Scrubbed But Still Infected

Discussion in 'Malware Help (A Specialist Will Reply)' started by DrPepper007, Feb 26, 2009.

  1. DrPepper007

    DrPepper007 Private E-2

    So my computer was badly infected, to the point where my task manger had been disabled and my background was gone, etc. Using Spybot, SuperAntiSpyware, and MalwareBites Anti-Malware (and some others) I got it back to about 90 - 95%, but I'm still having issues. Among other things I'm getting "Bad Image" errors, trying to visit sites (yahoo, facebook, or any site where I need to post in forums such as this) some sites don't even register on either Firefox or IE; I get "Connection Timed Out, "Error 216 at...," "Connection Interrupted" error messages.

    Now according to scans with Security Task Manager and Hackthis I already see that I'm still infected with Facegame, Gool, and ctfmon (I also have somethere that says "Fumo," not sure what that is) in my startup, and I know there are some things that run on startup that I can get rid of. I want to run SDFix, but I figured before I do anything else I'd get some advise/opinion on what's going on with my system. Here's my Hackthis log, thanks.

    I'm just trying to figure this one out, any help would be much appreciated.

    Thanks
     
    DrPepper007, Feb 26, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!


    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide


    Helpful Notes:


    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. To avoid addtional delay in getting a response, it is strongly advise that after completing the READ & RUN ME you also read this sticky Don't Bump! It Only Hurts You!!!. Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    TimW, Feb 27, 2009
    #2
  3. DrPepper007

    DrPepper007 Private E-2

    Ok, so I followed all the instructions on cleaning out my computer and I'm still having issues. Here's a sample of what's going on:

    Ticket Annex:
    When trying to get to the login in page of my account I get this error message:

    "Connection Interrupted
    The connection to the server was reset while the page was loading.
    The network link was interrupted while negotiating a connection. Please try again."


    Yahoo Mail:
    When trying to send an email from my account I get this message:

    "Sending taking a little longer than usual...
    We'll keep trying and let you know when it's been sent.
    Oops! We are having a problem sending your message"

    (pop up box)
    "Invalid XML Erro
    Oops! Looks like we were unable to retrieve your message. Please contact Yahoo! Customer Care and copy/paste the following information to help us resolve your issue. Thanks!"

    "Method: GetAttachmentSettings
    HTTP Status: 200
    Status Text: OK

    Reason: XML Parsing Error: no element found Location: http://us.mg2.mail.yahoo.com"


    Photobucket:
    Logs in eventually, but can't see stored images and words on the site seeme to be on top of one another (see screen shot below). Also, when I click on an image title after a long wait I get the message:

    "Connection Interrupted
    The connection to the server was reset while the page was loading.
    The network link was interrupted while negotiating a connection. Please try again."



    Windows Live Messenger:
    When I try to log in I get the following:

    "We were unable to sign you into Windows Live Messenger at this time. Please try again later.

    To let us try and trobleshoot the problem, click the Troubleshoot button.
    Error code: 80048820
    Extended error codes: 80048439"
    The troubleshoot indicates that everything is okay (or has a green check):
    IP... -- ok
    Default gateway... -- ok
    IE's offline setting... -- ok
    Hosts File... -- ok
    DNS... -- ok
    Proxy Server... -- ok
    Key Ponts... -- ok
    wireless... not checked (I'm using a desktop)

    When I retry the "Hosts File..." appears with a yellow triangle with the "!" in it

    Major Geeks:
    When trying to post in the “reply” box I get this error message:

    “Connection Interrupted
    The connection to the server was reset while the page was loading.
    The network link was interrupted while negotiating a connection. Please try again.”
     
    DrPepper007, Mar 12, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I can't do anything for you unless you attach the requested logs from doing the Read and Run Instructions.
     
    TimW, Mar 14, 2009
    #4
  5. DrPepper007

    DrPepper007 Private E-2

    Sorry about that, here are the logs

    ComboFix 09-02-28.01 - Akil 2009-03-01 19:45:40.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2294.1549 [GMT -5:00]
    Running from: c:\documents and settings\Akil\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    FW: Sygate Personal Firewall *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bszip.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
    .

