-w c:\windows\advapi32.dll
+ 2005-05-27 23:14:30 142,464 ----a-w c:\windows\aec.sys
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\afd.sys
+ 2006-10-12 13:54:18 42,496 ----a-w c:\windows\agentdp2.dll
+ 2007-03-09 13:58:57 57,344 ----a-w c:\windows\agentdpv.dll
+ 2006-10-12 11:54:07 256,512 ----a-w c:\windows\agentsvr.exe
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\asms\10\msft\windows\gdiplus\gdiplus.dll
+ 2007-08-24 22:09:40 1,275,392 ----a-w c:\windows\asms\40\msft\msxml4\msxml4.dll
+ 2007-08-24 14:09:54 82,432 ----a-w c:\windows\asms\40\msft\msxml4r\msxml4r.dll
+ 2007-01-19 20:15:24 74,802 ----a-w c:\windows\asms\60\msft\vcrtl\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w c:\windows\asms\60\msft\vcrtl\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w c:\windows\asms\60\msft\vcrtl\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w c:\windows\asms\60\msft\vcrtl\msvcp60.dll
+ 2006-08-25 12:45:56 1,054,208 ----a-w c:\windows\asms\60\msft\windows\common\controls\comctl32.dll
+ 2007-02-19 10:32:47 57,344 ----a-w c:\windows\asms\70\msft\windows\mswincrt\msvcirt.dll
+ 2007-02-19 10:32:47 343,040 ----a-w c:\windows\asms\70\msft\windows\mswincrt\msvcrt.dll
+ 2007-03-23 13:12:16 62,464 ----a-w c:\windows\authz.dll
+ 2005-10-29 03:49:40 133,120 ----a-w c:\windows\axaltocm.dll
+ 2005-10-28 20:40:16 96,792 ----a-w c:\windows\basecsp.dll
+ 2007-07-17 11:27:46 14,208 ----a-w c:\windows\battc.sys
+ 2005-10-29 03:49:40 25,600 ----a-w c:\windows\bcsprsrc.dll
+ 2007-05-24 13:10:37 8,192 ----a-w c:\windows\bitsprx2.dll
+ 2007-05-24 13:10:37 7,168 ----a-w c:\windows\bitsprx3.dll
+ 2007-05-24 13:10:37 7,168 ----a-w c:\windows\bitsprx4.dll
+ 2004-12-20 17:54:50 77,824 ----a-w c:\windows\browser.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w c:\windows\browseui.dll
+ 2008-06-13 09:52:16 272,128 ----a-w c:\windows\bthport.sys
+ 2006-07-10 09:37:54 225,792 ----a-w c:\windows\catsrv.dll
+ 2006-07-10 12:37:52 625,152 ----a-w c:\windows\catsrvut.dll
+ 2008-06-23 16:11:40 151,040 ----a-w c:\windows\cdfview.dll
+ 2008-07-19 02:10:48 94,920 ----a-w c:\windows\cdm.dll
+ 2005-09-10 01:48:48 2,068,480 ----a-w c:\windows\cdosys.dll
+ 2008-05-02 09:05:56 62,592 ----a-w c:\windows\cdrom.sys
+ 2006-12-13 06:23:12 148,480 ----a-w c:\windows\cic.dll
+ 2008-08-06 17:28:05 1,358,336 ----a-w c:\windows\cimwin32.dll
+ 2006-06-22 05:22:04 69,120 ----a-w c:\windows\ciodm.dll
+ 2005-10-05 22:53:46 49,536 ----a-w c:\windows\classpnp.sys
+ 2006-07-10 12:37:52 110,080 ----a-w c:\windows\clbcatex.dll
+ 2006-07-10 12:37:52 498,688 ----a-w c:\windows\clbcatq.dll
+ 2005-04-27 23:15:36 17,920 ----a-w c:\windows\cobramsg.dll
+ 2006-07-10 12:37:52 60,416 ----a-w c:\windows\colbact.dll
+ 2006-07-10 12:37:52 195,072 ----a-w c:\windows\comadmin.dll
+ 2006-08-25 15:45:58 617,472 ----a-w c:\windows\comctl32.dll
+ 2006-07-10 12:37:52 97,792 ----a-w c:\windows\comrepl.dll
+ 2006-07-10 12:37:53 1,269,248 ----a-w c:\windows\comsvcs.dll
+ 2006-07-10 12:37:53 539,648 ----a-w c:\windows\comuid.dll
+ 2008-04-23 16:13:07 598,528 ----a-w c:\windows\crypt32.dll
+ 2006-02-11 03:48:12 62,464 ----a-w c:\windows\cryptsvc.dll
+ 2008-05-08 06:11:56 102,400 ----a-w c:\windows\cscdll.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\cscript.exe
+ 2006-06-03 11:40:49 33,792 ----a-w c:\windows\custsat2.dll
+ 2008-05-13 13:58:29 1,689,088 ----a-w c:\windows\d3d9.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w c:\windows\danim.dll
+ 2008-03-25 04:50:25 554,008 ----a-w c:\windows\dao360.dll
+ 2006-05-19 13:46:40 112,128 ----a-w c:\windows\dhcpcsvc.dll
+ 2007-05-16 15:32:55 86,528 ----a-w c:\windows\directdb.dll
+ 2008-05-07 09:23:08 36,352 ----a-w c:\windows\disk.sys
+ 2008-07-21 07:26:28 32,768 ----a-w c:\windows\dispex.dll
+ 2007-06-21 11:45:20 285,184 ----a-w c:\windows\dmdlgs.dll
+ 2008-07-28 14:24:37 147,968 ----a-w c:\windows\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w c:\windows\dnsrslvr.dll
