nachobear

December 4, 2021

I have an issue with a virus/malware on the phone.

After Wiping the Cache and doing a factory reset the pest keeps reinstalling apps whenever there was an active internet connection.

Scanned the phone with Avast, MalwareFox, Kaspersky and Malwarebytes and nothing was found.

November 1, 2014

by putting a new os on there would delete my files and history? wouldn't a reball be better though?

October 30, 2014

wow more expensive to get another motherboard then, because it needs another OS

in your pc exp, is it possible to take out my old gpu and put an upgrade it if the gpu is bad?

also thought about the putting in an external video card but that doesn't make sense since you have to bring the external card around so the laptop is not portable

October 29, 2014

i wanted to possibly get another motherboard but there was talk about getting intel gpu card,

I thought the OS info would be left in the harddrive not the motherboard, guess i was wrong

October 28, 2014

theres also the option to drill a hole and put a bolt in the video card http://en.kioskea.net/forum/affich-122389-my-hp-tx2000-will-not-turn-back-on

this link talks about lead and non lead stuff http://www.badcaps.net/forum/showthread.php?t=18016

http://www.computerrepairtips.net/how-to-reflow-a-laptop-motherboard/ there is a talk about lead free and leaded

October 28, 2014

don't worry cwb I know you mean well

ok sounds weird and silly but I still can't decide what to do, I thought about the switching out motherboard thing david but I still think it will give me the problem again

that's why these links got me the idea to switch to better motherboard or perhaps do a reball or reflow

http://forum.tabletpcreview.com/threads/tx2000-cpu-motherboard-upgrade.20031/

http://forum.notebookreview.com/dell-xps-studio-xps/453038-permanent-fix-m1330-gpu-issues.html

October 18, 2014

i have been very busy the last two days ... uuuggghhh .

"so there is no way to test if the motherboard is bad or if its the gpu or something else?"
i explained in my post how to check the GPU IC ... by applying pressure to it while the machine is tore apart and "hooked together" to make it run .
this is difficult as one needs to make sure that the CPU cooler is still attached/working .

the major problem with the video/graphics on these units was the failure of the GPU IC (it is not a card) .
it ran so hot that many of them would become "un-soldered" (develop bad connections) ... this is why pressing on the IC itself might restore the video .
in other cases , the GPU became so hot that it was ruined/destroyed ... there are no external indications of this , they look perfectly normal .

i have seen a video on youtube of a guy using a heat gun and an aluminum foil shield ...
here is a link that explains the procedure and shows what the GPU actually is :
http://www.laptoprepair101.com/fix-laptop-motherboard-with-failed-nvidia-graphics-chip/
while this can work ... it can cause more problems , as have been outlined above .

the video link that was posted above (joenathan ... i thought it was spelled "jonhathan" ?) has a few errors in it .
for example , when he places the motherboard across the laptop bottom half to unscrew the heat pipe/sink and flexes the board three things can happen :
traces/components can "crack" (the motherboard is multi-layered)
his screwdriver has a good chance of slipping and causing damage
when the motherboard flexes or slides around , the fine copper traces on the back can be gouged/cut and components broken ... even though there is a protective film on the back (solder mask) .

this is what i meant by "having the skill set" ...
if you do not know the basics and how to prevent damaging a piece of equipment , your chances of turning a repair into a disaster are very high .
it is videos like these that give rookies a false sense of security and success .

what do you mean by not the card?

I am guessing you are warning me on if I do this reflow myself

October 18, 2014

I wouldn't worry. I looked at that referenced thread. I am writing this on a Dell Latitude D620 notebook that I have had since 2009.

Yes, there was a situation where the secret sauce for Electrolytic Capacitors was stolen. Only the secret sauce turned out to be a failed batch recipe so the one who who sole the recipe created bad Electrolytic Capacitors. As each day, month and year passes that issue become less and less of an issue.

Get the part. Follow the video. Make the repair. Just take your time mentally recording what you did to take it apart so you understand how to put it together. Put all screws in a small pill bottle or some small receptacle so they don't get lost.

sorry been busy, I wanted to do the motherboard switch before but still I don't want to really take the risk on the solder melting again if thats the case for the laptop, though whats been scaring me was on how to take it apart

October 16, 2014

The only way to learn from your mistakes is to admit that one makes mistakes. I make mistakes all the time. I am doing my damn best to learn from them.