    2009-03-01 16:49 . 2009-03-01 16:49 1,337,489 --a------ C:\MGtools.exe
    2009-03-01 16:19 . 2009-03-01 16:19 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-03-01 16:19 . 2009-03-01 16:19 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-03-01 16:19 . 2009-03-01 16:19 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-03-01 15:16 . 2009-03-01 15:16 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-02-25 20:29 . 2009-02-25 20:29 <DIR> d-------- c:\program files\Pando Networks
    2009-02-25 20:29 . 2009-02-25 20:29 <DIR> d-a------ c:\program files\NBC Direct
    2009-02-25 20:29 . 2009-03-01 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
    2009-02-25 20:29 . 2009-02-25 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\NBC Direct
    2009-02-25 20:29 . 2009-03-01 19:36 <DIR> d-------- c:\documents and settings\Akil\Application Data\NBC Direct
    2009-02-25 20:29 . 2009-02-25 20:29 <DIR> d-------- c:\documents and settings\Akil\Application Data\IDM
    2009-02-25 10:40 . 2009-02-25 10:40 <DIR> d-------- c:\program files\SnagIt
    2009-02-24 23:47 . 2009-03-01 02:05 <DIR> d-------- c:\documents and settings\Akil\Application Data\skypePM
    2009-02-24 23:47 . 2009-02-24 23:47 56 --ah----- c:\windows\system32\ezsidmv.dat
    2009-02-23 11:30 . 2009-02-23 11:30 <DIR> dr------- c:\program files\Skype
    2009-02-23 11:30 . 2009-02-23 11:30 <DIR> d-------- c:\program files\Common Files\Skype
    2009-02-13 23:59 . 2009-02-13 23:59 <DIR> d-------- c:\program files\Photosynth
    2009-02-06 11:10 . 2009-02-06 11:10 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2009-02-04 12:29 . 2009-02-04 12:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-01 21:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-01 21:24 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-01 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-01 21:12 --------- d-----w c:\program files\SUPERAntiSpyware
    2009-03-01 21:12 --------- d-----w c:\documents and settings\Akil\Application Data\SUPERAntiSpyware.com
    2009-03-01 21:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-03-01 20:46 --------- d-----w c:\program files\Verizon
    2009-03-01 20:42 --------- d-----w c:\program files\CCleaner
    2009-03-01 20:16 410,984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-01 20:06 --------- d-----w c:\program files\StarzPlay
    2009-03-01 07:55 --------- d-----w c:\documents and settings\Akil\Application Data\Skype
    2009-03-01 04:49 --------- d-----w c:\documents and settings\Akil\Application Data\Move Networks
    2009-02-23 16:30 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
    2009-02-12 14:16 --------- d-----w c:\program files\Google
    2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-06 16:10 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-02-05 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-02-04 17:28 --------- d-----w c:\program files\Common Files\Adobe
    2009-02-01 18:33 --------- d-----w c:\program files\iTunes
    2009-01-19 18:22 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-01-16 19:50 --------- d-----w c:\documents and settings\Akil\Application Data\VSO
    2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
    2009-01-02 21:43 --------- d-----w c:\documents and settings\Akil\Application Data\NCH Swift Sound
    2009-01-02 21:42 --------- d-----w c:\program files\NCH Software
    2009-01-02 19:08 --------- d-----w c:\documents and settings\Akil\Application Data\DJ ToneXpress
    2009-01-02 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
    2009-01-02 18:54 --------- d-----w c:\documents and settings\Akil\Application Data\NCH Software
    2009-01-02 18:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2009-01-02 18:49 --------- d-----w c:\documents and settings\Akil\Application Data\Recordpad
    2008-12-12 14:57 20,992 ----a-w c:\windows\bw-uninstall.exe
    2008-12-01 21:47 61,224 ----a-w c:\documents and settings\Akil\GoToAssistDownloadHelper.exe
    2007-09-13 17:10 694 ----a-w c:\program files\Shortcut to iTunes.lnk
    2007-09-13 17:10 694 ----a-w c:\program files\Shortcut (2) to iTunes.lnk
    2006-12-12 15:31 774,144 ----a-w c:\program files\RngInterstitial.dll
    2006-02-08 19:35 14,137,856 ----a-w c:\program files\iTunes.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-04_15.41.38.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-07-14 15:52:22 121,856 ----a-w c:\windows\$hf_mig$\KB915865\SP2QFE\xmllite.dll
    + 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB915865\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB915865\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB915865\update\spcustom.dll
    + 2005-10-12 23:12:28 716,000 ----a-w c:\windows\$hf_mig$\KB915865\update\update.exe
    + 2005-10-12 23:12:33 371,424 ----a-w c:\windows\$hf_mig$\KB915865\update\updspapi.dll
    + 2006-05-25 15:29:04 213,216 -c----w c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
    + 2006-05-25 15:29:04 371,424 -c----w c:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
    + 2006-05-24 17:32:48 213,216 -c----w c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
    + 2006-05-24 17:32:48 371,424 -c----w c:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
    + 2008-02-27 20:59:28 290,816 ----a-w c:\windows\Downloaded Program Files\auc_lib.dll