+ 2007-09-10 19:33:20 128,520 ----a-w c:\windows\Downloaded Program Files\NMStarter25.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-05-05 11:08:20 113,152 ----a-w c:\windows\dsuiext.dll
+ 2006-08-22 09:05:26 498,742 ----a-w c:\windows\dxmasf.dll
+ 2008-06-23 16:11:43 357,888 ----a-w c:\windows\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w c:\windows\dxtrans.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\es.dll
+ 2005-10-20 21:26:40 1,082,368 ----a-w c:\windows\esent.dll
+ 2007-10-04 18:20:15 56,320 ----a-w c:\windows\eventlog.dll
+ 2008-06-23 16:11:43 55,808 ----a-w c:\windows\extmgr.dll
+ 2008-03-25 02:32:44 218,496 ----a-w c:\windows\flashutl.exe
+ 2006-08-21 12:26:44 16,896 ----a-w c:\windows\fltlib.dll
+ 2006-08-21 09:43:32 23,040 ----a-w c:\windows\fltmc.exe
+ 2007-04-23 10:51:21 129,920 ----a-w c:\windows\fltmgr.sys
+ 2007-04-28 14:02:19 80,896 ----a-w c:\windows\fontsub.dll
+ 2007-06-20 14:08:12 29,696 ----a-w c:\windows\format.com
+ 2005-07-21 00:15:02 42,496 ----a-w c:\windows\ftp.exe
+ 2008-02-20 06:52:43 282,624 ----a-w c:\windows\gdi32.dll
+ 2008-05-29 15:16:52 633,344 ----a-w c:\windows\gpprefcl.dll
+ 2008-05-05 11:08:20 199,680 ----a-w c:\windows\gptext.dll
+ 2005-04-28 19:16:30 133,120 ----a-w c:\windows\guitrn.dll
+ 2005-04-28 19:16:30 115,200 ----a-w c:\windows\guitrna.dll
+ 2004-11-16 01:37:04 105,344 ----a-w c:\windows\hal.dll
+ 2008-04-02 09:12:30 131,968 ----a-w c:\windows\halaacpi.dll
+ 2008-04-02 09:12:30 81,280 ----a-w c:\windows\halacpi.dll
+ 2008-04-02 09:12:30 150,656 ----a-w c:\windows\halapic.dll
+ 2008-04-02 18:42:32 134,528 ----a-w c:\windows\halmacpi.dll
+ 2008-04-02 09:12:33 152,704 ----a-w c:\windows\halmps.dll
+ 2004-11-16 01:37:04 77,696 ----a-w c:\windows\halsp.dll
+ 2005-01-07 22:07:16 25,088 ----a-w c:\windows\hdaprop.dll
+ 2005-01-07 22:07:16 61,952 ----a-w c:\windows\hdashcut.exe
+ 2005-01-07 22:07:18 138,752 ----a-w c:\windows\hdaudbus.sys
+ 2005-01-07 22:07:16 145,920 ----a-w c:\windows\hdaudio.sys
+ 2005-01-07 22:07:04 5,120 ----a-w c:\windows\hdaudres.dll
+ 2005-05-27 02:09:00 41,472 ----a-w c:\windows\hhsetup.dll
+ 2006-10-31 10:26:12 36,864 ----a-w c:\windows\hidclass.sys
+ 2006-01-10 23:48:54 19,200 ----a-w c:\windows\hidir.sys
+ 2006-07-21 08:26:49 72,704 ----a-w c:\windows\hlink.dll
+ 2008-04-28 14:02:17 344,064 ----a-w c:\windows\hnetcfg.dll
+ 2007-06-29 10:01:59 264,832 ----a-w c:\windows\http.sys
+ 2007-06-29 12:53:01 24,576 ----a-w c:\windows\httpapi.dll
+ 2004-11-17 17:31:32 347,136 ----a-w c:\windows\hypertrm.dll
+ 2005-07-18 03:22:44 254,976 ----a-w c:\windows\icm32.dll
+ 2005-04-27 23:15:46 2,560 ----a-w c:\windows\iconlib.dll
+ 2008-06-23 09:53:58 18,432 ----a-w c:\windows\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w c:\windows\iepeers.dll
+ 2005-10-29 03:49:40 151,552 ----a-w c:\windows\ifxcardm.dll
+ 2005-07-05 23:45:40 41,984 ----a-w c:\windows\imapi.sys
+ 2008-05-02 13:30:45 317,952 ----a-w c:\windows\imapi2.dll
+ 2008-05-02 13:30:45 464,384 ----a-w c:\windows\imapi2fs.dll
+ 2005-04-07 14:59:10 36,921 ----a-w c:\windows\imeshare.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\inetcomm.dll
- 2006-11-01 22:31:34 315,904 ----a-w c:\windows\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-02-21 07:46:55 123,392 ----a-w c:\windows\input.dll
+ 2008-06-23 16:11:52 96,256 ----a-w c:\windows\inseng.dll
+ 2007-08-31 13:03:36 36,352 ----a-w c:\windows\intelppm.sys
+ 2006-05-19 13:46:40 94,720 ----a-w c:\windows\iphlpapi.dll
+ 2006-04-14 00:20:42 136,320 ----a-w c:\windows\ipnat.sys
+ 2008-04-28 14:02:17 330,752 ----a-w c:\windows\ipnathlp.dll
+ 2005-09-15 04:05:52 183,808 ----a-w c:\windows\ipsecsvc.dll
+ 2005-05-27 02:09:00 155,136 ----a-w c:\windows\itircl.dll
+ 2005-05-27 02:09:00 137,216 ----a-w c:\windows\itss.dll
+ 2006-10-30 00:28:52 198,616 ----a-w c:\windows\iuengine.dll
+ 2006-06-01 19:39:42 163,840 ----a-w c:\windows\jgdw400.dll
+ 2006-06-01 19:39:42 27,648 ----a-w c:\windows\jgpl400.dll
+ 2008-05-09 10:45:15 512,000 ----a-w c:\windows\jscript.dll