You are in luck ! http://www.youtube.com/watch?v=bmsHH4a4D7Q

I found that vid today as well, but yes I think that link should be on this thread, but the thing is I am unsure about installing the gpu with reflow or getting another motherboard, because this is a link that got me worried about the video card http://www.badcaps.net/forum/showthread.php?t=18016

thank you David

October 16, 2014

That's funny.

You throw out "reflow" and "reball" expecting all your readers to understand the "jargon" or terminology.

IC stands for Integrated Circuit.

This is why "best practice" is to assume the audience does NOT understand what you are talking about and you layout everything in text. There you would define terminology or industry jargon that is to be used in the document.

For example: If I was talking about Internet Worms and used email as an example of the Internet method of autonomous replication, I will mention the use of the Simple Mail Transport Protocol (SMTP).

I can later use the acronym SMTP later in the document because I have already defined it.

You never defined what this notebook is and maybe the video module can be simply replaced. Some notebook vendors give video choices for some of their systems. When they do, the video module is replaceable.

-

PS: I too make this mistake and sometimes I assume all of the audience has knowledge of the subject matter when not all of them do.

the notebook is a tx2000 hp and that, I am guessing the video module is the graphics card?

I didn't understand your 2nd to last post which is the 6th post, but at least you admit to the mistake, like the one I did

October 15, 2014

i thought that model sounded familiar ...
there have been problems with the/a couple of models of this particular family of GPUs used in different laptops (makes and models) .
here is just one *discussion* :
http://www.nvidiadefect.com/the-death-of-my-hp-tx2000-t2576.html
a google search using "tx2000 graphics processor" or similar terms using "dead" , "no video" (etc) will produce many results .
i do not know the current status of any legal actions/remedies ... do some checking .

again , i am not saying it is impossible to reflow or remove and replace the gpu with a new IC and then reflow solder it to the MB ... however ...
i have been at the electronic repair gig for about 40 years , and i have reflowed many ICs and completely replaced IC packages with 200+ pins (hand soldering) .
i have some "specialized equipment" that one simply needs in order to help assure a "working outcome" .
all the equipment in the world will not help if one does not have the skill sets in place to start with .
(give a rookie a box of dynamite and a fist-full of crimp style blasting caps and the results tend to be a wee bit on the disastrous side)

you might try looking for someone to do the job for you .
the laptop will have to be stripped down and put back together ... the job is relatively labor intensive .
you will have to weigh carefully whether or not you want to try a repair or invest that money you would have spent in a new machine .

what is IC?

I wish of buying another machine but this machine is important because it has my files, bookmarks and additional user accounts

what I want to know mainly is, are there permanent fixes and how to tell if its the videocard or the motherboard or something else

October 15, 2014

yeppers ... you can try to reflow the solder on the graphics processor ... this is not a task for the uninitiated .
in and of itself , reflow soldering is a *permanent fix* .
if you mean to test the GPU by applying pressure and see if the video returns then you will have to tear the laptop down and dummy everything up ...
again , this is not an easy task .

reflow/reballing is a touchy process ... if you do not have a temperature limited heat gun with a tight pattern , you can do much damage to the MB .
once the solder is up to temperature , applying pressure and keeping the GPU in alignment is crucial .
if anything slips , full removal of the GPU , cleanup and alignment/soldering is the only fix .
the alignment is critical ... if you are off by .01 inches ... forget it .

i have seen a few of those reflow/reball videos on youtube ... many of these skip over the important stuff .
they make it sound easy to do ... this is simply not the case .

what is the make and model of the laptop ?

it is a hp tx2000

so there is no way to test if the motherboard is bad or if its the gpu or something else?

October 15, 2014

I'm sorry but, your post makes no sense.

"reflow" or a "reball" ?

reflow/reball is a process to fix weak solder on a gpu that has been seperated from the motherboard reflow and reball methods are different though

October 15, 2014

this is what I think if this is a official flyff download/file that this is a false detection and that malwarebyte should fix this result

October 14, 2014

the laptop has power but nothing appears on the screen, I switched the memory sticks around so its not them and I tried to hook the laptop to an external monitor and nothing appears so I want to see what is going on and if i need to do a reflow or a reball is there a permanent way to do it?

February 25, 2014

I just wanted to post an update that the browser seems to normal as I am new to the forum here. I also to get help on bleepingcomputer and wanted to thank you all for your help.

Here is the link on what steps I went through to get rid of the hijacking. http://www.bleepingcomputer.com/forums/t/523685/hijackers-and-spyware-safeweballiancecom-mrpccleanercom-searchdeals-by-inkjet/

February 8, 2014

the search donkey is a browser extensions

February 8, 2014

There are problems with the computer I have there are two hijackers, safewebballiance.com and mrpccleaner.com and when I search something on google I get a big ad over the search results saying SEARCHDEALS BY INKJET

also I know there is something on the computer called search donkey that needs to be removed

September 15, 2010

Thank you for letting me know.
In that case I will request this topic to be closed.

How do you close it?

September 14, 2010

Hi, good to hear things are fine now.
An MBR infection is an infection in the Master Boot Record of your harddisk. This is the first sector on a drive. This is no actual folder. MBR infections should be treated with care since not doing so can causing a computer to become unbootable which is not always easily to recover. Therefore I cannot recommend you any "easy fix" would this ever happen again.
Norton simply detected another scanner accessing a bad file in both combofix quarantine and system restore. That is nothing to worry about, merely Norton doing its job.
TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton or Avira.
ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
Push the button.
Push

sorry for the long wait, i thought about the chances of working on my uncles computer but i don't think its possible since he took it back without me knowing
i just wanted to let you know since your busy and all
still i thank you for your help
stay safe and surf safe

September 10, 2010

Well done, thats more like it.
How are things running now? What problems do you still have?

the problems are all gone, there was even the problem that my internet explorer favorites was unusable because i did a fix last time with the redirects I got great help from your many fans from the site forums.majorgeeks.com

i want to thank you for staying up and helping not only me but others with their problems thank you

also I want to give a big thanks for having a program that gotten rid of Security Tool

my mistake was not deleting the virus, i wanted to quarantine it

also my hitman pro program even saw there was a virus deep within the MBR i think the file was like in C\:$MBR something like that

will there be a way for scanners to delete and fix these problems in the future?

weird thing was, couple days back when i had the problem i scanned the computer with something then my anti virus from norton would pop up since it had the auto protect enable telling me that the files from Qoobox (combofix related folder) and a file from the system volume folder was activated and norton said it removed it paritally

so long antivirus gt (antivirus 7)

anyways take care

September 9, 2010

Hello again,
Lets first rerun TDSSkiller. I know you did already, but it has been updated; download a new copy and delete any old copy you may still have.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
CF-SCRIPT
-------------
We need to execute a CF-script.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:1041
uInternet Settings,ProxyOverride = <local>

Firefox::
FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1041
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

morning and I got the logs

2010/09/09 10:19:33.0171 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/09 10:19:33.0171 ================================================================================

2010/09/09 10:19:33.0171 SystemInfo:

2010/09/09 10:19:33.0171

2010/09/09 10:19:33.0171 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/09 10:19:33.0171 Product type: Workstation

2010/09/09 10:19:33.0171 ComputerName: USER-35CB1146C3

2010/09/09 10:19:33.0171 UserName: haaslathe

2010/09/09 10:19:33.0171 Windows directory: C:\WINDOWS

2010/09/09 10:19:33.0171 System windows directory: C:\WINDOWS

2010/09/09 10:19:33.0171 Processor architecture: Intel x86

2010/09/09 10:19:33.0171 Number of processors: 4

2010/09/09 10:19:33.0171 Page size: 0x1000

2010/09/09 10:19:33.0171 Boot type: Normal boot

2010/09/09 10:19:33.0171 ================================================================================

2010/09/09 10:19:33.0359 Initialize success

2010/09/09 10:19:37.0031 ================================================================================

2010/09/09 10:19:37.0031 Scan started

2010/09/09 10:19:37.0031 Mode: Manual;

2010/09/09 10:19:37.0031 ================================================================================

2010/09/09 10:19:38.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/09 10:19:38.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/09 10:19:39.0109 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/09 10:19:39.0234 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/09/09 10:19:39.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/09 10:19:40.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/09 10:19:40.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/09 10:19:40.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/09 10:19:40.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/09 10:19:41.0265 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/09/09 10:19:41.0328 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/09/09 10:19:41.0390 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/09/09 10:19:41.0437 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

2010/09/09 10:19:41.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/09 10:19:41.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/09 10:19:41.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/09 10:19:41.0734 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/09 10:19:41.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/09 10:19:41.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/09 10:19:41.0968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/09 10:19:42.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/09 10:19:42.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/09 10:19:42.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/09 10:19:42.0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/09 10:19:42.0265 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/09/09 10:19:42.0312 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/09/09 10:19:42.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/09 10:19:42.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/09 10:19:42.0437 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/09 10:19:42.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/09 10:19:42.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/09 10:19:42.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/09 10:19:42.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/09 10:19:42.0843 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/09 10:19:42.0875 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2010/09/09 10:19:42.0921 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/09/09 10:19:43.0000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/09 10:19:43.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/09 10:19:43.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/09 10:19:43.0312 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/09/09 10:19:43.0531 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/09 10:19:43.0859 IntcAzAudAddService (927cf2be4e57ff55e23759ac0ca57aa3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/09/09 10:19:43.0921 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/09 10:19:43.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/09 10:19:44.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/09 10:19:44.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/09 10:19:44.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/09 10:19:44.0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/09 10:19:44.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/09 10:19:44.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/09 10:19:44.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/09 10:19:44.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/09 10:19:44.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/09 10:19:44.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/09 10:19:44.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/09 10:19:44.0453 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/09 10:19:44.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/09 10:19:44.0515 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/09 10:19:44.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/09 10:19:44.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/09 10:19:44.0750 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/09 10:19:44.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/09 10:19:44.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/09 10:19:44.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/09 10:19:44.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/09 10:19:44.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/09 10:19:45.0000 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\naveng.sys

2010/09/09 10:19:45.0218 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100906.003\navex15.sys

2010/09/09 10:19:45.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/09 10:19:45.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/09 10:19:45.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/09 10:19:45.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/09 10:19:45.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/09 10:19:45.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/09 10:19:45.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/09 10:19:45.0500 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys

2010/09/09 10:19:45.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/09 10:19:45.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/09 10:19:45.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/09 10:19:45.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/09 10:19:45.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/09 10:19:45.0671 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2010/09/09 10:19:45.0687 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2010/09/09 10:19:45.0703 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2010/09/09 10:19:45.0734 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

2010/09/09 10:19:45.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/09 10:19:45.0796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/09 10:19:45.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/09 10:19:45.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/09 10:19:45.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/09 10:19:45.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/09 10:19:46.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/09 10:19:46.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/09 10:19:46.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/09 10:19:46.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/09 10:19:46.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/09 10:19:46.0234 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/09 10:19:46.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/09 10:19:46.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/09 10:19:46.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/09 10:19:46.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/09 10:19:46.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/09 10:19:46.0375 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/09 10:19:46.0421 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2010/09/09 10:19:46.0453 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/09/09 10:19:46.0625 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/09/09 10:19:46.0671 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/09/09 10:19:46.0750 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/09/09 10:19:46.0765 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/09/09 10:19:46.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/09 10:19:46.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/09 10:19:46.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/09 10:19:46.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/09 10:19:46.0968 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/09/09 10:19:47.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/09 10:19:47.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/09 10:19:47.0093 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/09 10:19:47.0109 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/09/09 10:19:47.0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/09 10:19:47.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/09 10:19:47.0187 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS

2010/09/09 10:19:47.0218 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2010/09/09 10:19:47.0296 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2010/09/09 10:19:47.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/09 10:19:47.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/09 10:19:47.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/09 10:19:47.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/09 10:19:47.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/09 10:19:47.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/09 10:19:47.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/09 10:19:47.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/09 10:19:47.0609 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/09 10:19:47.0609 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/09 10:19:47.0640 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/09/09 10:19:47.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/09 10:19:47.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/09 10:19:47.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/09 10:19:47.0781 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/09/09 10:19:47.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/09 10:19:48.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/09/09 10:19:48.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/09 10:19:48.0187 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/09 10:19:48.0250 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/09/09 10:19:48.0250 ================================================================================

2010/09/09 10:19:48.0250 Scan finished

2010/09/09 10:19:48.0250 ================================================================================

2010/09/09 10:19:48.0250 Detected object count: 1

2010/09/09 10:20:02.0750 \HardDisk1\MBR - will be cured after reboot

2010/09/09 10:20:02.0750 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure

2010/09/09 10:25:35.0703 Deinitialize success

________________________________________________________________________________

__________________-

ComboFix 10-09-08.01 - haaslathe 09/09/2010 10:33:23.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2626 [GMT -7:00]

Running from: c:\documents and settings\haaslathe\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\haaslathe\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))

.

2010-09-08 03:19 . 2010-09-08 04:36 -------- d-----w- c:\windows\system32\NtmsData

2010-09-08 03:19 . 2010-09-08 03:19 -------- d-----w- c:\documents and settings\haaslathe\Application Data\Avira

2010-09-08 03:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-08 03:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-08 03:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-09-08 03:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\program files\Avira

2010-09-08 03:11 . 2010-09-08 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-09-07 08:41 . 2010-09-07 08:41 -------- d-s---w- c:\documents and settings\LocalService\UserData

2010-09-07 08:27 . 2010-09-07 08:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo

2010-09-07 01:05 . 2010-09-07 01:05 -------- d-----w- C:\TDSSKiller_Quarantine

2010-09-06 22:43 . 2010-09-07 01:13 126973 ----a-w- C:\MGlogs.zip

2010-09-06 22:43 . 2010-09-07 01:13 -------- d-----w- C:\MGtools

2010-09-06 03:02 . 2010-09-06 21:05 63488 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 17:27 . 2008-09-24 07:06 -------- d-----w- c:\program files\Symantec AntiVirus

2010-09-07 08:04 . 2010-06-13 20:09 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-07 07:50 . 2008-09-24 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-06 21:15 . 2010-06-16 00:06 -------- d-----w- c:\program files\CCleaner

2010-09-06 21:07 . 2008-11-01 21:18 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-06 21:05 . 2010-04-03 23:41 117760 ----a-w- c:\documents and settings\haaslathe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-06 04:07 . 2010-04-03 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-18 01:13 . 2009-08-08 17:51 -------- d-----w- c:\program files\McAfee

2010-07-29 01:03 . 2010-07-29 01:01 -------- d-----w- c:\program files\Google

2010-06-30 12:31 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:10 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2007-01-16 20:07 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2007-01-16 20:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-03 23:56 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2008-09-24 21:14 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2007-01-16 20:06 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-09_04.51.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-09 17:26 . 2010-09-09 17:26 16384 c:\windows\Temp\Perflib_Perfdata_58c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-03-20 5248312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\User\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/7/2010 8:11 PM 135336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/8/2009 10:52 AM 88176]

R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [9/27/2008 2:50 PM 53307]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 11:09 PM 102448]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2010 6:01 PM 136176]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

.

Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 01:01]

2010-09-09 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-06-17 05:18]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://www.yahoo.com

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\haaslathe\Application Data\Mozilla\Firefox\Profiles\qak1woca.default\

FF - prefs.js: browser.search.selectedengine - Secure Search

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\haaslathe\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-09 10:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1252)

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-09 10:38:56

ComboFix-quarantined-files.txt 2010-09-09 17:38

Pre-Run: 479,291,756,544 bytes free

Post-Run: 479,279,624,192 bytes free

- - End Of File - - D5B63E58B4755119016FA88AE24B6F61

September 9, 2010

Just download a new copy, run it and post me the log.

good thing i found out my phone can hold files

here is the log

ComboFix 10-09-08.01 - haaslathe 09/08/2010 21:44:59.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2722 [GMT -7:00]