nachobear

I have an issue with a virus/malware on the phone. After Wiping the Cache and doing a factory reset the pest keeps reinstalling apps whenever there was an active internet connection. Scanned the phone with Avast, MalwareFox, Kaspersky and Malwarebytes and nothing was found.

by putting a new os on there would delete my files and history? wouldn't a reball be better though?

wow more expensive to get another motherboard then, because it needs another OS in your pc exp, is it possible to take out my old gpu and put an upgrade it if the gpu is bad? also thought about the putting in an external video card but that doesn't make sense since you have to bring the external card around so the laptop is not portable

i wanted to possibly get another motherboard but there was talk about getting intel gpu card, I thought the OS info would be left in the harddrive not the motherboard, guess i was wrong

theres also the option to drill a hole and put a bolt in the video card http://en.kioskea.net/forum/affich-122389-my-hp-tx2000-will-not-turn-back-on this link talks about lead and non lead stuff http://www.badcaps.net/forum/showthread.php?t=18016 http://www.computerrepairtips.net/how-to-reflow-a-laptop-motherboard/ there is a talk about lead free and leaded

don't worry cwb I know you mean well ok sounds weird and silly but I still can't decide what to do, I thought about the switching out motherboard thing david but I still think it will give me the problem again that's why these links got me the idea to switch to better motherboard or perhaps do a reball or reflow http://forum.tabletpcreview.com/threads/tx2000-cpu-motherboard-upgrade.20031/ http://forum.notebookreview.com/dell-xps-studio-xps/453038-permanent-fix-m1330-gpu-issues.html

what do you mean by not the card? I am guessing you are warning me on if I do this reflow myself

sorry been busy, I wanted to do the motherboard switch before but still I don't want to really take the risk on the solder melting again if thats the case for the laptop, though whats been scaring me was on how to take it apart

I found that vid today as well, but yes I think that link should be on this thread, but the thing is I am unsure about installing the gpu with reflow or getting another motherboard, because this is a link that got me worried about the video card http://www.badcaps.net/forum/showthread.php?t=18016 thank you David

the notebook is a tx2000 hp and that, I am guessing the video module is the graphics card? I didn't understand your 2nd to last post which is the 6th post, but at least you admit to the mistake, like the one I did

what is IC? I wish of buying another machine but this machine is important because it has my files, bookmarks and additional user accounts what I want to know mainly is, are there permanent fixes and how to tell if its the videocard or the motherboard or something else

this is what I think if this is a official flyff download/file that this is a false detection and that malwarebyte should fix this result

the laptop has power but nothing appears on the screen, I switched the memory sticks around so its not them and I tried to hook the laptop to an external monitor and nothing appears so I want to see what is going on and if i need to do a reflow or a reball is there a permanent way to do it?

I just wanted to post an update that the browser seems to normal as I am new to the forum here. I also to get help on bleepingcomputer and wanted to thank you all for your help. Here is the link on what steps I went through to get rid of the hijacking. http://www.bleepingcomputer.com/forums/t/523685/hijackers-and-spyware-safeweballiancecom-mrpccleanercom-searchdeals-by-inkjet/

the search donkey is a browser extensions

There are problems with the computer I have there are two hijackers, safewebballiance.com and mrpccleaner.com and when I search something on google I get a big ad over the search results saying SEARCHDEALS BY INKJET also I know there is something on the computer called search donkey that needs to be removed

How do you close it?

the problems are all gone, there was even the problem that my internet explorer favorites was unusable because i did a fix last time with the redirects I got great help from your many fans from the site forums.majorgeeks.com i want to thank you for staying up and helping not only me but others with their problems thank you also I want to give a big thanks for having a program that gotten rid of Security Tool my mistake was not deleting the virus, i wanted to quarantine it also my hitman pro program even saw there was a virus deep within the MBR i think the file was like in C\:$MBR something like that will there be a way for scanners to delete and fix these problems in the future? weird thing was, couple days back when i had the problem i scanned the computer with something then my anti virus from norton would pop up since it had the auto protect enable telling me that the files from Qoobox (combofix related folder) and a file from the system volume folder was activated and norton said it removed it paritally so long antivirus gt (antivirus 7) anyways take care