+ 2008-06-23 16:11:52 16,384 ----a-w c:\windows\jsproxy.dll
+ 2006-05-12 04:03:45 6,144 ----a-w c:\windows\kbdbhc.dll
+ 2006-05-12 04:03:45 6,144 ----a-w c:\windows\kbdiultn.dll
+ 2006-05-12 04:03:45 6,144 ----a-w c:\windows\kbdnepr.dll
+ 2006-05-12 04:03:45 6,144 ----a-w c:\windows\kbdpash.dll
+ 2007-08-08 15:26:11 299,008 ----a-w c:\windows\kerberos.dll
+ 2007-10-29 15:35:39 989,184 ----a-w c:\windows\kernel32.dll
+ 2006-06-14 08:50:19 172,416 ----a-w c:\windows\kmixer.sys
+ 2005-04-07 07:40:54 57,399 ----a-w c:\windows\lang\cplexe.exe
+ 2005-04-07 20:34:16 811,064 ----a-w c:\windows\lang\imjp81k.dll
+ 2005-04-07 22:34:14 368,696 ----a-w c:\windows\lang\imjpcic.dll
+ 2005-04-07 22:34:14 716,856 ----a-w c:\windows\lang\imjpcus.dll
+ 2005-04-07 22:34:14 81,976 ----a-w c:\windows\lang\imjpdct.dll
+ 2005-04-07 07:40:58 155,705 ----a-w c:\windows\lang\imjpdsvr.exe
+ 2005-04-07 07:40:58 196,665 ----a-w c:\windows\lang\imjpinst.exe
+ 2005-04-07 07:40:58 208,952 ----a-w c:\windows\lang\imjpmig.exe
+ 2005-04-07 07:41:00 233,527 ----a-w c:\windows\lang\imjprw.exe
+ 2005-04-07 07:41:00 262,200 ----a-w c:\windows\lang\imjputy.exe
+ 2005-04-07 22:34:14 274,489 ----a-w c:\windows\lang\imjputyc.dll
+ 2005-04-07 22:34:14 426,041 ----a-w c:\windows\lang\voicepad.dll
+ 2005-04-07 22:34:14 86,073 ----a-w c:\windows\lang\voicesub.dll
+ 2008-05-15 16:18:29 343,552 ----a-w c:\windows\localspl.dll
+ 2005-04-28 19:16:30 19,968 ----a-w c:\windows\log.dll
+ 2008-05-05 11:08:20 727,040 ----a-w c:\windows\lsasrv.dll
+ 2006-10-04 10:40:05 72,704 ----a-w c:\windows\magnify.exe
+ 2007-03-08 15:48:36 40,960 ----a-w c:\windows\mf3216.dll
+ 2006-11-01 19:17:45 927,504 ----a-w c:\windows\mfc40u.dll
+ 2006-12-14 13:45:53 981,760 ----a-w c:\windows\mfc42u.dll
+ 2005-04-28 19:16:30 274,432 ----a-w c:\windows\migism.dll
+ 2005-04-28 16:16:30 261,120 ----a-w c:\windows\migisma.dll
+ 2005-04-28 00:12:58 103,424 ----a-w c:\windows\migload.exe
+ 2005-04-28 00:12:58 245,248 ----a-w c:\windows\migwiz.exe
+ 2005-04-28 00:12:58 241,152 ----a-w c:\windows\migwiza.exe
+ 2004-10-15 20:53:34 586,240 ----a-w c:\windows\mlang.dll
+ 2006-12-08 08:58:37 1,354,752 ----a-w c:\windows\mmc.exe
+ 2006-12-08 08:58:37 184,320 ----a-w c:\windows\mmc30.dll
+ 2006-11-22 07:03:24 28,672 ----a-w c:\windows\mmc30r.dll
+ 2006-01-11 01:19:07 163,328 ----a-w c:\windows\mmcbase.dll
+ 2006-01-09 23:12:22 397,312 ----a-w c:\windows\mmcex.dll
+ 2006-11-22 07:03:25 40,960 ----a-w c:\windows\mmcexr.dll
+ 2006-12-08 08:58:38 106,496 ----a-w c:\windows\mmcfxc.dll
+ 2006-11-22 07:03:25 6,656 ----a-w c:\windows\mmcfxcr.dll
+ 2006-12-13 06:23:13 1,913,344 ----a-w c:\windows\mmcndmgr.dll
+ 2006-01-09 23:45:14 33,792 ----a-w c:\windows\mmcperf.exe
+ 2006-01-11 01:19:07 61,440 ----a-w c:\windows\mmcshext.dll
+ 2007-07-06 09:52:38 72,960 ----a-w c:\windows\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w c:\windows\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w c:\windows\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w c:\windows\mqise.dll
+ 2007-07-06 11:08:12 660,992 ----a-w c:\windows\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w c:\windows\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w c:\windows\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w c:\windows\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w c:\windows\mqutil.dll
+ 2008-05-03 10:30:46 179,712 ----a-w c:\windows\mrxdav.sys
+ 2008-07-30 09:44:28 455,936 ----a-w c:\windows\mrxsmb.sys
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\msadce.dll
+ 2006-03-23 05:53:08 143,360 ----a-w c:\windows\msadco.dll
+ 2008-08-19 05:56:20 536,576 ----a-w c:\windows\msado15.dll
+ 2006-12-26 13:18:55 180,224 ----a-w c:\windows\msadomd.dll
+ 2006-12-26 10:18:56 200,704 ----a-w c:\windows\msadox.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\mscms.dll
+ 2005-09-27 00:34:26 169,984 ----a-w c:\windows\msconfig.exe
+ 2008-06-24 16:19:43 299,520 ----a-w c:\windows\msctf.dll
+ 2006-11-06 16:35:32 323,696 ----a-w c:\windows\msdrm.dll
