-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by nachobear
-
-
by putting a new os on there would delete my files and history? wouldn't a reball be better though?
-
wow more expensive to get another motherboard then, because it needs another OS
in your pc exp, is it possible to take out my old gpu and put an upgrade it if the gpu is bad?
also thought about the putting in an external video card but that doesn't make sense since you have to bring the external card around so the laptop is not portable
-
i wanted to possibly get another motherboard but there was talk about getting intel gpu card,
I thought the OS info would be left in the harddrive not the motherboard, guess i was wrong
-
theres also the option to drill a hole and put a bolt in the video card http://en.kioskea.net/forum/affich-122389-my-hp-tx2000-will-not-turn-back-on
this link talks about lead and non lead stuff http://www.badcaps.net/forum/showthread.php?t=18016
http://www.computerrepairtips.net/how-to-reflow-a-laptop-motherboard/ there is a talk about lead free and leaded
-
don't worry cwb I know you mean well
ok sounds weird and silly but I still can't decide what to do, I thought about the switching out motherboard thing david but I still think it will give me the problem again
that's why these links got me the idea to switch to better motherboard or perhaps do a reball or reflow
http://forum.tabletpcreview.com/threads/tx2000-cpu-motherboard-upgrade.20031/
http://forum.notebookreview.com/dell-xps-studio-xps/453038-permanent-fix-m1330-gpu-issues.html
-
i have been very busy the last two days ... uuuggghhh .
"so there is no way to test if the motherboard is bad or if its the gpu or something else?"
i explained in my post how to check the GPU IC ... by applying pressure to it while the machine is tore apart and "hooked together" to make it run .
this is difficult as one needs to make sure that the CPU cooler is still attached/working .
the major problem with the video/graphics on these units was the failure of the GPU IC (it is not a card) .
it ran so hot that many of them would become "un-soldered" (develop bad connections) ... this is why pressing on the IC itself might restore the video .
in other cases , the GPU became so hot that it was ruined/destroyed ... there are no external indications of this , they look perfectly normal .
i have seen a video on youtube of a guy using a heat gun and an aluminum foil shield ...
here is a link that explains the procedure and shows what the GPU actually is :
http://www.laptoprepair101.com/fix-laptop-motherboard-with-failed-nvidia-graphics-chip/
while this can work ... it can cause more problems , as have been outlined above .
the video link that was posted above (joenathan ... i thought it was spelled "jonhathan" ?) has a few errors in it .
for example , when he places the motherboard across the laptop bottom half to unscrew the heat pipe/sink and flexes the board three things can happen :
traces/components can "crack" (the motherboard is multi-layered)
his screwdriver has a good chance of slipping and causing damage
when the motherboard flexes or slides around , the fine copper traces on the back can be gouged/cut and components broken ... even though there is a protective film on the back (solder mask) .
this is what i meant by "having the skill set" ...
if you do not know the basics and how to prevent damaging a piece of equipment , your chances of turning a repair into a disaster are very high .
it is videos like these that give rookies a false sense of security and success .
what do you mean by not the card?
I am guessing you are warning me on if I do this reflow myself
-
I wouldn't worry. I looked at that referenced thread. I am writing this on a Dell Latitude D620 notebook that I have had since 2009.
Yes, there was a situation where the secret sauce for Electrolytic Capacitors was stolen. Only the secret sauce turned out to be a failed batch recipe so the one who who sole the recipe created bad Electrolytic Capacitors. As each day, month and year passes that issue become less and less of an issue.
Get the part. Follow the video. Make the repair. Just take your time mentally recording what you did to take it apart so you understand how to put it together. Put all screws in a small pill bottle or some small receptacle so they don't get lost.
sorry been busy, I wanted to do the motherboard switch before but still I don't want to really take the risk on the solder melting again if thats the case for the laptop, though whats been scaring me was on how to take it apart
-
The only way to learn from your mistakes is to admit that one makes mistakes. I make mistakes all the time. I am doing my damn best to learn from them.
You are in luck ! http://www.youtube.com/watch?v=bmsHH4a4D7Q
I found that vid today as well, but yes I think that link should be on this thread, but the thing is I am unsure about installing the gpu with reflow or getting another motherboard, because this is a link that got me worried about the video card http://www.badcaps.net/forum/showthread.php?t=18016
thank you David
-
That's funny.
You throw out "reflow" and "reball" expecting all your readers to understand the "jargon" or terminology.
IC stands for Integrated Circuit.
This is why "best practice" is to assume the audience does NOT understand what you are talking about and you layout everything in text. There you would define terminology or industry jargon that is to be used in the document.
For example: If I was talking about Internet Worms and used email as an example of the Internet method of autonomous replication, I will mention the use of the Simple Mail Transport Protocol (SMTP).
I can later use the acronym SMTP later in the document because I have already defined it.
You never defined what this notebook is and maybe the video module can be simply replaced. Some notebook vendors give video choices for some of their systems. When they do, the video module is replaceable.
-
PS: I too make this mistake and sometimes I assume all of the audience has knowledge of the subject matter when not all of them do.
the notebook is a tx2000 hp and that, I am guessing the video module is the graphics card?
I didn't understand your 2nd to last post which is the 6th post, but at least you admit to the mistake, like the one I did
-
i thought that model sounded familiar ...
there have been problems with the/a couple of models of this particular family of GPUs used in different laptops (makes and models) .
here is just one *discussion* :
http://www.nvidiadefect.com/the-death-of-my-hp-tx2000-t2576.html
a google search using "tx2000 graphics processor" or similar terms using "dead" , "no video" (etc) will produce many results .
i do not know the current status of any legal actions/remedies ... do some checking .
again , i am not saying it is impossible to reflow or remove and replace the gpu with a new IC and then reflow solder it to the MB ... however ...
i have been at the electronic repair gig for about 40 years , and i have reflowed many ICs and completely replaced IC packages with 200+ pins (hand soldering) .
i have some "specialized equipment" that one simply needs in order to help assure a "working outcome" .
all the equipment in the world will not help if one does not have the skill sets in place to start with .
(give a rookie a box of dynamite and a fist-full of crimp style blasting caps and the results tend to be a wee bit on the disastrous side)
you might try looking for someone to do the job for you .
the laptop will have to be stripped down and put back together ... the job is relatively labor intensive .
you will have to weigh carefully whether or not you want to try a repair or invest that money you would have spent in a new machine .
what is IC?
I wish of buying another machine but this machine is important because it has my files, bookmarks and additional user accounts
what I want to know mainly is, are there permanent fixes and how to tell if its the videocard or the motherboard or something else
-
yeppers ... you can try to reflow the solder on the graphics processor ... this is not a task for the uninitiated .
in and of itself , reflow soldering is a *permanent fix* .
if you mean to test the GPU by applying pressure and see if the video returns then you will have to tear the laptop down and dummy everything up ...
again , this is not an easy task .
reflow/reballing is a touchy process ... if you do not have a temperature limited heat gun with a tight pattern , you can do much damage to the MB .
once the solder is up to temperature , applying pressure and keeping the GPU in alignment is crucial .
if anything slips , full removal of the GPU , cleanup and alignment/soldering is the only fix .
the alignment is critical ... if you are off by .01 inches ... forget it .
i have seen a few of those reflow/reball videos on youtube ... many of these skip over the important stuff .
they make it sound easy to do ... this is simply not the case .
what is the make and model of the laptop ?
it is a hp tx2000
so there is no way to test if the motherboard is bad or if its the gpu or something else?
-
I'm sorry but, your post makes no sense.
"reflow" or a "reball" ?
reflow/reball is a process to fix weak solder on a gpu that has been seperated from the motherboard reflow and reball methods are different though
-
this is what I think if this is a official flyff download/file that this is a false detection and that malwarebyte should fix this result
-
the laptop has power but nothing appears on the screen, I switched the memory sticks around so its not them and I tried to hook the laptop to an external monitor and nothing appears so I want to see what is going on and if i need to do a reflow or a reball is there a permanent way to do it?
-
I just wanted to post an update that the browser seems to normal as I am new to the forum here. I also to get help on bleepingcomputer and wanted to thank you all for your help.
Here is the link on what steps I went through to get rid of the hijacking. http://www.bleepingcomputer.com/forums/t/523685/hijackers-and-spyware-safeweballiancecom-mrpccleanercom-searchdeals-by-inkjet/
-
the search donkey is a browser extensions
-
There are problems with the computer I have there are two hijackers, safewebballiance.com and mrpccleaner.com and when I search something on google I get a big ad over the search results saying SEARCHDEALS BY INKJET
also I know there is something on the computer called search donkey that needs to be removed
-
Thank you for letting me know.
In that case I will request this topic to be closed.
How do you close it?
-
Hi, good to hear things are fine now.
An MBR infection is an infection in the Master Boot Record of your harddisk. This is the first sector on a drive. This is no actual folder. MBR infections should be treated with care since not doing so can causing a computer to become unbootable which is not always easily to recover. Therefore I cannot recommend you any "easy fix" would this ever happen again.
Norton simply detected another scanner accessing a bad file in both combofix quarantine and system restore. That is nothing to worry about, merely Norton doing its job.
TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
- False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
- System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or Avira.
ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created. - Push the button.
- Push
sorry for the long wait, i thought about the chances of working on my uncles computer but i don't think its possible since he took it back without me knowing
i just wanted to let you know since your busy and all
still i thank you for your help
stay safe and surf safe
- False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
-
Well done, thats more like it.
How are things running now? What problems do you still have?
the problems are all gone, there was even the problem that my internet explorer favorites was unusable because i did a fix last time with the redirects I got great help from your many fans from the site forums.majorgeeks.com
i want to thank you for staying up and helping not only me but others with their problems thank you
also I want to give a big thanks for having a program that gotten rid of Security Tool
my mistake was not deleting the virus, i wanted to quarantine it
also my hitman pro program even saw there was a virus deep within the MBR i think the file was like in C\:$MBR something like that
will there be a way for scanners to delete and fix these problems in the future?
weird thing was, couple days back when i had the problem i scanned the computer with something then my anti virus from norton would pop up since it had the auto protect enable telling me that the files from Qoobox (combofix related folder) and a file from the system volume folder was activated and norton said it removed it paritally
so long antivirus gt (antivirus 7)
anyways take care
-
Hello again,
Lets first rerun TDSSkiller. I know you did already, but it has been updated; download a new copy and delete any old copy you may still have.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator. - If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
CF-SCRIPT
-------------
We need to execute a CF-script.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:1041
uInternet Settings,ProxyOverride = <local>
Firefox::
FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1041Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
morning and I got the logs
2010/09/09 10:19:33.0171 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/09 10:19:33.0171 ================================================================================
2010/09/09 10:19:33.0171 SystemInfo:
2010/09/09 10:19:33.0171
2010/09/09 10:19:33.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/09 10:19:33.0171 Product type: Workstation
2010/09/09 10:19:33.0171 ComputerName: USER-35CB1146C3
2010/09/09 10:19:33.0171 UserName: haaslathe
2010/09/09 10:19:33.0171 Windows directory: C:\WINDOWS
2010/09/09 10:19:33.0171 System windows directory: C:\WINDOWS
2010/09/09 10:19:33.0171 Processor architecture: Intel x86
2010/09/09 10:19:33.0171 Number of processors: 4
2010/09/09 10:19:33.0171 Page size: 0x1000
2010/09/09 10:19:33.0171 Boot type: Normal boot
2010/09/09 10:19:33.0171 ================================================================================
2010/09/09 10:19:33.0359 Initialize success
2010/09/09 10:19:37.0031 ================================================================================
2010/09/09 10:19:37.0031 Scan started
2010/09/09 10:19:37.0031 Mode: Manual;
2010/09/09 10:19:37.0031 ================================================================================
2010/09/09 10:19:38.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/09 10:19:38.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/09 10:19:39.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/09 10:19:39.0234 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/09 10:19:39.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/09 10:19:40.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/09 10:19:40.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/09 10:19:40.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/09 10:19:40.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/09 10:19:41.0265 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/09 10:19:41.0328 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/09 10:19:41.0390 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/09 10:19:41.0437 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2010/09/09 10:19:41.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/09 10:19:41.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/09 10:19:41.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/09 10:19:41.0734 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/09 10:19:41.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/09 10:19:41.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/09 10:19:41.0968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/09 10:19:42.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/09 10:19:42.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/09 10:19:42.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/09 10:19:42.0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/09 10:19:42.0265 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/09 10:19:42.0312 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/09 10:19:42.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/09 10:19:42.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/09 10:19:42.0437 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/09 10:19:42.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/09 10:19:42.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/09 10:19:42.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/09 10:19:42.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/09 10:19:42.0843 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/09 10:19:42.0875 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2010/09/09 10:19:42.0921 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/09 10:19:43.0000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/09 10:19:43.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/09 10:19:43.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/09 10:19:43.0312 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/09 10:19:43.0531 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/09 10:19:43.0859 IntcAzAudAddService (927cf2be4e57ff55e23759ac0ca57aa3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/09 10:19:43.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/09 10:19:43.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/09 10:19:44.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/09 10:19:44.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/09 10:19:44.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/09 10:19:44.0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/09 10:19:44.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/09 10:19:44.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/09 10:19:44.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/09 10:19:44.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/09 10:19:44.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/09 10:19:44.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/09 10:19:44.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/09 10:19:44.0453 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/09 10:19:44.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/09 10:19:44.0515 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/09 10:19:44.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/09 10:19:44.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/09 10:19:44.0750 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/09 10:19:44.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/09 10:19:44.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/09 10:19:44.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/09 10:19:44.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/09 10:19:44.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/09 10:19:45.0000 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\naveng.sys
2010/09/09 10:19:45.0218 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\navex15.sys
2010/09/09 10:19:45.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/09 10:19:45.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/09 10:19:45.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/09 10:19:45.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/09 10:19:45.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/09 10:19:45.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/09 10:19:45.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/09 10:19:45.0500 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/09/09 10:19:45.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/09 10:19:45.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/09 10:19:45.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/09 10:19:45.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/09 10:19:45.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/09 10:19:45.0671 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/09/09 10:19:45.0687 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/09/09 10:19:45.0703 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/09/09 10:19:45.0734 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/09/09 10:19:45.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/09 10:19:45.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/09 10:19:45.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/09 10:19:45.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/09 10:19:45.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/09 10:19:45.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/09 10:19:46.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/09 10:19:46.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/09 10:19:46.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/09 10:19:46.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/09 10:19:46.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/09 10:19:46.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/09 10:19:46.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/09 10:19:46.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/09 10:19:46.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/09 10:19:46.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/09 10:19:46.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/09 10:19:46.0375 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/09 10:19:46.0421 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/09/09 10:19:46.0453 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/09/09 10:19:46.0625 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/09 10:19:46.0671 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/09 10:19:46.0750 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/09/09 10:19:46.0765 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/09/09 10:19:46.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/09 10:19:46.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/09 10:19:46.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/09 10:19:46.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/09 10:19:46.0968 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/09 10:19:47.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/09 10:19:47.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/09 10:19:47.0093 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/09 10:19:47.0109 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/09 10:19:47.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/09 10:19:47.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/09 10:19:47.0187 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2010/09/09 10:19:47.0218 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/09 10:19:47.0296 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/09 10:19:47.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/09 10:19:47.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/09 10:19:47.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/09 10:19:47.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/09 10:19:47.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/09 10:19:47.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/09 10:19:47.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/09 10:19:47.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/09 10:19:47.0609 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/09 10:19:47.0609 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/09 10:19:47.0640 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/09/09 10:19:47.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/09 10:19:47.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/09 10:19:47.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/09 10:19:47.0781 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/09 10:19:47.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/09 10:19:48.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/09 10:19:48.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/09 10:19:48.0187 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/09 10:19:48.0250 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/09 10:19:48.0250 ================================================================================
2010/09/09 10:19:48.0250 Scan finished
2010/09/09 10:19:48.0250 ================================================================================
2010/09/09 10:19:48.0250 Detected object count: 1
2010/09/09 10:20:02.0750 \HardDisk1\MBR - will be cured after reboot
2010/09/09 10:20:02.0750 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure
2010/09/09 10:25:35.0703 Deinitialize success
________________________________________________________________________________
__________________-
ComboFix 10-09-08.01 - haaslathe 09/09/2010 10:33:23.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2626 [GMT -7:00]
Running from: c:\documents and settings\haaslathe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\haaslathe\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.
2010-09-08 03:19 . 2010-09-08 04:36 -------- d-----w- c:\windows\system32\NtmsData
2010-09-08 03:19 . 2010-09-08 03:19 -------- d-----w- c:\documents and settings\haaslathe\Application Data\Avira
2010-09-08 03:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-08 03:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-08 03:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-08 03:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\program files\Avira
2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-07 08:41 . 2010-09-07 08:41 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-09-07 08:27 . 2010-09-07 08:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-07 01:05 . 2010-09-07 01:05 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-06 22:43 . 2010-09-07 01:13 126973 ----a-w- C:\MGlogs.zip
2010-09-06 22:43 . 2010-09-07 01:13 -------- d-----w- C:\MGtools
2010-09-06 03:02 . 2010-09-06 21:05 63488 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 17:27 . 2008-09-24 07:06 -------- d-----w- c:\program files\Symantec AntiVirus
2010-09-07 08:04 . 2010-06-13 20:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-07 07:50 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-06 21:15 . 2010-06-16 00:06 -------- d-----w- c:\program files\CCleaner
2010-09-06 21:07 . 2008-11-01 21:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-06 21:05 . 2010-04-03 23:41 117760 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-06 04:07 . 2010-04-03 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-18 01:13 . 2009-08-08 17:51 -------- d-----w- c:\program files\McAfee
2010-07-29 01:03 . 2010-07-29 01:01 -------- d-----w- c:\program files\Google
2010-06-30 12:31 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-23 13:44 . 2007-01-16 20:07 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-01-16 20:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 23:56 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-09-24 21:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-01-16 20:06 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-09_04.51.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-09 17:26 . 2010-09-09 17:26 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-03-20 5248312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
c:\documents and settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/7/2010 8:11 PM 135336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/8/2009 10:52 AM 88176]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [9/27/2008 2:50 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 11:09 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2010 6:01 PM 136176]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01]
2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01]
2010-09-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-17 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\
FF - prefs.js: browser.search.selectedengine - Secure Search
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\haaslathe\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 10:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(1252)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-09 10:38:56
ComboFix-quarantined-files.txt 2010-09-09 17:38
Pre-Run: 479,291,756,544 bytes free
Post-Run: 479,279,624,192 bytes free
- - End Of File - - D5B63E58B4755119016FA88AE24B6F61
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
-
Just download a new copy, run it and post me the log.
good thing i found out my phone can hold files
here is the log
ComboFix 10-09-08.01 - haaslathe 09/08/2010 21:44:59.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2722 [GMT -7:00]
Running from: c:\documents and settings\haaslathe\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.
2010-09-08 03:19 . 2010-09-08 04:36 -------- d-----w- c:\windows\system32\NtmsData
2010-09-08 03:19 . 2010-09-08 03:19 -------- d-----w- c:\documents and settings\haaslathe\Application Data\Avira
2010-09-08 03:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-08 03:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-08 03:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-08 03:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\program files\Avira
2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-07 08:41 . 2010-09-07 08:41 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-09-07 08:27 . 2010-09-07 08:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2010-09-07 01:05 . 2010-09-07 01:05 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-06 22:43 . 2010-09-07 01:13 126973 ----a-w- C:\MGlogs.zip
2010-09-06 22:43 . 2010-09-07 01:13 -------- d-----w- C:\MGtools
2010-09-06 03:02 . 2010-09-06 21:05 63488 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 04:44 . 2008-09-24 07:06 -------- d-----w- c:\program files\Symantec AntiVirus
2010-09-07 08:04 . 2010-06-13 20:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-07 07:50 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-06 21:15 . 2010-06-16 00:06 -------- d-----w- c:\program files\CCleaner
2010-09-06 21:07 . 2008-11-01 21:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-06 21:05 . 2010-04-03 23:41 117760 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-06 04:07 . 2010-04-03 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-18 01:13 . 2009-08-08 17:51 -------- d-----w- c:\program files\McAfee
2010-07-29 01:03 . 2010-07-29 01:01 -------- d-----w- c:\program files\Google
2010-06-30 12:31 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-23 13:44 . 2007-01-16 20:07 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-01-16 20:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 23:56 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-09-24 21:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-01-16 20:06 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-03-20 5248312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
c:\documents and settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/7/2010 8:11 PM 135336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/8/2009 10:52 AM 88176]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [9/27/2008 2:50 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 11:09 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2010 6:01 PM 136176]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01]
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01]
2010-09-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-17 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:1041
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\
FF - prefs.js: browser.search.selectedengine - Secure Search
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1041
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\haaslathe\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 21:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89FEBACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7426bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7415a0d
SendHandler -> NDIS.sys @ 0xf7429b40
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-09-08 21:53:43
ComboFix-quarantined-files.txt 2010-09-09 04:53
Pre-Run: 479,298,445,312 bytes free
Post-Run: 479,292,583,936 bytes free
- - End Of File - - CF8D3C97F5A5168B37C92302C67B4562
-
Hi, no need for the old log of combofix, since the rootkit unhooker log shows clearly an active rootkit. Please make sure you delete any old copy of combofix you might still have and download a new one!
i got combocfix and used it a couple days ago, what should i do
-
Hi, you posted extra.txt two times, instead of OTL.txt Please post it in your next post. Unfortunately you have a nasty rootkit on board. Please read the following information before starting the cleanup process.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
hi i will post the OTL log but i have used combofix before in June it helped me with the redirecting problem but for this month after running combofix it didn't help me, but it did tell me that I have a rootkit, i still have the combo fix logs if you need them
OTL logfile created on: 9/8/2010 9:33:30 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\haaslathe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 446.41 Gb Free Space | 95.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-35CB1146C3
Current User Name: haaslathe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/08 09:32:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/04/21 12:26:38 | 005,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/07/04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
========== Modules (SafeList) ==========
MOD - [2010/09/08 09:32:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe WUSB54GSC.exe -- (WUSB54GSCSVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/06/07 12:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HAASLA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100906.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100906.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/09/11 10:52:48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/27 17:22:24 | 004,754,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/07 19:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/01/16 13:05:46 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/23 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3264
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3264
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1041
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedengine: "Secure Search"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1041
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/17 18:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 13:38:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/17 19:46:39 | 000,000,000 | ---D | M]
[2010/05/29 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\Mozilla\Extensions
[2010/05/29 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\extensions
[2010/05/29 21:10:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/05 15:47:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 17:20:45 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/06/15 22:48:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-776561741-117609710-725345543-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-776561741-117609710-725345543-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-117609710-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1222242604891 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1222242599875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\haaslathe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\haaslathe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/24 14:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/08 09:32:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe
[2010/09/07 20:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/07 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Application Data\Avira
[2010/09/07 20:11:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/07 20:11:08 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/07 20:11:08 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/07 20:11:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/07 20:11:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/07 20:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/07 20:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/09/07 01:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Yahoo
[2010/09/06 18:05:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/09/06 18:00:02 | 001,286,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\haaslathe\Desktop\tdsskiller.exe
[2010/09/06 15:43:44 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/09/06 15:35:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/06 15:35:18 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\haaslathe\Desktop\RootRepeal.exe
[2010/09/06 14:21:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\haaslathe\Recent
[2010/09/06 10:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Desktop\new log
[2010/09/06 10:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Desktop\old logs
[2010/07/28 18:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/28 18:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\My Documents\Downloads
[2010/07/28 18:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\Temp
[2010/07/28 18:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/28 18:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/07/28 18:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\Google
[2010/07/15 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\Help
[2010/07/15 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Application Data\Help
[2010/06/18 23:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\ApplicationHistory
[2010/06/17 09:56:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/06/15 22:35:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/15 22:30:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/15 22:30:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/15 22:30:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/15 22:30:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/15 22:30:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/15 22:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/15 17:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/15 17:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\My Documents\my doc
[2010/06/15 17:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/13 23:02:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/13 13:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/13 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/13 09:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Application Data\WinPatrol
[2010/06/13 09:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/06/11 22:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/11 18:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\WMTools Downloaded Files
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/08 09:32:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\haaslathe\Desktop\OTL.exe
[2010/09/08 09:30:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/09/08 09:30:43 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/08 09:30:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 09:30:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 22:52:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\8vuwq3e1.exe
[2010/09/07 22:49:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\dds.scr
[2010/09/07 21:39:42 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\haaslathe\NTUSER.DAT
[2010/09/07 21:39:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\haaslathe\ntuser.ini
[2010/09/07 21:06:03 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/07 20:58:15 | 005,363,268 | -H-- | M] () -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\IconCache.db
[2010/09/07 20:48:41 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\program logs.rtf
[2010/09/07 20:09:57 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\avira_antivir_personal_en.exe
[2010/09/07 01:31:00 | 004,840,017 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\snapshot at fake error.rtf
[2010/09/07 01:04:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/06 18:13:09 | 000,126,973 | ---- | M] () -- C:\MGlogs.zip
[2010/09/06 18:12:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/06 18:09:08 | 040,448,849 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\instruc.rtf
[2010/09/06 18:01:13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\MBRCheck.exe
[2010/09/06 18:00:19 | 001,286,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\haaslathe\Desktop\tdsskiller.exe
[2010/09/06 15:32:32 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/06 14:23:35 | 003,839,253 | R--- | M] () -- C:\Documents and Settings\haaslathe\Desktop\ComboFix.exe
[2010/09/06 14:07:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/06 13:55:04 | 009,679,890 | ---- | M] () -- C:\Documents and Settings\haaslathe\My Documents\address.rtf
[2010/09/05 22:55:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\settings.dat
[2010/09/05 21:08:07 | 018,752,013 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\root repeal steps and driver folder size pic.rtf
[2010/09/05 21:07:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/05 20:56:50 | 369,641,877 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\system32.rar
[2010/08/20 16:06:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/13 08:34:22 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 00:17:09 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 00:17:09 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 00:17:09 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/28 18:03:37 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\haaslathe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/18 20:46:24 | 074,337,682 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\n a v.rtf
[2010/06/15 22:48:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 22:35:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/15 22:14:38 | 000,023,204 | ---- | M] () -- C:\Documents and Settings\haaslathe\My Documents\comb.rtf
[2010/06/15 17:16:08 | 019,359,624 | ---- | M] () -- C:\Documents and Settings\haaslathe\My Documents\doc 3.rtf
[2010/06/15 17:06:51 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\CCleaner.lnk
[2010/06/13 23:02:17 | 051,731,232 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\setup_av_free.exe
[2010/06/13 22:45:54 | 000,025,574 | ---- | M] () -- C:\Documents and Settings\haaslathe\Desktop\nav.rtf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/07 22:52:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\8vuwq3e1.exe
[2010/09/07 22:49:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\dds.scr
[2010/09/07 20:51:32 | 018,752,013 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\root repeal steps and driver folder size pic.rtf
[2010/09/07 20:48:41 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\program logs.rtf
[2010/09/07 20:00:56 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\avira_antivir_personal_en.exe
[2010/09/07 01:31:00 | 004,840,017 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\snapshot at fake error.rtf
[2010/09/06 18:01:14 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\MBRCheck.exe
[2010/09/06 15:43:45 | 000,126,973 | ---- | C] () -- C:\MGlogs.zip
[2010/09/06 14:22:23 | 003,839,253 | R--- | C] () -- C:\Documents and Settings\haaslathe\Desktop\ComboFix.exe
[2010/09/06 14:07:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/06 13:55:04 | 009,679,890 | ---- | C] () -- C:\Documents and Settings\haaslathe\My Documents\address.rtf
[2010/09/05 22:55:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\settings.dat
[2010/09/05 20:53:31 | 369,641,877 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\system32.rar
[2010/07/28 18:03:37 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/28 18:03:37 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\haaslathe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/28 18:01:44 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/28 18:01:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/17 09:56:10 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/15 22:35:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/15 22:35:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/15 22:30:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/15 22:30:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/15 22:30:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/15 22:30:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/15 22:30:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/15 22:14:38 | 000,023,204 | ---- | C] () -- C:\Documents and Settings\haaslathe\My Documents\comb.rtf
[2010/06/15 17:19:29 | 040,448,849 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\instruc.rtf
[2010/06/15 17:16:08 | 019,359,624 | ---- | C] () -- C:\Documents and Settings\haaslathe\My Documents\doc 3.rtf
[2010/06/15 17:06:51 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\CCleaner.lnk
[2010/06/14 23:18:04 | 074,337,682 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\n a v.rtf
[2010/06/13 22:53:08 | 051,731,232 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\setup_av_free.exe
[2010/06/13 22:45:53 | 000,025,574 | ---- | C] () -- C:\Documents and Settings\haaslathe\Desktop\nav.rtf
[2010/06/13 13:09:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/31 22:40:35 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\haaslathe\Local Settings\Application Data\FASTWiz.log
[2009/11/27 09:06:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 14:50:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/09/27 14:50:23 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/09/24 17:51:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/24 00:02:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/24 00:02:49 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/24 00:02:49 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/09/24 00:02:49 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/24 00:02:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/24 00:02:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/24 00:02:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/23 23:56:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/23 23:44:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
========== LOP Check ==========
[2008/09/29 15:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/09/05 21:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/13 13:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/04/18 09:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/04/10 17:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\AVP 2009
[2010/04/24 18:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\LimeWire
[2010/06/13 09:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\haaslathe\Application Data\WinPatrol
[2009/08/08 10:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/09/29 15:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\acccore
[2008/09/29 19:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Aim
[2008/09/23 23:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2010/01/31 22:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2010/09/08 09:30:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
< End of report >
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
almost like xhelper issue
in Mobile Malware Removal Help & Support
Posted
I have an issue with a virus/malware on the phone.
After Wiping the Cache and doing a factory reset the pest keeps reinstalling apps whenever there was an active internet connection.
Scanned the phone with Avast, MalwareFox, Kaspersky and Malwarebytes and nothing was found.