Message popup when load applications [Closed] [Solved]

Hi YellowRubberDuck,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

If for any reason you do not understand any of the instructions, or are just unsure then please post back with your question, and we will go through it together



Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [9xadiras] File not found
  O33 - MountPoints2\{31d864f6-94d4-11da-ba14-806d6172696f}\Shell\AutoRun\command - "" = gi2ky.exe
  O33 - MountPoints2\{31d864f6-94d4-11da-ba14-806d6172696f}\Shell\open\Command - "" = gi2ky.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Hi SpySentinel,

I've done what you've asked & below is the log file:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9xadiras deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d864f6-94d4-11da-ba14-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31d864f6-94d4-11da-ba14-806d6172696f}\ not found.
File gi2ky.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d864f6-94d4-11da-ba14-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31d864f6-94d4-11da-ba14-806d6172696f}\ not found.
File gi2ky.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 130306 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 12787465 bytes
File delete failed. C:\WINDOWS\temp\ZLT00884.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT00898.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 1024 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.38 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08022009_153440

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT00884.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT00898.TMP not found!

Registry entries deleted on Reboot...


p/s: The message still pops up and computer is very slow...

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  o Click Preferences, then click the Statistics/Logs tab.
  o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  o Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Topic reopened upon users request.

Hi SpySentinel,

I've scanned my computer using SUPERAntiSpyware and below is the result:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2009 at 07:09 PM

Application Version : 4.27.1002

Core Rules Database Version : 4038
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 00:59:18

Memory items scanned : 397
Memory threats detected : 0
Registry items scanned : 5544
Registry threats detected : 0
File items scanned : 43524
File threats detected : 4

Adware.TrustInCash
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29A8CE90-95E3-49F0-87DC-8710DC501D5A}\RP523\A0119094.ICO
C:\WINDOWS\ADULT.ICO
C:\WINDOWS\SPYWAREREMOVAL.ICO

Adware.Unknown Origin
C:\WINDOWS\SHOPPING.ICO


I can't do the online Kaspersky scan. I've mentioned in my 1st post that my computer is offline & standalone.

Should I post my current antivirus, AVG, scan result instead? Please advise.

Thank you & have a nice day!

Hi,

Please run Malwarebytes again and post the log.

You have a nice day as well.

Hi,

Updated Malwarebytes to ver 1.4 and ran the scan. Below is the result:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

31/08/2009 12:58:53
mbam-log-2009-08-31 (12-58-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 129372
Time elapsed: 34 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I've noticed that there's a recycler folder in C drive. Inside, there are two folders
1. Recycle bin icon & very long name (S-1-5-21-448539723-963894560-839522115-500)
2. NPROTECT

Inside NPROTECT, there are many files starting with 00000369 until 00000538.

Do you think the above folders & files made my computer gone crazy?

p/s: If fixing my computer needs Internet connection, let me know. I'll think of a way to get online.

Thanks & have a nice day!

Hello YellowRubberDuck,

I am standing in for SpySentinel who is extremely busy with college.

One thing: I know you are being helpful but please just post normally. The colours are hard to read and can be confusing as we use colour to highlight some parts of our instructions.

Now

There was something not quite right about the way that Malwarebytes scan ran and what it found. I want to use another tool to see if there is something hiding there.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Hi emeraldnzl,

Oops, I didn't know posting with colours can be a nuisance to the Techs.
I won't post with colours again next time.

1. Firstly, I disabled AVG 8.5 by shutting down the tray icon.
2. Then, I ran ComboFix.
3. ComboFix prompted me that AVG is still running.
4. So, I used Task Manager to disable all AVG processes.
5. However, whenever I clicked to terminate the process, the process vanished for few seconds & it keeps coming back again.
6. Then, I tried to uninstall AVG but there is an error (unable to create registry key) that prevented me to uninstall.
7. Lastly, I have chosen to diagnostic startup my computer.
8. ComboFix ran successfully!