+ 2006-07-10 12:37:53 58,880 ----a-w c:\windows\msdtclog.dll
+ 2006-07-10 12:37:53 427,520 ----a-w c:\windows\msdtcprx.dll
+ 2006-07-10 12:37:53 956,928 ----a-w c:\windows\msdtctm.dll
+ 2006-07-10 12:37:53 161,792 ----a-w c:\windows\msdtcuiu.dll
+ 2005-01-19 20:21:10 51,200 ----a-w c:\windows\msdv.sys
+ 2008-03-25 04:50:28 518,944 ----a-w c:\windows\msexch40.dll
+ 2008-06-26 04:48:09 304,152 ----a-w c:\windows\msexcl40.dll
+ 2007-08-29 17:15:48 539,136 ----a-w c:\windows\msftedit.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\windows\msgsc.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w c:\windows\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w c:\windows\mshtmled.dll
+ 2008-05-19 10:33:20 332,800 ----a-w c:\windows\msihnd.dll
+ 2008-04-17 05:43:24 2,560 ----a-w c:\windows\msimsg.dll
+ 2008-05-19 10:33:20 18,944 ----a-w c:\windows\msisip.dll
+ 2008-06-26 04:48:13 1,520,664 ----a-w c:\windows\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w c:\windows\msjetol1.dll
+ 2008-03-26 08:09:15 151,583 ----a-w c:\windows\msjint40.dll
+ 2006-12-26 13:18:55 102,400 ----a-w c:\windows\msjro.dll
+ 2008-03-25 04:50:42 60,192 ----a-w c:\windows\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w c:\windows\msjtes40.dll
+ 2008-03-25 14:20:46 219,936 ----a-w c:\windows\msltus40.dll
+ 2004-10-13 16:21:24 1,694,208 ----a-w c:\windows\msmsgs.exe
+ 2005-03-08 01:39:22 563,200 ----a-w c:\windows\msobmain.dll
+ 2007-09-18 16:37:29 18,944 ----a-w c:\windows\msobweb.dll
+ 2007-05-16 15:32:56 1,314,816 ----a-w c:\windows\msoe.dll
+ 2008-03-25 04:50:45 355,104 ----a-w c:\windows\mspbde40.dll
+ 2008-06-23 16:12:02 146,432 ----a-w c:\windows\msrating.dll
+ 2008-06-26 04:48:13 287,768 ----a-w c:\windows\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w c:\windows\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w c:\windows\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w c:\windows\mstext40.dll
+ 2008-06-23 16:12:02 532,480 ----a-w c:\windows\mstime.dll
+ 2008-05-05 08:37:12 677,888 ----a-w c:\windows\mstsc.exe
+ 2008-05-05 19:58:38 2,061,824 ----a-w c:\windows\mstscax.dll
+ 2008-05-05 11:08:20 132,608 ----a-w c:\windows\msv1_0.dll
+ 2007-02-19 10:32:49 343,040 ----a-w c:\windows\msvcrt.dll
+ 2008-03-25 04:50:57 838,432 ----a-w c:\windows\mswdat10.dll
+ 2008-06-20 15:49:20 245,248 ----a-w c:\windows\mswsock.dll
+ 2008-03-25 04:50:58 621,344 ----a-w c:\windows\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ----a-w c:\windows\msxbde40.dll
+ 2005-10-12 21:56:32 701,440 ----a-w c:\windows\msxml2.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w c:\windows\msxml3.dll
+ 2007-08-24 22:08:24 1,275,392 ----a-w c:\windows\msxml4.dll
+ 2007-08-24 22:07:24 82,432 ----a-w c:\windows\msxml4r.dll
+ 2006-07-10 12:37:53 66,560 ----a-w c:\windows\mtxclu.dll
+ 2006-07-10 12:37:53 91,648 ----a-w c:\windows\mtxoci.dll
+ 2008-07-19 02:07:34 270,880 ----a-w c:\windows\mucltui.dll
+ 2008-04-28 10:46:33 105,344 ----a-w c:\windows\mup.sys
+ 2008-07-19 02:07:54 210,976 ----a-w c:\windows\muweb.dll
+ 2006-10-04 10:40:06 53,760 ----a-w c:\windows\narrator.exe
+ 2006-08-22 08:53:41 14,592 ----a-w c:\windows\ndisuio.sys
+ 2007-07-11 15:42:05 337,408 ----a-w c:\windows\netapi32.dll
+ 2008-05-05 11:08:20 407,040 ----a-w c:\windows\netlogon.dll
+ 2005-08-22 18:24:56 197,632 ----a-w c:\windows\netman.dll
+ 2006-08-22 12:32:48 1,705,472 ----a-w c:\windows\netshell.dll
+ 2006-02-21 07:46:55 247,808 ----a-w c:\windows\newdev.dll
+ 2005-11-29 20:27:06 364,544 ----a-w c:\windows\npdsplay.dll
+ 2008-05-05 11:08:20 68,096 ----a-w c:\windows\ntdsapi.dll
+ 2008-04-22 09:43:14 576,384 ----a-w c:\windows\ntfs.sys
+ 2008-04-23 10:03:16 2,142,720 ----a-w c:\windows\ntkrnlmp.exe
+ 2008-04-23 09:30:01 2,062,976 ----a-w c:\windows\ntkrnlpa.exe
+ 2008-04-23 09:29:33 2,020,864 ----a-w c:\windows\ntkrpamp.exe
+ 2007-03-30 04:28:20 44,032 ----a-w c:\windows\ntlanman.dll
+ 2006-10-13 12:41:38 142,336 ----a-w c:\windows\nwprovau.dll