    + 2008-02-27 20:59:28 495,616 ----a-w c:\windows\Downloaded Program Files\daas_s.dll
    + 2008-02-27 21:00:12 262,144 ----a-w c:\windows\Downloaded Program Files\fscax.dll
    + 2008-02-27 20:59:16 588,392 ----a-w c:\windows\Downloaded Program Files\gatelauncher.exe
    + 2008-08-07 20:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
    + 2008-11-10 19:24:32 9,949,184 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-11-10 19:24:32 692,224 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 20:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-11-10 19:24:14 9,949,184 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-11-10 19:24:15 692,224 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2008-11-08 16:38:34 884,736 ----a-w c:\windows\gmer.dll
    + 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe
    + 2004-08-04 10:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
    + 2004-08-04 10:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
    + 2004-08-04 10:00:00 35,328 -c--a-w c:\windows\ie7\corpol.dll
    + 2004-09-15 17:28:08 28,672 -c--a-w c:\windows\ie7\custsat.dll
    + 2008-06-23 15:38:30 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
    + 2008-06-23 15:38:30 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
    + 2008-06-23 15:38:30 55,808 -c--a-w c:\windows\ie7\extmgr.dll
    + 2004-08-04 10:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
    + 2004-08-04 10:00:00 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
    + 2004-08-04 10:00:00 139,264 -c--a-w c:\windows\ie7\ieakeng.dll
    + 2004-08-04 10:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
    + 2004-08-04 10:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
    + 2004-08-04 10:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
    + 2008-06-23 09:49:29 18,432 -c--a-w c:\windows\ie7\iedw.exe
    + 2004-08-04 10:00:00 81,920 -c--a-w c:\windows\ie7\ieencode.dll
    + 2008-06-23 15:38:31 251,392 -c--a-w c:\windows\ie7\iepeers.dll
    + 2004-08-04 10:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
    + 2004-08-04 10:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
    + 2004-08-04 10:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
    + 2004-08-04 10:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
    + 2008-06-23 15:38:31 96,256 -c--a-w c:\windows\ie7\inseng.dll
    + 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\ie7\jscript.dll
    + 2008-06-23 15:38:31 16,384 -c--a-w c:\windows\ie7\jsproxy.dll
    + 2004-08-04 10:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
    + 2004-08-04 10:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
    + 2008-06-23 15:38:33 3,059,712 -c--a-w c:\windows\ie7\mshtml.dll
    + 2008-06-23 15:38:33 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
    + 2004-08-04 10:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
    + 2004-08-04 10:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
    + 2008-06-23 15:38:33 146,432 -c--a-w c:\windows\ie7\msrating.dll
    + 2008-06-23 15:38:33 532,480 -c--a-w c:\windows\ie7\mstime.dll
    + 2004-08-04 10:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
    + 2008-06-23 15:38:33 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
    + 2007-08-13 23:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
    + 2007-08-13 23:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
    + 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
    + 2006-09-06 22:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
    + 2004-08-04 10:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
    + 2008-06-23 15:38:34 615,936 -c--a-w c:\windows\ie7\urlmon.dll
    + 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\ie7\vbscript.dll
    + 2004-08-04 10:00:00 848,384 -c--a-w c:\windows\ie7\vgx.dll
    + 2004-08-04 10:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
    + 2008-06-23 15:38:34 659,456 -c--a-w c:\windows\ie7\wininet.dll
    - 2006-11-01 22:31:34 315,904 ----a-w c:\windows\inf\unregmp2.exe
    + 2007-06-27 03:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
    + 2009-02-23 16:30:50 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
    + 2009-02-01 18:33:29 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
    + 2007-12-12 20:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
    - 2008-10-09 13:52:54 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2009-03-01 21:12:51 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    - 2008-10-09 13:52:54 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2009-03-01 21:12:51 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2008-12-19 21:01:00 10,134 ----a-r c:\windows\Installer\{F43C7DE1-CB20-11DD-8D77-005056806466}\ARPPRODUCTICON.exe
    + 2008-12-19 21:01:00 26,694 ----a-r c:\windows\Installer\{F43C7DE1-CB20-11DD-8D77-005056806466}\UNINST_Uninstall_G_BCEEAF790189405A8B93BFE1E41FCD64.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:22 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:22 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:22 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:22 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:22 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:22 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 49,152 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:25 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 40,960 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