I do not have internet connection to my computer, as mentioned in my 1st post.
So, I was unable to install the recovery console.

Below is ComboFix.txt

ComboFix 09-08-31.03 - Administrator 02/09/2009 22:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.478.149 [GMT 8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\NPROTECT
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\patch.exe
c:\windows\Readme.txt
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\open.ico
D:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-08-23 10:02 . 2009-09-02 13:11 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-23 10:02 . 2009-08-23 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-23 10:02 . 2009-08-23 10:02 65024 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-08-23 10:02 . 2009-08-23 10:02 18944 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-08-23 10:02 . 2009-08-23 10:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-23 10:02 . 2009-08-23 10:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 13:32 . 2009-05-24 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-09-02 12:37 . 2006-05-23 15:50 35072 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 05:02 . 2007-04-09 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-08-31 05:02 . 2006-04-28 15:51 -------- d-----w- c:\program files\AutoCAD 2004
2009-08-31 04:23 . 2009-07-30 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 10:02 . 2007-05-15 13:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-03 05:36 . 2009-07-30 14:26 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 05:36 . 2009-07-30 14:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 14:26 . 2009-07-30 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-30 14:26 . 2009-07-30 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-30 14:25 . 2008-05-10 17:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-30 14:25 . 2008-05-10 16:54 -------- d-----w- c:\program files\SpywareBlaster
2009-07-30 14:24 . 2009-07-30 14:24 -------- d-----w- c:\program files\CCleaner
2009-07-10 09:53 . 2007-10-11 11:26 278 -c--a-w- c:\windows\popcinfo.dat
2009-07-07 09:26 . 2009-07-07 09:26 -------- d-----w- c:\program files\Autodesk
2009-07-07 05:00 . 2009-07-07 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-06 21:55 . 2007-09-23 14:45 10074144 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2004-08-03 16:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-03 16:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-03 16:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-03 16:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-03 16:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2004-08-03 16:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:31 658944 B7156CD97E739F3014BC4D61758F868A c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 13:12 658944 1901AD51DA8BE9F8B38D5D526E5D1788 c:\windows\$NtUninstallKB942615$\wininet.dll
[-] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-12-07 01:07 659456 57D1B5150CF6331FAC6B3E04C1FCB966 c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2008-02-16 08:59 659456 0C690E77C0E924C45B4D7045B182FFF1 c:\windows\system32\wininet.dll
[-] 2008-02-16 08:59 659456 0C690E77C0E924C45B4D7045B182FFF1 c:\windows\system32\dllcache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2004-08-03 15:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-10-16 03:54 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-03 16:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-03 16:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[-] 2004-08-03 15:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 15:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 15:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 15:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2004-08-03 17:05 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2004-08-03 15:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-03 16:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 16:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe
[-] 2004-08-03 16:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\dllcache\services.exe

[-] 2004-08-03 16:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-03 16:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe

[-] 2004-08-03 16:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-03 16:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-03 16:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe

[-] 2004-08-03 16:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-03 16:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe

[-] 2004-08-03 16:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-03 16:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2004-08-03 16:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-03 16:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-03 16:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll

[-] 2004-08-03 16:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-03 16:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[-] 2005-10-05 00:51 3017728 3394299FBF1CD0B24089FC762611360B c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-07-20 02:03 3016192 A14A7A206AE22DE4FE563E44CFC7DDF5 c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-11-24 01:07 3018240 D3F037F5DA702AE9DDD7663EC9D78BA7 c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-10-23 15:34 3061248 88E1C15BB1A9ED3CBA4D6F2F408D5010 c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2007-01-04 14:05 3062272 1C45525574EF206346FBAFCAAC7CC4A5 c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[-] 2007-02-19 17:52 3063296 2991727809C7AC3A33E4178CC73244D8 c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2007-05-04 12:59 3064320 00ADCB32832A10ED9419493BCEA97526 c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-06-15 08:12 3064320 53F3FD772C010622346C39284C4A863B c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-08-22 12:55 3064832 885E3BF99EA4B2213901EBC35B34CF12 c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[-] 2007-10-30 09:55 3065856 79314A0A6B0DA78AFE491FF2D8B117BA c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-12-07 00:44 3066368 8A4DD074DEC1B0C063C8493ABF654CBC c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll
[-] 2008-02-16 09:32 3066880 701A6798DDF875CAA3A5099EE75FD57F c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[-] 2005-07-20 02:00 3014144 31E7520E58E5E4DFA93215A6D5603AF2 c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2004-08-03 16:56 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB896727$\mshtml.dll
[-] 2005-10-04 09:26 3015168 042AC20E084D21DD6BEE99B89CC30FB7 c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-11-24 01:06 3015680 5E7A39950EA133BB54719A6E08C544A7 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-10-23 15:17 3055104 5FC7DE1195C8E9B5360FD65DBE95E5B0 c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2007-01-04 13:36 3056640 F31274D7667D83E73C6EE16D2206B76C c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2007-02-20 09:48 3056640 6B9D083C0D4C4555FE011B01A98872DA c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-05-04 12:29 3058688 4D92717B5BBCE85F1254BAD23B0D357C c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-06-14 18:09 3058688 F049C52772FC86FD5F6C16D77A2A6204 c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 2007-08-22 13:12 3058176 591449BD8F2C8090B9259E88C78AE61D c:\windows\$NtUninstallKB942615$\mshtml.dll
[-] 2007-10-30 10:16 3058688 DA077E334961230C12E3E4D62626286E c:\windows\$NtUninstallKB944533$\mshtml.dll
[-] 2007-12-07 14:37 3059200 DA9377A57A277170C78095C0E8BD8C85 c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 2008-02-16 22:29 3059712 77DBF6075405494AD6B6A99E2C732F86 c:\windows\system32\mshtml.dll
[-] 2008-02-16 22:29 3059712 77DBF6075405494AD6B6A99E2C732F86 c:\windows\system32\dllcache\mshtml.dll

[-] 2004-08-03 14:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\kbdclass.sys
[-] 2004-08-03 14:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-03 16:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-03 16:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\dllcache\comres.dll

[-] 2004-08-03 16:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-03 16:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\dllcache\lpk.dll

[-] 2001-08-23 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2001-08-23 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2001-08-23 12:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\dllcache\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-03 16:56 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-03 16:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-03 16:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\dllcache\msgsvc.dll

[-] 2004-08-03 16:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 1997-04-01 23:04 482576 3E1EBECE627D754BE81C301887B95C63 c:\windows\system\Comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\dllcache\comctl32.dll
[-] 2001-08-23 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-03 16:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2001-08-23 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\dllcache\acpiec.sys
[-] 2001-08-23 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-03 16:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-03 16:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\dllcache\sfc.dll

[-] 2004-08-03 16:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll
[-] 2004-08-03 16:56 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\dllcache\netlogon.dll

[-] 2004-08-03 16:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[-] 2004-08-03 16:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\dllcache\qmgr.dll

[-] 2004-08-03 16:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\scecli.dll
[-] 2004-08-03 16:56 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\dllcache\scecli.dll

[-] 2004-08-03 16:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\eventlog.dll
[-] 2004-08-03 16:56 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\system32\dllcache\eventlog.dll

[-] 2004-08-03 15:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 15:05 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2004-08-03 15:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\drivers\ntfs.sys