+ 2006-08-02 11:17:37 270,336 ----a-w c:\windows\oakley.dll
+ 2008-08-19 05:56:20 249,856 ----a-w c:\windows\odbc32.dll
+ 2008-07-23 10:23:24 61,440 ----a-w c:\windows\ohci1394.sys
+ 2008-07-25 13:03:49 1,287,168 ----a-w c:\windows\ole32.dll
+ 2007-12-04 18:29:10 551,936 ----a-w c:\windows\oleaut32.dll
+ 2006-07-10 12:37:54 74,752 ----a-w c:\windows\olecli32.dll
+ 2006-07-10 12:37:54 37,376 ----a-w c:\windows\olecnv32.dll
+ 2006-10-16 17:14:17 122,880 ----a-w c:\windows\oledlg.dll
+ 2008-06-13 09:37:09 215,552 ----a-w c:\windows\osk.exe
+ 2006-10-11 16:35:59 153,088 ----a-w c:\windows\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w c:\windows\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w c:\windows\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w c:\windows\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w c:\windows\p2psvc.dll
+ 2007-08-17 10:26:17 19,712 ----a-w c:\windows\partmgr.sys
+ 2008-03-13 04:52:05 288,768 ----a-w c:\windows\pcl4res.dll
+ 2008-03-13 04:52:06 1,058,816 ----a-w c:\windows\pcl5eres.dll
+ 2008-03-13 04:52:07 1,057,280 ----a-w c:\windows\pcl5ures.dll
+ 2007-11-30 15:26:07 207,872 ----a-w c:\windows\pclxl.dll
+ 2005-10-29 03:49:42 84,480 ----a-w c:\windows\pintool.exe
+ 2008-06-23 16:12:02 39,424 ----a-w c:\windows\pngfilt.dll
+ 2006-10-11 16:35:59 58,880 ----a-w c:\windows\pnrpnsp.dll
+ 2008-05-05 11:08:20 92,672 ----a-w c:\windows\policman.dll
+ 2008-03-21 09:32:15 146,048 ----a-w c:\windows\portcls.sys
+ 2006-02-16 01:07:41 8,832 ----a-w c:\windows\powerfil.sys
+ 2006-01-10 23:48:58 46,592 ----a-w c:\windows\pro\irbus.sys
+ 2006-10-13 12:41:38 64,000 ----a-w c:\windows\pro\nwapi32.dll
+ 2006-10-13 10:39:12 163,456 ----a-w c:\windows\pro\nwrdr.sys
+ 2006-10-13 12:41:38 65,536 ----a-w c:\windows\pro\nwwks.dll
+ 2004-08-27 21:42:46 35,456 ----a-w c:\windows\processr.sys
+ 2008-07-17 16:05:38 97,280 ----a-w c:\windows\psbase.dll
+ 2005-03-25 21:42:50 363,520 ----a-w c:\windows\psisdecd.dll
+ 2006-10-31 13:13:13 192,512 ----a-w c:\windows\qcap.dll
+ 2007-02-07 13:33:58 279,040 ----a-w c:\windows\qdv.dll
+ 2006-01-21 02:05:54 386,048 ----a-w c:\windows\qdvd.dll
+ 2007-03-23 22:21:56 36,864 ----a-w c:\windows\qfecheck.exe
+ 2007-05-24 13:10:37 408,064 ----a-w c:\windows\qmgr.dll
+ 2007-05-24 13:10:38 18,944 ----a-w c:\windows\qmgrprxy.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\quartz.dll
+ 2006-06-22 05:22:05 1,435,648 ----a-w c:\windows\query.dll
+ 2006-06-26 17:45:19 7,680 ----a-w c:\windows\rasadhlp.dll
+ 2006-06-22 10:36:52 180,736 ----a-w c:\windows\rasmans.dll
+ 2008-04-22 09:51:40 174,720 ----a-w c:\windows\rdbss.sys
+ 2008-08-04 13:15:44 139,528 ----a-w c:\windows\rdpwd.sys
+ 2007-05-14 12:51:32 178,176 ----a-w c:\windows\repdrvfs.dll
+ 2008-05-05 19:58:38 290,304 ----a-w c:\windows\rhttpaa.dll
+ 2007-08-29 17:15:49 433,664 ----a-w c:\windows\riched20.dll
+ 2006-11-06 16:35:44 523,376 ----a-w c:\windows\rmact.exe
+ 2006-11-06 16:35:46 531,568 ----a-w c:\windows\rmacti.exe
+ 2006-11-06 16:35:38 358,000 ----a-w c:\windows\rmacts.exe
+ 2006-11-06 16:35:36 354,416 ----a-w c:\windows\rmactsi.exe
+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\rmcast.sys
+ 2008-05-19 18:08:07 302,168 ----a-w c:\windows\rootsupd.exe
+ 2007-07-09 13:16:16 582,656 ----a-w c:\windows\rpcrt4.dll
+ 2006-07-10 12:37:54 399,360 ----a-w c:\windows\rpcss.dll
+ 2006-11-08 10:28:08 10,752 ----a-w c:\windows\rspndr.exe
+ 2006-11-08 10:28:09 62,336 ----a-w c:\windows\rspndr.sys
+ 2006-02-16 01:07:34 43,904 ----a-w c:\windows\sbp2port.sys
+ 2007-04-25 20:32:22 144,896 ----a-w c:\windows\schannel.dll
+ 2005-04-28 19:16:30 215,552 ----a-w c:\windows\script.dll
+ 2005-04-28 19:16:30 199,680 ----a-w c:\windows\scripta.dll
+ 2008-05-09 10:45:16 180,224 ----a-w c:\windows\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w c:\windows\scrrun.dll
+ 2007-12-24 09:27:23 78,720 ----a-w c:\windows\sdbus.sys
+ 2006-09-13 18:18:34 20,480 ----a-w c:\windows\secdrv.sys
+ 2006-11-06 16:35:42 518,768 ----a-w c:\windows\secprc.dll