    + 2008-12-12 01:49:25 40,960 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:25 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:23 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:25 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:24 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
    - 2005-04-20 04:46:15 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
    + 2008-12-12 01:49:25 65,536 ----a-r c:\windows\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
    - 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    + 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
    - 2004-08-04 10:00:00 61,440 ----a-w c:\windows\system32\admparse.dll
    + 2007-08-13 23:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
    - 2004-08-04 10:00:00 99,840 ----a-w c:\windows\system32\advpack.dll
    + 2007-08-13 23:39:00 123,904 ----a-w c:\windows\system32\advpack.dll
    - 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
    + 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
    - 2004-08-04 10:00:00 35,328 ----a-w c:\windows\system32\corpol.dll
    + 2007-08-13 23:42:54 17,408 ----a-w c:\windows\system32\corpol.dll
    + 2007-08-13 23:39:20 71,680 ------w c:\windows\system32\dllcache\admparse.dll
    + 2007-08-13 23:39:00 123,904 ------w c:\windows\system32\dllcache\advpack.dll
    - 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\dllcache\cdm.dll
    + 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    + 2007-08-13 23:42:54 17,408 ------w c:\windows\system32\dllcache\corpol.dll
    - 2004-09-15 17:28:08 28,672 ----a-w c:\windows\system32\dllcache\custsat.dll
    + 2007-08-13 23:54:10 33,792 ----a-w c:\windows\system32\dllcache\custsat.dll
    - 2008-06-23 15:38:30 357,888 ------w c:\windows\system32\dllcache\dxtmsft.dll
    + 2007-08-13 23:35:46 346,624 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
    - 2008-06-23 15:38:30 205,312 ------w c:\windows\system32\dllcache\dxtrans.dll
    + 2007-08-13 23:35:38 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
    - 2008-06-23 15:38:30 55,808 ------w c:\windows\system32\dllcache\extmgr.dll
    + 2007-08-13 23:54:10 131,584 ----a-w c:\windows\system32\dllcache\extmgr.dll
    + 2007-08-13 23:18:02 60,416 ------w c:\windows\system32\dllcache\hmmapi.dll
    + 2007-08-13 23:39:06 54,784 ------w c:\windows\system32\dllcache\ie4uinit.exe
    + 2007-08-13 23:39:26 152,064 ------w c:\windows\system32\dllcache\ieakeng.dll
    + 2007-08-13 23:39:54 229,376 ------w c:\windows\system32\dllcache\ieaksie.dll
    + 2007-08-13 22:56:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    + 2007-08-13 23:39:50 382,976 ------w c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-06-23 09:49:29 18,432 ------w c:\windows\system32\dllcache\iedw.exe
    + 2007-08-13 23:44:02 69,120 ----a-w c:\windows\system32\dllcache\iedw.exe
    + 2007-08-13 23:45:18 78,336 ------w c:\windows\system32\dllcache\ieencode.dll
    - 2008-06-23 15:38:31 251,392 ------w c:\windows\system32\dllcache\iepeers.dll
    + 2007-08-13 23:54:10 191,488 ----a-w c:\windows\system32\dllcache\iepeers.dll
    + 2007-08-13 23:39:10 43,008 ------w c:\windows\system32\dllcache\iernonce.dll
    + 2007-08-13 23:39:12 55,296 ------w c:\windows\system32\dllcache\iesetup.dll
    + 2007-08-13 23:43:56 622,080 ------w c:\windows\system32\dllcache\iexplore.exe
    + 2007-08-13 23:36:06 36,352 ------w c:\windows\system32\dllcache\imgutil.dll
    - 2008-06-23 15:38:31 96,256 ------w c:\windows\system32\dllcache\inseng.dll
    + 2007-08-13 23:39:02 92,672 ----a-w c:\windows\system32\dllcache\inseng.dll
    - 2007-12-18 14:40:58 450,560 ------w c:\windows\system32\dllcache\jscript.dll
    + 2007-08-13 23:38:04 491,520 ----a-w c:\windows\system32\dllcache\jscript.dll
    - 2008-06-23 15:38:31 16,384 ------w c:\windows\system32\dllcache\jsproxy.dll
    + 2007-08-13 23:54:10 27,136 ----a-w c:\windows\system32\dllcache\jsproxy.dll
    + 2007-08-13 23:44:18 40,960 ------w c:\windows\system32\dllcache\licmgr10.dll
    + 2007-08-13 23:32:30 45,568 ------w c:\windows\system32\dllcache\mshta.exe
    - 2008-06-23 15:38:33 3,059,712 ------w c:\windows\system32\dllcache\mshtml.dll
    + 2007-08-13 23:54:12 3,578,368 ----a-w c:\windows\system32\dllcache\mshtml.dll
    - 2008-06-23 15:38:33 449,024 ------w c:\windows\system32\dllcache\mshtmled.dll
    + 2007-08-13 23:54:10 475,648 ----a-w c:\windows\system32\dllcache\mshtmled.dll
    + 2007-08-13 23:01:12 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll
    + 2007-08-13 23:54:10 156,160 ------w c:\windows\system32\dllcache\msls31.dll
    - 2008-06-23 15:38:33 146,432 ------w c:\windows\system32\dllcache\msrating.dll
    + 2007-08-13 23:44:26 192,000 ----a-w c:\windows\system32\dllcache\msrating.dll
    - 2008-06-23 15:38:33 532,480 ------w c:\windows\system32\dllcache\mstime.dll
    + 2007-08-13 23:54:10 670,720 ----a-w c:\windows\system32\dllcache\mstime.dll
    + 2007-08-13 23:44:06 101,376 ------w c:\windows\system32\dllcache\occache.dll
    - 2008-06-23 15:38:33 39,424 ------w c:\windows\system32\dllcache\pngfilt.dll
    + 2007-08-13 23:36:12 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
    - 2006-11-01 22:31:34 315,904 ----a-w c:\windows\system32\dllcache\unregmp2.exe
    + 2007-06-27 03:10:26 317,440 ----a-w c:\windows\system32\dllcache\unregmp2.exe
    + 2007-08-13 23:44:30 105,984 ------w c:\windows\system32\dllcache\url.dll
    - 2008-06-23 15:38:34 615,936 ------w c:\windows\system32\dllcache\urlmon.dll
    + 2007-08-13 23:54:10 1,162,240 ----a-w c:\windows\system32\dllcache\urlmon.dll
    + 2008-11-10 19:26:29 577,024 ----a-w c:\windows\system32\dllcache\user32.dll
    - 2007-12-18 14:40:58 417,792 ------w c:\windows\system32\dllcache\vbscript.dll
    + 2007-08-13 23:54:10 413,696 ----a-w c:\windows\system32\dllcache\vbscript.dll
    + 2007-08-13 23:54:10 765,952 ------w c:\windows\system32\dllcache\VGX.dll
    + 2007-08-13 23:54:10 231,424 ------w c:\windows\system32\dllcache\webcheck.dll
    - 2008-06-23 15:38:34 659,456 ------w c:\windows\system32\dllcache\wininet.dll
    + 2007-08-13 23:54:10 818,688 ----a-w c:\windows\system32\dllcache\wininet.dll
    - 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\dllcache\wuapi.dll
    + 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    - 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    + 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    - 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    + 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    - 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\dllcache\wucltui.dll
    + 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    - 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\dllcache\wups.dll
    + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    - 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    - 2008-10-26 01:55:22 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2009-02-06 16:10:32 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
    + 2008-11-08 16:38:34 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
    - 2007-04-23 00:15:25 36,624 ------w c:\windows\system32\drivers\pxhelp20.sys
    + 2008-07-31 22:17:04 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys
    - 2008-06-23 15:38:30 357,888 ----a-w c:\windows\system32\dxtmsft.dll
    + 2007-08-13 23:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
    - 2008-06-23 15:38:30 205,312 ----a-w c:\windows\system32\dxtrans.dll
    + 2007-08-13 23:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll
    - 2008-06-23 15:38:30 55,808 ----a-w c:\windows\system32\extmgr.dll
    + 2007-08-13 23:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll
    - 2008-10-26 22:50:44 153,176 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-01-20 14:20:41 410,288 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2007-08-13 23:36:26 61,952 ------w c:\windows\system32\icardie.dll
    + 2006-06-29 13:05:44 26,112 ------w c:\windows\system32\idndl.dll
    - 2004-08-04 10:00:00 34,304 ----a-w c:\windows\system32\ie4uinit.exe
    + 2007-08-13 23:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe
    - 2004-08-04 10:00:00 139,264 ----a-w c:\windows\system32\ieakeng.dll
    + 2007-08-13 23:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll
    - 2004-08-04 10:00:00 216,576 ----a-w c:\windows\system32\ieaksie.dll
    + 2007-08-13 23:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll
    - 2004-08-04 10:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
    + 2007-08-13 22:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll
    + 2007-02-12 21:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat
    + 2007-07-11 17:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll
    - 2004-08-04 10:00:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll
    + 2007-08-13 23:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll
    - 2004-08-04 10:00:00 81,920 ----a-w c:\windows\system32\ieencode.dll
    + 2007-08-13 23:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
    + 2007-08-13 23:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll
    - 2008-06-23 15:38:31 251,392 ----a-w c:\windows\system32\iepeers.dll
    + 2007-08-13 23:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
    - 2004-08-04 10:00:00 48,640 ----a-w c:\windows\system32\iernonce.dll
    + 2007-08-13 23:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll
    + 2007-08-13 23:34:04 266,752 ------w c:\windows\system32\iertutil.dll
    - 2004-08-04 10:00:00 62,976 ----a-w c:\windows\system32\iesetup.dll
    + 2007-08-13 23:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
    + 2007-08-13 23:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe
    + 2007-08-13 23:54:10 180,736 ------w c:\windows\system32\ieui.dll
    - 2004-08-04 10:00:00 35,840 ----a-w c:\windows\system32\imgutil.dll
    + 2007-08-13 23:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
    - 2008-06-23 15:38:31 96,256 ----a-w c:\windows\system32\inseng.dll
    + 2007-08-13 23:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
    - 2008-10-09 13:48:25 139,264 ----a-w c:\windows\system32\java.exe
    + 2009-03-01 20:16:19 144,792 ----a-w c:\windows\system32\java.exe
    - 2008-10-09 13:48:25 139,264 ----a-w c:\windows\system32\javaw.exe
    + 2009-03-01 20:16:19 144,792 ----a-w c:\windows\system32\javaw.exe
    - 2008-10-09 13:48:25 143,360 ----a-w c:\windows\system32\javaws.exe
    + 2009-03-01 20:16:19 148,888 ----a-w c:\windows\system32\javaws.exe
    - 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
    + 2007-08-13 23:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
    - 2008-06-23 15:38:31 16,384 ----a-w c:\windows\system32\jsproxy.dll
    + 2007-08-13 23:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll
    - 2004-08-04 10:00:00 22,016 ----a-w c:\windows\system32\licmgr10.dll
    + 2007-08-13 23:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
    + 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
    - 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
    - 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    - 2008-07-12 17:57:23 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    + 2008-12-16 19:36:11 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
    - 2008-09-05 03:58:20 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
    + 2009-01-15 03:16:06 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
    + 2007-08-13 23:54:10 458,752 ------w c:\windows\system32\msfeeds.dll
    + 2007-08-13 23:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll
    + 2007-08-13 23:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
    - 2004-08-04 10:00:00 29,184 ----a-w c:\windows\system32\mshta.exe
    + 2007-08-13 23:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
    - 2008-06-23 15:38:33 3,059,712 ----a-w c:\windows\system32\mshtml.dll
    + 2007-08-13 23:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll
    - 2008-06-23 15:38:33 449,024 ----a-w c:\windows\system32\mshtmled.dll
    + 2007-08-13 23:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll
    - 2004-08-04 10:00:00 56,832 ----a-w c:\windows\system32\mshtmler.dll
    + 2007-08-13 23:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
    - 2004-08-04 10:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
    + 2007-08-13 23:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
    - 2008-06-23 15:38:33 146,432 ----a-w c:\windows\system32\msrating.dll
    + 2007-08-13 23:44:26 192,000 ----a-w c:\windows\system32\msrating.dll
    - 2008-06-23 15:38:33 532,480 ----a-w c:\windows\system32\mstime.dll
    + 2007-08-13 23:54:10 670,720 ----a-w c:\windows\system32\mstime.dll
    - 2008-07-19 02:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
    + 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
    - 2008-07-19 02:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
    + 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
    + 2006-06-28 22:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
    + 2006-06-29 13:05:44 23,552 ------w c:\windows\system32\normaliz.dll
    - 2004-08-04 10:00:00 96,256 ----a-w c:\windows\system32\occache.dll
    + 2007-08-13 23:44:06 101,376 ----a-w c:\windows\system32\occache.dll
    - 2008-06-23 15:38:33 39,424 ----a-w c:\windows\system32\pngfilt.dll
    + 2007-08-13 23:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll
    + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
    - 2004-08-04 10:00:00 37,888 ----a-w c:\windows\system32\url.dll
    + 2007-08-13 23:44:30 105,984 ----a-w c:\windows\system32\url.dll
    - 2008-06-23 15:38:34 615,936 ----a-w c:\windows\system32\urlmon.dll
    + 2007-08-13 23:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll
    - 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
    + 2007-08-13 23:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
    - 2004-08-04 10:00:00 276,480 ----a-w c:\windows\system32\webcheck.dll
    + 2007-08-13 23:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll
    + 2007-08-13 23:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
    - 2008-06-23 15:38:34 659,456 ----a-w c:\windows\system32\wininet.dll
    + 2007-08-13 23:54:10 818,688 ----a-w c:\windows\system32\wininet.dll
    + 2006-10-18 09:32:38 807,032 ----a-w c:\windows\system32\wmv9dmod.dll
    - 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
    + 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
    - 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
    + 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
    - 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
    + 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    - 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
    + 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
    - 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
    + 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
    - 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
    + 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
    - 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
    + 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
    + 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll
    + 2009-03-01 20:35:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d8.dat
    + 2008-07-29 08:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
    + 2008-07-29 13:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
    + 2008-07-29 13:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
    + 2008-07-29 13:05:08 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-02-19 2233672]
    "DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-02-21 1113152]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]
    "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]
    "SMSERIAL"="sm56hlpr.exe" [2004-01-28 c:\windows\sm56hlpr.exe]