[-] 2004-03-25 23:07 52224 026141A24DEB21BB63B0771B90A28D37 c:\windows\RegisteredPackages\{5A95C02F-84F7-4B9F-93C7-66FBDCEFE91C}\MsPMSNSv.dll
[-] 2004-08-03 16:56 52224 C086483E3DBA8C1C0A687EC8D5B3D4C1 c:\windows\RegisteredPackages\{5A95C02F-84F7-4B9F-93C7-66FBDCEFE91C}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-10-11 03:20 25088 C9BF4BC4D24A3A25E4A4894499FD9A6A c:\windows\system32\mspmsnsv.dll
[-] 2004-10-11 03:20 25088 C9BF4BC4D24A3A25E4A4894499FD9A6A c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-08-03 16:56 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\system32\xmlprov.dll
[-] 2004-08-03 16:56 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\system32\dllcache\xmlprov.dll

[-] 2004-08-03 16:56 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 16:56 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\system32\dllcache\cryptsvc.dll

[-] 2004-08-03 16:56 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\system32\browser.dll
[-] 2004-08-03 16:56 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\system32\dllcache\browser.dll

[-] 2005-07-08 16:28 249344 1418A3A6E76E5A2E3F5E43866E793A8B c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2004-08-03 16:56 246272 EB4A4187D74A8EFDCBEA3EA2CB1BDFBD c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2005-07-08 16:27 249344 FB78839B36025AA286A51289ED28B73E c:\windows\system32\tapisrv.dll
[-] 2005-07-08 16:27 249344 FB78839B36025AA286A51289ED28B73E c:\windows\system32\dllcache\tapisrv.dll

[-] 2004-08-03 16:56 245248 4E74AF063C3271FBEA20DD940CFD1184 c:\windows\system32\mswsock.dll
[-] 2004-08-03 16:56 245248 4E74AF063C3271FBEA20DD940CFD1184 c:\windows\system32\dllcache\mswsock.dll

[-] 2005-08-22 18:24 197632 3516D8A18B36784B1005B950B84232E1 c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-03 16:56 198144 DAB9E6C7105D2EF49876FE92C524F565 c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2005-08-22 18:29 197632 36739B39267914BA69AD0610A0299732 c:\windows\system32\netman.dll
[-] 2005-08-22 18:29 197632 36739B39267914BA69AD0610A0299732 c:\windows\system32\dllcache\netman.dll

[-] 2005-07-26 04:20 243200 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-03 16:56 243200 ACD36A2DD7D1E9D8A060AA651DC07E63 c:\windows\$NtUninstallKB902400$\es.dll
[-] 2005-07-26 04:39 243200 34BBD9ACC1538818F2C878898C64E793 c:\windows\system32\es.dll
[-] 2005-07-26 04:39 243200 34BBD9ACC1538818F2C878898C64E793 c:\windows\system32\dllcache\es.dll

[-] 2005-09-01 01:44 19968 648BF0B4DDE4F7A1156DAE7174D36EFA c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2004-08-03 16:56 18944 C2BBD044C741EA4292016C36F718D2E4 c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2005-09-01 01:41 19968 A1A688EE56CF3BBD24EDEB815D48E9BA c:\windows\system32\linkinfo.dll
[-] 2005-09-01 01:41 19968 A1A688EE56CF3BBD24EDEB815D48E9BA c:\windows\system32\dllcache\linkinfo.dll

[-] 2004-08-03 16:56 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 16:56 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2007-02-05 20:19 185344 36ACA6CDC19C95FF468A1426EB7F32F0 c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2004-08-03 16:56 185344 0546477BDE979E33294FE97F6B3DE84A c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 2007-02-05 20:17 185344 ACA5D98663D879C6BAAFCEA7E2F1B710 c:\windows\system32\upnphost.dll
[-] 2007-02-05 20:17 185344 ACA5D98663D879C6BAAFCEA7E2F1B710 c:\windows\system32\dllcache\upnphost.dll

[-] 2004-08-03 16:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll
[-] 2004-08-03 16:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\dllcache\srsvc.dll

[-] 2004-08-03 16:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe
[-] 2004-08-03 16:56 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\dllcache\wscntfy.exe

[-] 2004-08-03 16:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 16:56 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\dllcache\ntmssvc.dll

[-] 2004-08-03 16:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll
[-] 2004-08-03 16:56 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\dllcache\rasauto.dll

[-] 2004-08-03 16:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 16:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll

[-] 2004-08-03 16:56 190976 92360854316611F6CC471612213C3D92 c:\windows\system32\schedsvc.dll
[-] 2004-08-03 16:56 190976 92360854316611F6CC471612213C3D92 c:\windows\system32\dllcache\schedsvc.dll

[-] 2004-08-03 16:56 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\system32\regsvc.dll
[-] 2004-08-03 16:56 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\system32\dllcache\regsvc.dll

[-] 2006-12-19 21:50 135168 53D9184A21C5CBF600D918E51EF3A7E5 c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-03 16:56 134656 E7518DC542D3EBDCB80EDD98462C7821 c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2006-12-19 21:52 134656 6815DEF9B810AEFAC107EEAF72DA6F82 c:\windows\system32\shsvcs.dll
[-] 2006-12-19 21:52 134656 6815DEF9B810AEFAC107EEAF72DA6F82 c:\windows\system32\dllcache\shsvcs.dll

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-03 14:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2004-08-03 16:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll
[-] 2004-08-03 16:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\appmgmts.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-24 13:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Net Driver HPZ12"=2 (0x2)
"NBService"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"InCDsrv"=2 (0x2)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"avg8wd"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza-TCP
"6346:UDP"= 6346:UDP:Shareaza-UDP
"14710:TCP"= 14710:TCP:BitComet 14710 TCP
"14710:UDP"= 14710:UDP:BitComet 14710 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/05/2009 21:30 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/05/2009 21:30 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 BjsPort;Canon BJ Scanner Port Driver;c:\windows\system32\drivers\BjsPort.sys [09/10/2005 16:14 14656]
S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys --> c:\windows\system32\Drivers\Parclass.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/05/2009 21:30 298776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-963894560-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\ashampoo\DRIVER2\MAPPINGS\IOMEGA ZIPCD 12×10×32**]
"load1"="PLEXTOR_PX_W1210S"
"Caps_WriteMaxSpeed"="12"

[HKEY_LOCAL_MACHINE\software\ashampoo\DRIVER2\MAPPINGS\IOMEGA ZIPCD 12×4×32**]
"load1"="SANYOR800"
"Caps_WriteMaxSpeed"="12"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-09-02 22:18
ComboFix-quarantined-files.txt 2009-09-02 14:18

Pre-Run: 13,595,271,168 bytes free
Post-Run: 13,579,976,704 bytes free

465

Hello YellowRubberDuck,

This may help in disabling AVG:

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

Now

That ComboFix run showed a whole pile of System Files as infected or patched. I am wondering whether that is because you ran it when your computer was in diagnostic mode?

Please see if you can run it again but in normal mode. Post the results back here.

Tell me if you find difficulties along the line.

Hi emeraldnzl,

It did help.

Here's the ComboFix.txt:

ComboFix 09-08-31.03 - Administrator 03/09/2009 20:46.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.478.195 [GMT 8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-08-23 10:02 . 2009-09-03 12:12 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-23 10:02 . 2009-08-23 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-23 10:02 . 2009-08-23 10:02 65024 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-08-23 10:02 . 2009-08-23 10:02 18944 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-08-23 10:02 . 2009-08-23 10:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-23 10:02 . 2009-08-23 10:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 14:31 . 2007-02-02 01:41 17063604 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2009-09-02 13:32 . 2009-05-24 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-09-02 12:37 . 2006-05-23 15:50 35072 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 05:02 . 2007-04-09 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-08-31 05:02 . 2006-04-28 15:51 -------- d-----w- c:\program files\AutoCAD 2004
2009-08-31 04:23 . 2009-07-30 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 10:02 . 2007-05-15 13:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-03 05:36 . 2009-07-30 14:26 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 05:36 . 2009-07-30 14:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 14:26 . 2009-07-30 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-30 14:26 . 2009-07-30 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-30 14:25 . 2008-05-10 17:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-30 14:25 . 2008-05-10 16:54 -------- d-----w- c:\program files\SpywareBlaster
2009-07-30 14:24 . 2009-07-30 14:24 -------- d-----w- c:\program files\CCleaner
2009-07-10 09:53 . 2007-10-11 11:26 278 -c--a-w- c:\windows\popcinfo.dat
2009-07-07 09:26 . 2009-07-07 09:26 -------- d-----w- c:\program files\Autodesk
2009-07-07 05:00 . 2009-07-07 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-06 21:55 . 2007-09-23 14:45 10074144 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2004-03-25 23:07 52224 026141A24DEB21BB63B0771B90A28D37 c:\windows\RegisteredPackages\{5A95C02F-84F7-4B9F-93C7-66FBDCEFE91C}\MsPMSNSv.dll
[7] 2004-08-03 16:56 52224 C086483E3DBA8C1C0A687EC8D5B3D4C1 c:\windows\RegisteredPackages\{5A95C02F-84F7-4B9F-93C7-66FBDCEFE91C}$BACKUP$\System\MsPMSNSv.dll
[-] 2004-10-11 03:20 25088 C9BF4BC4D24A3A25E4A4894499FD9A6A c:\windows\system32\mspmsnsv.dll
[-] 2004-10-11 03:20 25088 C9BF4BC4D24A3A25E4A4894499FD9A6A c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-11 132496]
"Sony Ericsson PC Suite"="d:\sonyericsson\Mobile\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-24 1947928]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-28 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-10-14 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2007-3-24 929861]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2004-1-1 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-24 13:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza-TCP
"6346:UDP"= 6346:UDP:Shareaza-UDP
"14710:TCP"= 14710:TCP:BitComet 14710 TCP
"14710:UDP"= 14710:UDP:BitComet 14710 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/05/2009 21:30 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/05/2009 21:30 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/05/2009 21:30 298776]
R2 BjsPort;Canon BJ Scanner Port Driver;c:\windows\system32\drivers\BjsPort.sys [09/10/2005 16:14 14656]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S2 Parclass;Parclass;c:\windows\system32\Drivers\Parclass.sys --> c:\windows\system32\Drivers\Parclass.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 20:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-963894560-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\ashampoo\DRIVER2\MAPPINGS\IOMEGA ZIPCD 12×10×32**]
"load1"="PLEXTOR_PX_W1210S"
"Caps_WriteMaxSpeed"="12"

[HKEY_LOCAL_MACHINE\software\ashampoo\DRIVER2\MAPPINGS\IOMEGA ZIPCD 12×4×32**]
"load1"="SANYOR800"
"Caps_WriteMaxSpeed"="12"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-09-03 20:52
ComboFix-quarantined-files.txt 2009-09-03 12:52
ComboFix2.txt 2009-09-02 14:18

Pre-Run: 13,598,035,968 bytes free
Post-Run: 13,572,079,616 bytes free

140

Hello YellowRubberDuck,

Do you have your Windows Installation Disk? Tell me at your next post.

Now

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note: I you run into difficulty with the Java update just move on to the next action. Tell me when you come back and we will find an alternative.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\RegisteredPackages\{5A95C02F-84F7-4B9F-93C7-66FBDCEFE91C}$BACKUP$\System\MsPMSNSv.dll | c:\windows\RegisteredPackages\{5A95C02F-84F7-4B9F-93C7-66FBDCEFE91C}\MsPMSNSv.dll

SysRst::

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Hi emeraldnzl,

No, I do not have my Windows Installation Disk.

I'm going to transport my computer to my friend's house to get my computer online to update Java and install Recovery Console.

I will post ComboFix log once I updated everything.

Thanks again.