+ 2006-11-06 16:35:42 519,280 ----a-w c:\windows\secprci.dll
+ 2006-11-06 16:35:30 192,624 ----a-w c:\windows\secprcs.dll
+ 2006-11-06 16:35:32 192,624 ----a-w c:\windows\secprcsi.dll
+ 2008-05-15 16:01:42 985,088 ----a-w c:\windows\setupapi.dll
+ 2005-07-14 00:06:50 259,776 ----a-w c:\windows\setupldr.bin
+ 2005-07-14 00:06:50 240,128 ----a-w c:\windows\setupldr.exe
+ 2007-12-24 09:20:18 12,032 ----a-w c:\windows\sffdisk.sys
+ 2007-12-24 09:20:19 10,240 ----a-w c:\windows\sffp_mmc.sys
+ 2007-12-24 09:20:19 11,008 ----a-w c:\windows\sffp_sd.sys
+ 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\shdocvw.dll
+ 2008-08-13 14:43:09 8,460,800 ----a-w c:\windows\shell32.dll
+ 2008-03-04 13:40:34 66,048 ----a-w c:\windows\shimeng.dll
+ 2008-06-23 16:12:05 474,112 ----a-w c:\windows\shlwapi.dll
+ 2006-12-19 21:50:10 135,168 ----a-w c:\windows\shsvcs.dll
+ 2007-08-11 00:46:16 26,488 ----a-w c:\windows\spcustom.dll
+ 2006-06-14 08:50:19 6,272 ----a-w c:\windows\splitter.sys
+ 2007-08-11 00:46:18 17,272 ----a-w c:\windows\spmsg.dll
+ 2007-08-11 00:46:18 231,288 ----a-w c:\windows\spuninst.exe
+ 2007-08-11 00:46:18 26,488 ----a-w c:\windows\spupdsvc.exe
+ 2006-08-14 12:00:42 332,928 ----a-w c:\windows\srv.sys
+ 2006-10-19 16:29:09 96,768 ----a-w c:\windows\srvsvc.dll
+ 2006-07-10 12:37:54 59,392 ----a-w c:\windows\stclient.dll
+ 2005-11-05 00:55:10 48,768 ----a-w c:\windows\stream.sys
+ 2006-08-21 14:52:08 246,814 ----a-w c:\windows\strmdll.dll
+ 2008-01-17 17:59:53 713,216 ----a-w c:\windows\sxs.dll
+ 2005-04-28 19:16:30 193,024 ----a-w c:\windows\sysmod.dll
+ 2005-04-28 19:16:30 173,568 ----a-w c:\windows\sysmoda.dll
+ 2008-04-14 00:12:17 5,120 -c--a-w c:\windows\system32\dllcache\dllhost.exe
+ 2008-04-14 00:12:21 10,752 -c--a-w c:\windows\system32\dllcache\hh.exe
- 2006-10-19 01:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 00:12:02 142,336 -c--a-w c:\windows\system32\dllcache\nwprovau.dll
+ 2008-04-14 00:12:38 73,216 -c--a-w c:\windows\system32\dllcache\tlntsvr.exe
- 2006-11-01 22:31:34 315,904 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2006-10-19 01:47:20 10,834,432 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2008-04-13 18:55:08 202,624 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2008-12-07 03:24:14 1,466,144 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-08 08:07:31 1,466,296 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 00:11:54 691,712 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\system32\inetcomm.dll
- 2008-11-23 00:29:17 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-12-09 20:06:37 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-01-02 15:21:38 17,642,616 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-03 21:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2006-10-19 01:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2008-04-14 00:12:01 1,306,624 ----a-w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2007-08-11 01:46:18 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 1996-01-12 23:00:00 24,576 ----a-w c:\windows\system32\STKIT432.DLL
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ------w c:\windows\system32\tzchange.exe
- 2006-10-19 01:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
- 2006-10-19 01:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 23:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll
+ 2005-10-17 20:21:20 117,760 ----a-w c:\windows\t2embed.dll
+ 2008-08-06 18:07:19 249,856 ----a-w c:\windows\tapisrv.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\tcpip6.sys
+ 2005-05-10 23:51:10 75,776 ----a-w c:\windows\telnet.exe
+ 2007-11-12 21:58:09 295,424 ----a-w c:\windows\termsrv.dll
+ 2008-08-01 04:53:17 153,088 ----a-w c:\windows\triedit.dll
+ 2008-05-05 19:58:39 53,248 ----a-w c:\windows\tsgqec.dll
+ 2007-08-07 09:08:09 57,856 ----a-w c:\windows\twext.dll
+ 2006-07-10 12:37:54 101,376 ----a-w c:\windows\txflog.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\tzchange.exe
+ 2006-10-04 14:05:57 35,840 ----a-w c:\windows\umandlg.dll
+ 2007-12-18 13:38:57 123,392 ----a-w c:\windows\umpnpmgr.dll
+ 2008-03-20 08:15:10 373,248 ----a-w c:\windows\unidrv.dll
+ 2008-03-20 08:15:10 744,960 ----a-w c:\windows\unidrvui.dll
+ 2008-03-13 04:52:36 761,344 ----a-w c:\windows\unires.dll
+ 2007-09-19 10:55:32 364,160 ----a-w c:\windows\update.sys
+ 2007-08-11 00:46:28 382,840 ----a-w c:\windows\updspapi.dll
+ 2007-02-05 20:19:14 185,344 ----a-w c:\windows\upnphost.dll
+ 2008-06-23 16:12:06 618,496 ----a-w c:\windows\urlmon.dll
+ 2007-04-10 10:08:20 60,032 ----a-w c:\windows\usbaudio.sys
+ 2008-04-24 09:15:26 30,336 ----a-w c:\windows\usbehci.sys
+ 2008-03-04 09:13:41 59,520 ----a-w c:\windows\usbhub.sys
+ 2008-04-24 09:15:27 17,152 ----a-w c:\windows\usbohci.sys
+ 2008-04-24 09:15:26 144,128 ----a-w c:\windows\usbport.sys
+ 2008-04-24 09:15:27 20,608 ----a-w c:\windows\usbuhci.sys
+ 2005-07-30 00:01:14 121,856 ----a-w c:\windows\usbvideo.sys
+ 2007-03-08 15:48:36 578,048 ----a-w c:\windows\user32.dll
+ 2007-06-26 05:54:53 406,016 ----a-w c:\windows\usp10.dll
+ 2006-10-04 10:40:06 50,176 ----a-w c:\windows\utilman.exe
+ 2006-02-11 03:31:24 218,624 ----a-w c:\windows\uxtheme.dll
+ 2008-05-09 10:45:16 430,080 ----a-w c:\windows\vbscript.dll
+ 2006-03-17 01:05:36 28,672 ----a-w c:\windows\verclsid.exe
+ 2004-11-12 20:10:34 26,624 ----a-w c:\windows\verifier.dll
+ 2007-06-26 15:16:01 851,968 ----a-w c:\windows\vgx.dll
+ 2007-05-30 10:47:45 81,664 ----a-w c:\windows\videoprt.sys
+ 2008-07-04 18:38:14 175,616 ----a-w c:\windows\w32time.dll
+ 2008-05-03 10:15:17 52,736 ----a-w c:\windows\w32tm.exe
+ 2007-05-16 15:32:56 510,976 ----a-w c:\windows\wab32.dll
+ 2007-05-16 15:32:56 85,504 ----a-w c:\windows\wabimp.dll
+ 2006-08-22 12:27:13 531,456 ----a-w c:\windows\wbemcore.dll
+ 2006-11-06 13:16:19 49,152 ----a-w c:\windows\wdigest.dll
+ 2006-06-14 09:17:04 82,944 ----a-w c:\windows\wdmaud.sys
+ 2006-01-04 03:18:34 68,096 ----a-w c:\windows\webclnt.dll
+ 2007-09-25 18:10:31 333,824 ----a-w c:\windows\wiaservc.dll
+ 2008-05-30 11:16:47 1,846,272 ----a-w c:\windows\win32k.sys
+ 2008-06-23 16:12:08 667,136 ----a-w c:\windows\wininet.dll
+ 2008-04-22 18:00:05 292,864 ----a-w c:\windows\winsrv.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
+ 2008-05-05 11:08:20 134,144 ----a-w c:\windows\wkssvc.dll
+ 2007-07-27 05:06:35 69,120 ----a-w c:\windows\wlanapi.dll
+ 2007-10-27 22:40:06 227,328 ----a-w c:\windows\wmasf.dll
+ 2007-04-30 07:22:16 4,734,976 ----a-w c:\windows\wmp.dll
+ 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\wmvcore.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\wscript.exe
+ 2005-01-28 23:49:20 80,896 ----a-w c:\windows\wscsvc.dll
+ 2008-07-21 07:26:28 36,864 ----a-w c:\windows\wshcon.dll
+ 2008-05-09 10:45:17 90,112 ----a-w c:\windows\wshext.dll
+ 2008-07-19 02:09:44 563,912 ----a-w c:\windows\wuapi.dll
+ 2006-10-30 00:28:56 172,504 ----a-w c:\windows\wuauclt1.exe
+ 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\wuaueng.dll
+ 2006-10-30 00:28:56 194,520 ----a-w c:\windows\wuaueng1.dll
+ 2008-07-19 02:09:06 25,800 ----a-w c:\windows\wuauserv.dll
+ 2008-07-19 02:09:46 325,832 ----a-w c:\windows\wucltui.dll
+ 2008-07-19 02:10:20 36,552 ----a-w c:\windows\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w c:\windows\wups2.dll
+ 2008-07-19 02:09:44 205,000 ----a-w c:\windows\wuweb.dll
+ 2008-06-16 15:34:17 383,488 ----a-w c:\windows\wzcdlg.dll
+ 2006-08-22 12:32:48 52,736 ----a-w c:\windows\wzcsapi.dll
+ 2008-04-22 17:49:38 476,160 ----a-w c:\windows\wzcsvc.dll
+ 2006-07-21 05:07:50 121,856 ----a-w c:\windows\xmllite.dll
+ 2006-03-01 19:34:20 11,776 ----a-w c:\windows\xolehlp.dll
+ 2006-10-10 12:44:50 557,568 ----a-w c:\windows\xpnetdg.exe
+ 2008-08-13 09:35:19 351,744 ----a-w c:\windows\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2007-09-17 228352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-07 1261336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