    c:\documents and settings\Akil\Start Menu\Programs\Startup\
    Check For Dope Wars Updates.lnk - c:\program files\Dopewars\WiseUpdt.exe [2008-12-18 166518]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-02-06 11:10 10520 c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "17033:TCP"= 17033:TCP:*:Disabled:BitComet 17033 TCP
    "17033:UDP"= 17033:UDP:*:Disabled:BitComet 17033 UDP
    "25108:TCP"= 25108:TCP:BitComet 25108 TCP
    "25108:UDP"= 25108:UDP:BitComet 25108 UDP
    "58626:TCP"= 58626:TCP:pMB P2P TCP Listening Port
    "58626:UDP"= 58626:UDP:pMB P2P UDP Listening Port

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-25 325128]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264]
    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
    R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-05-15 21920]
    S2 gupdate1c93f7f7251ba48;Google Update Service (gupdate1c93f7f7251ba48);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-05 133104]
    S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
    S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SASDIFSV
    *NewlyCreated* - SASENUM
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-06 01:38]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Adobe Photo Downloader - e:\program files\3.0\Apps\apdproxy.exe
    HKLM-Run-iTunesHelper - e:\program files\iTunes\iTunesHelper.exe


    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyServer = http=localhost:8080
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Refresh Pa&ge with Full Quality - c:\program files\EarthLink TotalAccess\Accelerator\\pac-page.html
    IE: Refresh Pi&cture with Full Quality - c:\program files\EarthLink TotalAccess\Accelerator\\pac-image.html
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    FF - ProfilePath - c:\documents and settings\Akil\Application Data\Mozilla\Firefox\Profiles\x1vvaz3x.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - component: c:\documents and settings\Akil\Application Data\Mozilla\Firefox\Profiles\x1vvaz3x.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
    FF - plugin: c:\documents and settings\Akil\Application Data\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll
    FF - plugin: c:\documents and settings\Akil\Application Data\Mozilla\Firefox\Profiles\x1vvaz3x.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\documents and settings\Akil\Application Data\Mozilla\Firefox\Profiles\x1vvaz3x.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
    FF - plugin: c:\documents and settings\Akil\Application Data\Mozilla\plugins\npAbacast.dll
    FF - plugin: c:\documents and settings\Akil\Application Data\Mozilla\plugins\NPAbacheck.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll
    FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
    FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-01 19:47:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
    "ImagePath"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(644)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL

    - - - - - - - > 'winlogon.exe'(2584)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL

    - - - - - - - > 'winlogon.exe'(3420)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL
    .
    Completion time: 2009-03-01 19:49:29
    ComboFix-quarantined-files.txt 2009-03-02 00:49:26
    ComboFix2.txt 2008-12-05 18:50:07
    ComboFix3.txt 2008-11-29 06:00:30
    ComboFix4.txt 2008-11-14 03:47:24
    ComboFix5.txt 2009-03-02 00:44:48

    Pre-Run: 55,303,548,928 bytes free
    Post-Run: 55,297,941,504 bytes free

    585 --- E O F --- 2009-02-05 13:12:26






    Malwarebytes' Anti-Malware 1.34
    Database version: 1813
    Windows 5.1.2600 Service Pack 2

    3/1/2009 7:17:00 PM
    mbam-log-2009-03-01 (19-17-00).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 152995
    Time elapsed: 32 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    DrPepper007, Mar 17, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the instructions properly. You MUST attach logs as requested in the READ & RUN ME. You are posting them inline. Instructions for attaching logs are given in multiple locations in the READ & RUN ME. You still need to attach the other two logs that were requested from SUPERAntiSpyware and MGtools. The below is a direct quote from the Win XP Cleaning procedure part of the READ & RUN ME.
     
    chaslang, Mar 19, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds