I ran the combo fix and it seemed to work..I tried google and everything...however the redirecting thing popped up randomly today and surprised me..I shut the window asap..but google seems to work fine..my computer might be a little slower..should I delete the combofix now? heres my log >> ComboFix 09-11-05.01 - Adam 11/05/2009 21:33.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -8:00] Running from: c:\documents and settings\Adam\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Adam\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\program files\AdvancedVirusRemover\PAVRM.exe" "c:\windows\system32\AVR09.exe" "c:\windows\system32\winhelper.dll" "c:\windows\system32\winupdate.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Adam\Application Data\Adssite Advanced Toolbar c:\documents and settings\Adam\Application Data\Adssite Advanced Toolbar\advertbuttons.xml c:\documents and settings\Adam\Application Data\Adssite Advanced Toolbar\selected.xml c:\documents and settings\Adam\Application Data\urlredir.cfg c:\program files\Adssite Advanced Toolbar c:\program files\Adssite Advanced Toolbar\buttons.xml c:\program files\Adssite Advanced Toolbar\search.xml c:\program files\Adssite Advanced Toolbar\uninstall.exe c:\program files\Mozilla Firefox\searchplugins\search.xml c:\recycler\S-1-5-21-1960408961-706699826-854245398-500 c:\windows\system32\adssite-remove.exe c:\windows\system32\rightonadz-uninst.exe . ((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))))) . 2009-11-06 04:07 . 2009-11-06 04:07 -------- d-----w- c:\documents and settings\Adam\Local Settings\Application Data\AVG Security Toolbar 2009-11-06 03:13 . 2009-11-06 03:13 -------- d-----w- C:\$AVG 2009-11-06 03:13 . 2009-11-06 03:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-06 03:13 . 2009-11-06 03:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-06 03:13 . 2009-11-06 03:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-06 03:13 . 2009-11-06 03:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-06 03:12 . 2009-11-06 05:21 -------- d-----w- c:\windows\system32\drivers\Avg 2009-11-06 03:12 . 2009-11-06 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-11-06 03:12 . 2009-11-06 03:12 -------- d-----w- c:\program files\AVG 2009-11-06 03:12 . 2009-11-06 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-06 02:25 . 2009-11-06 02:25 -------- d-----w- c:\windows\LastGood 2009-11-06 02:18 . 2009-11-06 02:18 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-06 02:15 . 2009-11-06 02:16 -------- d-----w- c:\program files\Inkscape 2009-11-06 01:15 . 2009-11-06 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-06 01:11 . 2009-11-06 02:16 -------- d-----w- c:\documents and settings\Adam\Application Data\Windows System Defender 2009-11-06 01:00 . 2009-11-06 01:00 -------- d-----w- c:\documents and settings\LocalService\IETldCache 2009-11-04 17:48 . 2009-11-04 17:48 -------- d-----w- c:\documents and settings\Adam\PrivacIE 2009-11-04 17:46 . 2009-11-04 17:46 -------- d-----w- c:\documents and settings\Adam\IETldCache 2009-11-04 17:29 . 2009-11-06 01:06 -------- d-----w- c:\windows\ie8updates 2009-11-04 17:22 . 2009-11-06 02:18 -------- dc----w- c:\windows\ie8 2009-11-01 00:44 . 2009-11-03 01:28 -------- d-----w- c:\documents and settings\Adam\Application Data\MAXON 2009-10-26 03:00 . 2009-10-26 03:00 -------- d-----w- c:\program files\Apple Software Update 2009-10-25 21:41 . 2009-10-25 21:41 88 --sh--r- c:\documents and settings\All Users\Application Data\D4C0142951.sys 2009-10-25 21:41 . 2009-10-25 21:41 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-25 21:41 . 2009-10-25 21:41 -------- d-----w- c:\documents and settings\Adam\Application Data\Corel 2009-10-25 21:38 . 2009-10-25 21:38 -------- d-----w- c:\program files\Common Files\Corel 2009-10-25 21:37 . 2009-10-25 21:37 -------- d-----w- c:\program files\Common Files\Protexis 2009-10-25 21:37 . 2009-10-25 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-10-25 21:34 . 2009-10-25 21:34 -------- d-----w- c:\program files\Corel 2009-10-22 16:19 . 2009-10-22 16:19 -------- d-----w- c:\windows\occache 2009-10-22 16:19 . 2009-10-22 16:19 -------- d-----w- c:\windows\wb 2009-10-22 16:19 . 1996-09-30 12:32 9728 ----a-r- c:\windows\system\rnaph.dll 2009-10-22 16:19 . 1996-08-16 13:44 87552 ----a-r- c:\windows\system\url.dll 2009-10-22 06:53 . 2009-10-22 06:53 -------- d-----w- c:\program files\Eidos Interactive 2009-10-22 06:52 . 1996-01-09 17:38 283648 ----a-w- c:\windows\uninst.exe 2009-10-22 06:50 . 2009-10-22 06:50 -------- d-----w- c:\documents and settings\Adam\WINDOWS 2009-10-22 06:00 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2009-10-22 06:00 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2009-10-22 06:00 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2009-10-22 06:00 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2009-10-22 06:00 . 1997-11-18 00:13 11776 ----a-w- c:\windows\system32\mciqtz.drv 2009-10-22 06:00 . 1997-11-18 00:13 10240 ----a-w- c:\windows\system32\vidx16.dll 2009-10-22 06:00 . 1997-11-18 00:02 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-10-22 06:00 . 1997-11-18 00:02 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-10-22 05:59 . 2009-10-22 05:59 -------- d-----w- c:\program files\Activision . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 02:21 . 2007-08-18 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-11-06 02:07 . 2009-11-06 02:12 170912 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2009-11-04 17:48 . 2009-08-08 03:23 -------- d-----w- c:\program files\TorrentMan 2009-10-31 22:29 . 2009-01-18 21:54 -------- d-----w- c:\documents and settings\Adam\Application Data\ZoomBrowser EX 2009-10-30 21:46 . 2009-02-08 03:58 -------- d-----w- c:\program files\Warcraft III 2009-10-26 03:00 . 2007-09-02 21:06 -------- d-----w- c:\program files\Common Files\Apple 2009-10-25 04:17 . 2008-04-03 04:09 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-04 20:16 . 2009-01-18 21:58 -------- d-----w- c:\documents and settings\Adam\Application Data\CameraWindowDC 2009-10-04 16:17 . 2009-10-04 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-09-18 17:37 . 2009-09-18 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-16 17:37 . 2009-09-16 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2009-09-16 17:36 . 2009-08-28 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-16 17:36 . 2009-09-16 17:36 -------- d-----w- c:\program files\NOS 2009-09-11 14:18 . 2005-07-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 02:41 . 2009-09-11 02:41 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 21:03 . 2005-07-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 18:53 . 2009-09-16 17:36 30912 ----a-w- c:\documents and settings\Adam\Application Data\Netscape\Navigator\Profiles\wamegs8b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2009-09-03 18:53 . 2009-09-16 17:36 22848 ----a-w- c:\documents and settings\Adam\Application Data\Netscape\Navigator\Profiles\wamegs8b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe 2009-09-03 18:53 . 2009-09-16 17:36 19792 ----a-w- c:\documents and settings\Adam\Application Data\Netscape\Navigator\Profiles\wamegs8b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe 2009-08-29 08:08 . 2005-07-28 12:00 916480 ----a-w- c:\windows\system32\wininet(2).dll 2009-08-29 07:36 . 2005-07-28 12:00 832512 ----a-w- c:\windows\system32\wininet(3).dll 2009-08-29 07:36 . 2005-07-28 12:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2005-07-28 12:00 1168384 ----a-w- c:\windows\system32\urlmon(3).dll 2009-08-29 07:36 . 2005-07-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2005-07-28 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-28 18:16 . 2009-08-28 18:16 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-08-26 08:00 . 2005-07-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-21 22:26 . 2009-08-21 22:26 305664 ----a-w- c:\documents and settings\Adam\Application Data\Thinstall\Program Data\1000000b00002i\verclsid.exe 2009-08-21 22:25 . 2009-08-21 22:25 305664 ----a-w- c:\documents and settings\Adam\Application Data\Thinstall\Program Data\10000004900002i\winhlp32.exe 2009-08-20 22:09 . 2009-08-20 22:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 02:12 . 2009-08-14 02:12 152576 ----a-w- c:\documents and settings\Adam\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-04-01 05:47 . 2009-02-16 22:02 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . ------- Sigcheck ------- [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 18:40 . 805AFFEAD386743F5CE97D1F8F9D3EFF . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2008-05-21 07:43 1526296 ----a-w- c:\program files\TorrentMan\tbTorr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-10-16 20:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-21 1526296] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-21 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.exe" [2005-07-28 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.exe" [2005-07-28 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.exe" [2005-07-28 455168] "wmp90user"="c:\program files\JNJScript\WMP90\wmp90user.exe" [2003-03-31 139132] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-29 181544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-06 2010904] "TrackPointSrv"="tp4mon.exe" - c:\windows\system32\tp4mon.exe [2008-04-14 82944] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-8-18 114688] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.exe [2001-2-12 83360] Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-06 03:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/5/2009 7:13 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/5/2009 7:13 PM 360584] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/5/2009 7:12 PM 285392] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/29/2007 1:05 PM 24652] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [8/17/2007 10:54 PM 14208] S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [7/28/2005 4:00 AM 14336] --- Other Services/Drivers In Memory --- *NewlyCreated* - AVG9WD *NewlyCreated* - AVGLDX86 *NewlyCreated* - AVGMFX86 *NewlyCreated* - AVGTDIX *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Office XP Standard v10 SP3] c:\program files\Microsoft Office\JNJSCRIPT\OfficeXPSP3usr.exe /S . Contents of the 'Scheduled Tasks' folder 2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-11-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-18 01:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\f90tdf44.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - yahoo.com FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - plugin: c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\f90tdf44.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\f90tdf44.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - URLSearchHooks-*{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) Toolbar-{41C29B07-6F91-4966-91BE-2E2841643C83} - (no file) HKCU-Run-Aim6 - (no file) AddRemove-AdssiteToolBar - c:\program files\Adssite Advanced Toolbar\uninstall.exe AddRemove-Microsoft Windows Media Player 9.0 fix v1.0 - c:\drivers\Patches\WMP9\UNINSTAL.exe AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-05 21:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CB046E]<< kernel: MBR read successfully user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\WININET.dll c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL - - - - - - - > 'lsass.exe'(908) c:\windows\system32\WININET.dll . Completion time: 2009-11-06 21:53 ComboFix-quarantined-files.txt 2009-11-06 05:53 Pre-Run: 20,086,190,080 bytes free Post-Run: 20,359,499,776 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 2FE8BAEBA885E1B04F2EDA82DC272BDE