morning and I got the logs 2010/09/09 10:19:33.0171 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/09 10:19:33.0171 ================================================================================ 2010/09/09 10:19:33.0171 SystemInfo: 2010/09/09 10:19:33.0171 2010/09/09 10:19:33.0171 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/09 10:19:33.0171 Product type: Workstation 2010/09/09 10:19:33.0171 ComputerName: USER-35CB1146C3 2010/09/09 10:19:33.0171 UserName: haaslathe 2010/09/09 10:19:33.0171 Windows directory: C:\WINDOWS 2010/09/09 10:19:33.0171 System windows directory: C:\WINDOWS 2010/09/09 10:19:33.0171 Processor architecture: Intel x86 2010/09/09 10:19:33.0171 Number of processors: 4 2010/09/09 10:19:33.0171 Page size: 0x1000 2010/09/09 10:19:33.0171 Boot type: Normal boot 2010/09/09 10:19:33.0171 ================================================================================ 2010/09/09 10:19:33.0359 Initialize success 2010/09/09 10:19:37.0031 ================================================================================ 2010/09/09 10:19:37.0031 Scan started 2010/09/09 10:19:37.0031 Mode: Manual; 2010/09/09 10:19:37.0031 ================================================================================ 2010/09/09 10:19:38.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/09 10:19:38.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/09 10:19:39.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/09 10:19:39.0234 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/09/09 10:19:39.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/09 10:19:40.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/09 10:19:40.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/09 10:19:40.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/09 10:19:40.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/09 10:19:41.0265 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/09/09 10:19:41.0328 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/09/09 10:19:41.0390 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/09/09 10:19:41.0437 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS 2010/09/09 10:19:41.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/09 10:19:41.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/09 10:19:41.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/09 10:19:41.0734 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/09 10:19:41.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/09 10:19:41.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/09 10:19:41.0968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/09 10:19:42.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/09 10:19:42.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/09 10:19:42.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/09 10:19:42.0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/09 10:19:42.0265 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/09/09 10:19:42.0312 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/09/09 10:19:42.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/09 10:19:42.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/09 10:19:42.0437 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/09 10:19:42.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/09 10:19:42.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/09 10:19:42.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/09 10:19:42.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/09 10:19:42.0843 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/09 10:19:42.0875 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS 2010/09/09 10:19:42.0921 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/09/09 10:19:43.0000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/09 10:19:43.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/09 10:19:43.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/09 10:19:43.0312 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/09/09 10:19:43.0531 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/09 10:19:43.0859 IntcAzAudAddService (927cf2be4e57ff55e23759ac0ca57aa3) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/09/09 10:19:43.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/09 10:19:43.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/09 10:19:44.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/09 10:19:44.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/09 10:19:44.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/09 10:19:44.0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/09 10:19:44.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/09 10:19:44.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/09 10:19:44.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/09 10:19:44.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/09 10:19:44.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/09 10:19:44.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/09 10:19:44.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/09 10:19:44.0453 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/09 10:19:44.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/09 10:19:44.0515 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/09 10:19:44.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/09 10:19:44.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/09 10:19:44.0750 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/09 10:19:44.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/09 10:19:44.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/09 10:19:44.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/09 10:19:44.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/09 10:19:44.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/09 10:19:45.0000 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\naveng.sys 2010/09/09 10:19:45.0218 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\navex15.sys 2010/09/09 10:19:45.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/09 10:19:45.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/09 10:19:45.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/09 10:19:45.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/09 10:19:45.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/09 10:19:45.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/09 10:19:45.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/09 10:19:45.0500 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys 2010/09/09 10:19:45.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/09 10:19:45.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/09 10:19:45.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/09 10:19:45.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/09 10:19:45.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/09 10:19:45.0671 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/09/09 10:19:45.0687 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/09/09 10:19:45.0703 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/09/09 10:19:45.0734 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 2010/09/09 10:19:45.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/09 10:19:45.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/09 10:19:45.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/09 10:19:45.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/09 10:19:45.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/09 10:19:45.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/09 10:19:46.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/09 10:19:46.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/09 10:19:46.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/09 10:19:46.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/09 10:19:46.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/09 10:19:46.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/09 10:19:46.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/09 10:19:46.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/09 10:19:46.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/09 10:19:46.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/09/09 10:19:46.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/09 10:19:46.0375 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/09 10:19:46.0421 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys 2010/09/09 10:19:46.0453 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2010/09/09 10:19:46.0625 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/09/09 10:19:46.0671 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/09/09 10:19:46.0750 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys 2010/09/09 10:19:46.0765 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 2010/09/09 10:19:46.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/09 10:19:46.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/09 10:19:46.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/09 10:19:46.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/09 10:19:46.0968 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/09/09 10:19:47.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/09 10:19:47.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/09 10:19:47.0093 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/09 10:19:47.0109 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/09/09 10:19:47.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/09 10:19:47.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/09 10:19:47.0187 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS 2010/09/09 10:19:47.0218 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2010/09/09 10:19:47.0296 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2010/09/09 10:19:47.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/09 10:19:47.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/09 10:19:47.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/09 10:19:47.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/09 10:19:47.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/09 10:19:47.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/09 10:19:47.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/09 10:19:47.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/09 10:19:47.0609 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/09 10:19:47.0609 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/09 10:19:47.0640 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 2010/09/09 10:19:47.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/09 10:19:47.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/09 10:19:47.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/09 10:19:47.0781 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/09/09 10:19:47.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/09 10:19:48.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/09/09 10:19:48.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/09 10:19:48.0187 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/09 10:19:48.0250 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/09/09 10:19:48.0250 ================================================================================ 2010/09/09 10:19:48.0250 Scan finished 2010/09/09 10:19:48.0250 ================================================================================ 2010/09/09 10:19:48.0250 Detected object count: 1 2010/09/09 10:20:02.0750 \HardDisk1\MBR - will be cured after reboot 2010/09/09 10:20:02.0750 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure 2010/09/09 10:25:35.0703 Deinitialize success ________________________________________________________________________________ __________________- ComboFix 10-09-08.01 - haaslathe 09/09/2010 10:33:23.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2626 [GMT -7:00] Running from: c:\documents and settings\haaslathe\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\haaslathe\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 ))))))))))))))))))))))))))))))) . 2010-09-08 03:19 . 2010-09-08 04:36 -------- d-----w- c:\windows\system32\NtmsData 2010-09-08 03:19 . 2010-09-08 03:19 -------- d-----w- c:\documents and settings\haaslathe\Application Data\Avira 2010-09-08 03:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-08 03:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-09-08 03:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-09-08 03:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\program files\Avira 2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-09-07 08:41 . 2010-09-07 08:41 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-09-07 08:27 . 2010-09-07 08:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo 2010-09-07 01:05 . 2010-09-07 01:05 -------- d-----w- C:\TDSSKiller_Quarantine 2010-09-06 22:43 . 2010-09-07 01:13 126973 ----a-w- C:\MGlogs.zip 2010-09-06 22:43 . 2010-09-07 01:13 -------- d-----w- C:\MGtools 2010-09-06 03:02 . 2010-09-06 21:05 63488 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-09 17:27 . 2008-09-24 07:06 -------- d-----w- c:\program files\Symantec AntiVirus 2010-09-07 08:04 . 2010-06-13 20:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-09-07 07:50 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-06 21:15 . 2010-06-16 00:06 -------- d-----w- c:\program files\CCleaner 2010-09-06 21:07 . 2008-11-01 21:18 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-09-06 21:05 . 2010-04-03 23:41 117760 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-06 04:07 . 2010-04-03 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-08-18 01:13 . 2009-08-08 17:51 -------- d-----w- c:\program files\McAfee 2010-07-29 01:03 . 2010-07-29 01:01 -------- d-----w- c:\program files\Google 2010-06-30 12:31 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:10 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:10 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-06-23 13:44 . 2007-01-16 20:07 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2007-01-16 20:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-03 23:56 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-09-24 21:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2007-01-16 20:06 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-09_04.51.12 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-09 17:26 . 2010-09-09 17:26 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-03-20 5248312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\User\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/7/2010 8:11 PM 135336] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/8/2009 10:52 AM 88176] R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [9/27/2008 2:50 PM 53307] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 11:09 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2010 6:01 PM 136176] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 . Contents of the 'Scheduled Tasks' folder 2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01] 2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01] 2010-09-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-06-17 05:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\ FF - prefs.js: browser.search.selectedengine - Secure Search FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\haaslathe\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-09 10:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(1252) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-09-09 10:38:56 ComboFix-quarantined-files.txt 2010-09-09 17:38 Pre-Run: 479,291,756,544 bytes free Post-Run: 479,279,624,192 bytes free - - End Of File - - D5B63E58B4755119016FA88AE24B6F61

good thing i found out my phone can hold files here is the log ComboFix 10-09-08.01 - haaslathe 09/08/2010 21:44:59.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2722 [GMT -7:00] Running from: c:\documents and settings\haaslathe\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 ))))))))))))))))))))))))))))))) . 2010-09-08 03:19 . 2010-09-08 04:36 -------- d-----w- c:\windows\system32\NtmsData 2010-09-08 03:19 . 2010-09-08 03:19 -------- d-----w- c:\documents and settings\haaslathe\Application Data\Avira 2010-09-08 03:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-08 03:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-09-08 03:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-09-08 03:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\program files\Avira 2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-09-07 08:41 . 2010-09-07 08:41 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-09-07 08:27 . 2010-09-07 08:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo 2010-09-07 01:05 . 2010-09-07 01:05 -------- d-----w- C:\TDSSKiller_Quarantine 2010-09-06 22:43 . 2010-09-07 01:13 126973 ----a-w- C:\MGlogs.zip 2010-09-06 22:43 . 2010-09-07 01:13 -------- d-----w- C:\MGtools 2010-09-06 03:02 . 2010-09-06 21:05 63488 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-09 04:44 . 2008-09-24 07:06 -------- d-----w- c:\program files\Symantec AntiVirus 2010-09-07 08:04 . 2010-06-13 20:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-09-07 07:50 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-06 21:15 . 2010-06-16 00:06 -------- d-----w- c:\program files\CCleaner 2010-09-06 21:07 . 2008-11-01 21:18 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-09-06 21:05 . 2010-04-03 23:41 117760 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-06 04:07 . 2010-04-03 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-08-18 01:13 . 2009-08-08 17:51 -------- d-----w- c:\program files\McAfee 2010-07-29 01:03 . 2010-07-29 01:01 -------- d-----w- c:\program files\Google 2010-06-30 12:31 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:10 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:10 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-06-23 13:44 . 2007-01-16 20:07 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2007-01-16 20:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-03 23:56 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-09-24 21:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2007-01-16 20:06 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-03-20 5248312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\User\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/7/2010 8:11 PM 135336] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/8/2009 10:52 AM 88176] R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [9/27/2008 2:50 PM 53307] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 11:09 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2010 6:01 PM 136176] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 . Contents of the 'Scheduled Tasks' folder 2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01] 2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01] 2010-09-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-06-17 05:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyServer = http=127.0.0.1:1041 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\ FF - prefs.js: browser.search.selectedengine - Secure Search FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 1041 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\haaslathe\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-08 21:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89FEBACE]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28 \Driver\ACPI -> ACPI.sys @ 0xf75aecb8 \Driver\atapi -> atapi.sys @ 0xf74a0852 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a ParseProcedure -> ntoskrnl.exe @ 0x80578f7a NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7426bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7415a0d SendHandler -> NDIS.sys @ 0xf7429b40 user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2010-09-08 21:53:43 ComboFix-quarantined-files.txt 2010-09-09 04:53 Pre-Run: 479,298,445,312 bytes free Post-Run: 479,292,583,936 bytes free - - End Of File - - CF8D3C97F5A5168B37C92302C67B4562

i got combocfix and used it a couple days ago, what should i do

hi i will post the OTL log but i have used combofix before in June it helped me with the redirecting problem but for this month after running combofix it didn't help me, but it did tell me that I have a rootkit, i still have the combo fix logs if you need them OTL logfile created on: 9/8/2010 9:33:30 AM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\haaslathe\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 446.41 Gb Free Space | 95.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-35CB1146C3 Current User Name: haaslathe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/08 09:32:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006/04/21 12:26:38 | 005,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2005/07/04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe ========== Modules (SafeList) ========== MOD - [2010/09/08 09:32:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe WUSB54GSC.exe -- (WUSB54GSCSVC) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HAASLA~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2010/07/15 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100906.003\NAVEX15.SYS -- (NAVEX15) DRV - [2010/07/15 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100906.003\NAVENG.SYS -- (NAVENG) DRV - [2010/06/17 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/05/28 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/09/11 10:52:48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008/08/27 17:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/08/07 19:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007/01/16 13:05:46 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY) DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5) DRV - [2001/08/23 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001/08/23 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3264 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3264 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1041 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.selectedengine: "Secure Search" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 1041 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/17 18:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 13:38:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 19:46:39 | 000,000,000 | ---D | M] [2010/05/29 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\Mozilla\Extensions [2010/05/29 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\extensions [2010/05/29 21:10:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/05 15:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/11 17:20:45 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml O1 HOSTS File: ([2010/06/15 22:48:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-776561741-117609710-725345543-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-776561741-117609710-725345543-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1222242604891 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1222242599875 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\haaslathe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\haaslathe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/24 14:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/08 09:32:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe [2010/09/07 20:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/09/07 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Application Data\Avira [2010/09/07 20:11:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010/09/07 20:11:08 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/09/07 20:11:08 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/09/07 20:11:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010/09/07 20:11:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010/09/07 20:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/09/07 20:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2010/09/07 01:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo [2010/09/06 18:05:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2010/09/06 18:00:02 | 001,286,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\haaslathe\Desktop\tdsskiller.exe [2010/09/06 15:43:44 | 000,000,000 | ---D | C] -- C:\MGtools [2010/09/06 15:35:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/09/06 15:35:18 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\haaslathe\Desktop\RootRepeal.exe [2010/09/06 14:21:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\haaslathe\Recent [2010/09/06 10:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Desktop\new log [2010/09/06 10:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Desktop\old logs [2010/07/28 18:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/07/28 18:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\My Documents\Downloads [2010/07/28 18:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\Temp [2010/07/28 18:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/07/28 18:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010/07/28 18:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\Google [2010/07/15 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\Help [2010/07/15 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Application Data\Help [2010/06/18 23:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\ApplicationHistory [2010/06/17 09:56:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474 [2010/06/15 22:35:34 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/06/15 22:30:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/06/15 22:30:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/06/15 22:30:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/06/15 22:30:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/06/15 22:30:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/06/15 22:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/15 17:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/06/15 17:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\My Documents\my doc [2010/06/15 17:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/06/13 23:02:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010/06/13 13:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2010/06/13 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2010/06/13 09:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Application Data\WinPatrol [2010/06/13 09:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios [2010/06/11 22:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/06/11 18:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\WMTools Downloaded Files [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/08 09:32:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe [2010/09/08 09:30:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010/09/08 09:30:43 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/09/08 09:30:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/08 09:30:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/07 22:52:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\8vuwq3e1.exe [2010/09/07 22:49:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\dds.scr [2010/09/07 21:39:42 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\haaslathe\NTUSER.DAT [2010/09/07 21:39:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\haaslathe\ntuser.ini [2010/09/07 21:06:03 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/09/07 20:58:15 | 005,363,268 | -H-- | M] () -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\IconCache.db [2010/09/07 20:48:41 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\program logs.rtf [2010/09/07 20:09:57 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\avira_antivir_personal_en.exe [2010/09/07 01:31:00 | 004,840,017 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\snapshot at fake error.rtf [2010/09/07 01:04:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010/09/06 18:13:09 | 000,126,973 | ---- | M] () -- C:\MGlogs.zip [2010/09/06 18:12:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/09/06 18:09:08 | 040,448,849 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\instruc.rtf [2010/09/06 18:01:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\MBRCheck.exe [2010/09/06 18:00:19 | 001,286,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\haaslathe\Desktop\tdsskiller.exe [2010/09/06 15:32:32 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2010/09/06 14:23:35 | 003,839,253 | R--- | M] () -- C:\Documents and Settings\haaslathe\Desktop\ComboFix.exe [2010/09/06 14:07:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/09/06 13:55:04 | 009,679,890 | ---- | M] () -- C:\Documents and Settings\haaslathe\My Documents\address.rtf [2010/09/05 22:55:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\settings.dat [2010/09/05 21:08:07 | 018,752,013 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\root repeal steps and driver folder size pic.rtf [2010/09/05 21:07:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/09/05 20:56:50 | 369,641,877 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\system32.rar [2010/08/20 16:06:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/08/13 08:34:22 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/13 00:17:09 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/13 00:17:09 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/13 00:17:09 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/07/28 18:03:37 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\haaslathe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/06/18 20:46:24 | 074,337,682 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\n a v.rtf [2010/06/15 22:48:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/06/15 22:35:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/06/15 22:14:38 | 000,023,204 | ---- | M] () -- C:\Documents and Settings\haaslathe\My Documents\comb.rtf [2010/06/15 17:16:08 | 019,359,624 | ---- | M] () -- C:\Documents and Settings\haaslathe\My Documents\doc 3.rtf [2010/06/15 17:06:51 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\CCleaner.lnk [2010/06/13 23:02:17 | 051,731,232 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\setup_av_free.exe [2010/06/13 22:45:54 | 000,025,574 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\nav.rtf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/07 22:52:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\8vuwq3e1.exe [2010/09/07 22:49:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\dds.scr [2010/09/07 20:51:32 | 018,752,013 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\root repeal steps and driver folder size pic.rtf [2010/09/07 20:48:41 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\program logs.rtf [2010/09/07 20:00:56 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\avira_antivir_personal_en.exe [2010/09/07 01:31:00 | 004,840,017 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\snapshot at fake error.rtf [2010/09/06 18:01:14 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\MBRCheck.exe [2010/09/06 15:43:45 | 000,126,973 | ---- | C] () -- C:\MGlogs.zip [2010/09/06 14:22:23 | 003,839,253 | R--- | C] () -- C:\Documents and Settings\haaslathe\Desktop\ComboFix.exe [2010/09/06 14:07:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/09/06 13:55:04 | 009,679,890 | ---- | C] () -- C:\Documents and Settings\haaslathe\My Documents\address.rtf [2010/09/05 22:55:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\settings.dat [2010/09/05 20:53:31 | 369,641,877 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\system32.rar [2010/07/28 18:03:37 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/07/28 18:03:37 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\haaslathe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/07/28 18:01:44 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/07/28 18:01:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/17 09:56:10 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job [2010/06/15 22:35:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/06/15 22:35:35 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/06/15 22:30:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/06/15 22:30:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/06/15 22:30:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/06/15 22:30:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/06/15 22:30:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/06/15 22:14:38 | 000,023,204 | ---- | C] () -- C:\Documents and Settings\haaslathe\My Documents\comb.rtf [2010/06/15 17:19:29 | 040,448,849 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\instruc.rtf [2010/06/15 17:16:08 | 019,359,624 | ---- | C] () -- C:\Documents and Settings\haaslathe\My Documents\doc 3.rtf [2010/06/15 17:06:51 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\CCleaner.lnk [2010/06/14 23:18:04 | 074,337,682 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\n a v.rtf [2010/06/13 22:53:08 | 051,731,232 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\setup_av_free.exe [2010/06/13 22:45:53 | 000,025,574 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\nav.rtf [2010/06/13 13:09:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010/01/31 22:40:35 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\FASTWiz.log [2009/11/27 09:06:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/09/27 14:50:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2008/09/27 14:50:23 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2008/09/24 17:51:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2008/09/24 00:02:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008/09/24 00:02:49 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/09/24 00:02:49 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2008/09/24 00:02:49 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/09/24 00:02:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/09/24 00:02:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/09/24 00:02:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008/09/23 23:56:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/09/23 23:44:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll ========== LOP Check ========== [2008/09/29 15:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2010/09/05 21:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/06/13 13:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2009/04/18 09:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2010/04/10 17:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\AVP 2009 [2010/04/24 18:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\LimeWire [2010/06/13 09:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\WinPatrol [2009/08/08 10:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2008/09/29 15:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\acccore [2008/09/29 19:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Aim [2008/09/23 23:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech [2010/01/31 22:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire [2010/09/08 09:30:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report >