c:\documents and settings\Account 2\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Belkin\\F5D8053\\Belkinwcui.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\GemFighter\\Home.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\GrandChaseTW\\main.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"c:\\Nexon\\ElSword\\Data\\X2.exe"=
"c:\\Program Files\\BYOND35\\bin\\byond.exe"=
"c:\\Netmarble\\NetmarbleGrandChase\\main.exe"=
"c:\\Netmarble\\NetmarbleDownLoaderEx\\NetmarbleDownLoader_EngineEx.exe"=
"c:\\Netmarble\\NetmarbleGrandChaseTest\\main.exe"=
"c:\\Program Files\\SurvivalProject\\sp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\DVR\\Encode.exe"=
"c:\\Nexon\\NexonPlug\\NMService.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10500:TCP"= 10500: TCP : *:Disabled:BitCometLite 10500 TCP
"10500:UDP"= 10500: UDP : *:Disabled:BitCometLite 10500 UDP
"1723:TCP"= 1723: TCP : @xpsp2res.dll,-22015
"1701:UDP"= 1701: UDP : @xpsp2res.dll,-22016
"500:UDP"= 500: UDP : @xpsp2res.dll,-22017

.
Contents of the 'Scheduled Tasks' folder

2008-06-26 c:\windows\Tasks\Paint.job
- c:\windows\system32\mspaint.exe [2008-04-13 19:12]

2008-12-04 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:17]

2007-12-30 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:17]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Account 2\Application Data\Mozilla\Firefox\Profiles\9lbbzxkn.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk2222.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.21115.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk213214.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 01:21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-12 1:23:16
ComboFix-quarantined-files.txt 2008-12-12 06:23:12
ComboFix2.txt 2008-12-07 20:37:15
ComboFix3.txt 2008-12-06 23:31:31
ComboFix4.txt 2008-12-06 20:48:49
ComboFix5.txt 2008-12-12 06:19:56

Pre-Run: 187,234,537,472 bytes free
Post-Run: 187,334,561,792 bytes free

799 --- E O F --- 2008-12-08 03:04:18

Please help...

SuyaTroubled
Newbie Poster
6 posts since Dec 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

OK, well follow these instructions:

* Open MBA-M
* Go into the Update tab, and update MBA-M
* Once the update has finished, Go back into the main menu and select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Also, post back with a fresh new HJT log.

Thanks,

Cohen

cohen
Practically a Posting Shark
822 posts since Nov 2008
Reputation Points: 46
Solved Threads: 45
 
3 Years Ago
0

I actually think I solved it =) I managed to find a suspicious file in my system32 folder, renamed rpcss.dll to something else and my internet came back like that.
I will however fetch that log if it happens again.. I'm not sure it will though, pretty sure that was my problem.

SuyaTroubled
Newbie Poster
6 posts since Dec 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Can you pls follow my instructions so we know that it is completely gone! Just because the file is gone, doesn't mean that it is completely out of your system. There could be a file that will reproduce that file and continue to cause problems....

Once again, pls follow my instructions and we then can make sure that your system is completely clean.

Thankyou,

Cohen

cohen
Practically a Posting Shark
822 posts since Nov 2008
Reputation Points: 46
Solved Threads: 45
 
3 Years Ago
0

You were right, it wasn't gone.. right as I was going to post my scans the internet cut out.
Another thing to note, when I run CHKDSK /f it forces the internet back up for a bit, so here's the info while I got it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:00 AM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-725345543-1965331169-1801674531-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User '?')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} (Launcher Class) - http://download.gemfighter.com/launcher/gemx2.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx3013.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4248 bytes

.. Cripes, seems my MBAM log was deleted as well. I also have another combofix log, I'll try to make another MBAM log though it reported 0 malicious items.

SuyaTroubled
Newbie Poster
6 posts since Dec 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Can you pls post the MBA-M log,

Thanks,

Cohen

cohen
Practically a Posting Shark
822 posts since Nov 2008
Reputation Points: 46
Solved Threads: 45
 
3 Years Ago
0

uummm... i have a question....

Are you posting somewhere else?? on another forum???

Because Judy and i never requested a combo fix log and yet, you posted one.....

Why is that???

If you are posting somewhere else, this is a big NO NO! Can you pls stop at the other forum or where ever you are posting, because that can make things very difficult.

Thanks,

Cohen

cohen
Practically a Posting Shark
822 posts since Nov 2008
Reputation Points: 46
Solved Threads: 45
 
3 Years Ago
0

Malwarebytes' Anti-Malware 1.31
Database version: 1505
Windows 5.1.2600 Service Pack 3

12/16/2008 2:52:37 AM
mbam-log-2008-12-16 (02-52-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134706
Time elapsed: 47 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

There's the MBAM log.

SuyaTroubled
Newbie Poster
6 posts since Dec 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

alright, thanks can you pls answer my above post



uummm... i have a question....

Are you posting somewhere else?? on another forum???

Because Judy and i never requested a combo fix log and yet, you posted one.....

Why is that???

If you are posting somewhere else, this is a big NO NO! Can you pls stop at the other forum or where ever you are posting, because that can make things very difficult.



thanks,

Cohen

cohen
Practically a Posting Shark
822 posts since Nov 2008
Reputation Points: 46
Solved Threads: 45
 
3 Years Ago
0

Oh! Sorry, didn't see that post. I'm new to this whole posting for help thing, as this is the first time I've come across a malicious program that I couldn't fix on my own. Sorry, I figured it'd be smart to post a combofix log.. So to answer your question, no I am not.

SuyaTroubled
Newbie Poster
6 posts since Dec 2008
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0
Oh! Sorry, didn't see that post. I'm new to this whole posting for help thing, as this is the first time I've come across a malicious program that I couldn't fix on my own. Sorry, I figured it'd be smart to post a combofix log.. So to answer your question, no I am not.


Alright, thanks....

cohen
Practically a Posting Shark
822 posts since Nov 2008
Reputation Points: 46
Solved Threads: 45
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed