Author Topic: Another Application cannot be executed ******.exe is infected virus. (Read 9348 times)

Rawrz · « **on:** February 04, 2011, 11:05:27 AM »

Ok so it started a few days ago, ive been trying to fix it, found a post on here about downloading free spyware *censored* from websites, downloaded
superantispyware in safemode with networking, ran it, got stuck in some folder i had for a game for 5 hours, computer locked up shut it off booted regularly no change obviously and i deleted the folder (as it was not needed). Tried to go back into safe mode and it gets stuck in the "windows/system32/drivers/crcdisk.sys" line. Boots fine in "normal" mode but still cannot open any .exe, when i first login there is a 10second or so window i can open an exe but its enough to open 1 program.

Can anyone help here? The guy helpin the post i read was SuperDave but dated back in 09 so i dont know if he is still here

link http://www.computerhope.com/forum/index.php?topic=95177.0

Am i stuck buying a restore disk from HP because my dog destroyed my originals?? (My computer is a HP Pavillion DV6000)

harry 48 · « **Reply #1 on:** February 04, 2011, 12:34:45 PM »

try to complete these http://www.computerhope.com/forum/index.php/topic,46313.0.html

SuperDave · « **Reply #2 on:** February 04, 2011, 01:05:07 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**************************************************
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 3 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr

Once you've gotten one of them to run then try to immediately run the following.
************************************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
********************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Rawrz · « **Reply #3 on:** February 07, 2011, 10:34:04 AM »

Here are all the logs that from what you told me to run

RKILL

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/05/2011 at 0:45:04.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\Windows\System32\InfDefaultInstall.exe
C:\Windows\system32\runonce.exe
C:\WINDOWS\System32\grpconv.exe

Rkill completed on 02/05/2011 at 0:45:16.

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5681

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

2/5/2011 10:29:11 AM
mbam-log-2011-02-05 (10-29-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 403448
Time elapsed: 3 hour(s), 11 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Doug\AppData\Local\KBAge3dn.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\Users\Doug\AppData\Local\ugiqowaqifi.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mgisilesoq (Trojan.Hiloti.Gen) -> Value: Mgisilesoq -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kvgmflrw (Trojan.Downloader) -> Value: kvgmflrw -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Udiqulor (Trojan.Agent.U) -> Value: Udiqulor -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Doug\AppData\Local\KBAge3dn.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\Users\Doug\AppData\Local\Temp\rctdisplg\humgaxosjmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.34319413711507984.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.4869717852028961.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.7677191136936155.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\F373.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\gjukfitrrh.exe (Trojan.Mufanom) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\E405.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\ms0cfg32.exe (Backdoor.Gbot) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\rwyesgwovg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\Low\3AD0.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59\322e42fb-1ece833d (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Roaming\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.09698844906069448.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.49638701647444483.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.8655788936032646.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\ugiqowaqifi.dll (Trojan.Agent.U) -> Delete on reboot.

Superantispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/05/2011 at 01:12 PM

Application Version : 4.48.1000

Core Rules Database Version : 6348
Trace Rules Database Version: 4160

Scan type : Complete Scan
Total Scan Time : 02:31:41

Memory items scanned : 697
Memory threats detected : 0
Registry items scanned : 8002
Registry threats detected : 0
File items scanned : 264706
File threats detected : 631

(Bunch of cookies here took out to shorten post)

Adware.Unknown Origin
   C:\PROGRAM FILES\HEWLETT-PACKARD\HP ADVISOR\COMPSHOP\TEMPLATES\AD.HTML

Trojan.Agent/Gen-IEFake
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX0\H\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX1\H\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX2\H\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\IEXPLORE.EXE

Trojan.Agent/Gen-IExplorer[Fake]
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
   C:\USERS\DOUG\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE

DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Doug at 12:17:49.47 on Mon 02/07/2011
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.1534 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Doug\AppData\Local\Temp\fbrlarvcs\pqkjqaxsjmo.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Doug\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8992
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Mgisilesoq] rundll32.exe "c:\users\doug\appdata\local\KBAge3dn.dll",Startup
uRun: [Udiqulor] rundll32.exe "c:\users\doug\appdata\local\ugiqowaqifi.dll",Startup
uRun: [aehrleib] c:\users\doug\appdata\local\temp\fbrlarvcs\pqkjqaxsjmo.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\doug\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\users\doug\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\doug\appdata\roaming\mozilla\firefox\profiles\5rfnqyog.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\doug\appdata\roaming\mozilla\firefox\profiles\5rfnqyog.default\extensions\gamebox@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDbsGscInfo.dll
FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDBsignWeb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: XULRunner: {9E6732A7-DAB8-4AEC-9157-2007D58749D0} - c:\users\doug\appdata\local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-5-23 98984]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-27 234888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe --> c:\program files\dragon age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-6-27 1251720]

=============== Created Last 30 ================

2011-02-06 02:05:52   --------   d-sh--w-   C:\$RECYCLE.BIN
2011-02-05 06:46:23   5890896   ----a-w-   c:\progra~2\microsoft\windows defender\definition updates\{41413139-4bae-4f93-ba92-e8834d7f9028}\mpengine.dll
2011-02-05 05:47:09   --------   d-----w-   c:\users\doug\appdata\roaming\Malwarebytes
2011-02-05 05:47:00   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 05:47:00   --------   d-----w-   c:\progra~2\Malwarebytes
2011-02-05 05:46:57   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-05 05:46:57   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-05 03:50:59   3066   ----a-w-   c:\users\doug\appdata\local\ofarihehafil.dll
2011-02-05 01:49:00   3066   ----a-w-   c:\users\doug\appdata\local\ekogerutewotevig.dll
2011-02-04 23:47:00   3066   ----a-w-   c:\users\doug\appdata\local\oyoyirogo.dll
2011-02-04 21:45:00   3066   ----a-w-   c:\users\doug\appdata\local\aqobagogagimo.dll
2011-02-04 19:43:01   3066   ----a-w-   c:\users\doug\appdata\local\ujicofezip.dll
2011-02-04 17:40:59   3066   ----a-w-   c:\users\doug\appdata\local\ogitazal.dll
2011-02-04 17:36:47   3066   ----a-w-   c:\users\doug\appdata\local\unociluv.dll
2011-02-04 15:43:51   3066   ----a-w-   c:\users\doug\appdata\local\ixabiwey.dll
2011-02-04 03:20:28   3066   ----a-w-   c:\users\doug\appdata\local\ufacamunumat.dll
2011-02-04 01:18:28   3066   ----a-w-   c:\users\doug\appdata\local\atopakenupiy.dll
2011-02-03 23:16:28   3066   ----a-w-   c:\users\doug\appdata\local\iqaxuyoy.dll
2011-02-03 21:14:29   3066   ----a-w-   c:\users\doug\appdata\local\iqakafomo.dll
2011-02-03 14:03:19   3066   ----a-w-   c:\users\doug\appdata\local\onocecisuwaq.dll
2011-02-02 02:56:12   --------   d-----w-   c:\users\doug\appdata\roaming\SUPERAntiSpyware.com
2011-02-02 02:56:12   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2011-02-02 02:56:03   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-01 22:47:14   3066   ----a-w-   c:\users\doug\appdata\local\ivozaxeqeta.dll
2011-02-01 13:05:37   3066   ----a-w-   c:\users\doug\appdata\local\eyekeyoj.dll
2011-02-01 06:30:19   3066   ----a-w-   c:\users\doug\appdata\local\etanutulivihanof.dll
2011-01-31 17:57:56   0   ----a-w-   c:\users\doug\appdata\local\Wpixobubobog.bin
2011-01-31 17:57:55   --------   d-----w-   c:\users\doug\appdata\local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}

==================== Find3M ====================

2011-01-02 14:18:27   249856   ------w-   c:\windows\Setup1.exe
2011-01-02 14:18:25   73216   ----a-w-   c:\windows\ST6UNST.EXE
2010-12-29 19:48:47   21840   ----a-w-   c:\windows\system32\SIntfNT.dll
2010-12-29 19:48:47   17212   ----a-w-   c:\windows\system32\SIntf32.dll
2010-12-29 19:48:46   12067   ----a-w-   c:\windows\system32\SIntf16.dll
2010-12-29 19:26:50   94208   ----a-w-   c:\windows\DIIUnin.exe
2010-12-29 19:26:50   2829   ----a-w-   c:\windows\DIIUnin.pif
2010-12-24 22:21:18   258352   ----a-w-   c:\windows\system32\unicows.dll
2010-11-29 22:38:30   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30   69632   ----a-w-   c:\windows\system32\QuickTime.qts

============= FINISH: 12:18:34.57 ===============

Attach

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2008 8:34:47 AM
System Uptime: 2/5/2011 1:21:53 PM (47 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 32.491 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.874 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP462: 2/5/2011 4:27:46 AM - Windows Defender Checkpoint
RP463: 2/6/2011 - Scheduled Checkpoint
RP465: 2/6/2011 1:57:44 AM - Removed Age of Empires III
RP467: 2/6/2011 1:59:01 AM - Removed Age of Empires III - The Asian Dynasties
RP469: 2/6/2011 2:06:47 AM - Removed Age of Empires III - The WarChiefs
RP470: 2/7/2011 2:46:13 AM - Scheduled Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Age of Empires III - The WarChiefs
AIM 6
Any Video Converter 3.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Barbarian Invasion
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Bonjour
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
CyberLink YouCam
DAEMON Tools Toolbar
DBsign Web Signer
Diablo II
Dragon Age: Origins
DVD Suite
EA Link
ESU for Microsoft Vista
EVE Online (remove only)
Fallout Mod Manager 0.9.14
Fallout: New Vegas
Graboid Video 1.5
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hero Editor V1.03
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Impulse
Intel® Matrix Storage Manager
IsoBuster 2.5
iTunes
Java(TM) 6 Update 2
LabelPrint
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
McAfee Security Scan
Metro 2033
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.19)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NVIDIA Drivers
NVIDIA PhysX
Pando Media Booster
Power2Go
PowerDirector
Project64 1.6
PSSWCORE
PunkBuster for Battlefield 1942
PVSonyDll
QuickTime
RCT3 Soaked
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Rockstar Games Social Club
Rome - Total War - Alexander
Rome - Total War(TM)
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 Gold
Sid Meier's Civilization V - Demo
Slingbox Flash Tour
SlingPlayer
Starcraft
StarCraft II
Steam
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Lord of the Rings - Total War OPEN BETA
The Lord of the Rings - Total War PATCH v2.06
The Lord of the Rings Online™ v03.02.05.8032
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VideoToolkit01
Viewpoint Media Player
VLC media player 0.9.8a
Vongo
Vuze
Warhammer Online - Age of Reckoning
WeatherBug Gadget
Windows Media Player Firefox Plugin
WinHTTrack Website Copier 3.43-7
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/5/2011 4:22:43 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
2/5/2011 4:06:43 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
2/4/2011 3:46:12 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
2/4/2011 12:41:23 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/4/2011 12:41:22 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
2/4/2011 12:37:29 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/4/2011 12:36:24 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/4/2011 12:35:16 PM, Error: EventLog [6008] - The previous system shutdown at 12:12:35 PM on 2/4/2011 was unexpected.
2/2/2011 12:09:26 AM, Error: EventLog [6008] - The previous system shutdown at 11:51:06 PM on 2/1/2011 was unexpected.
2/1/2011 9:40:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
2/1/2011 9:40:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/1/2011 9:19:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Doug-PC\Doug SID (S-1-5-21-2065211306-767525429-2102182076-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/1/2011 1:44:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/1/2011 1:37:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/1/2011 1:37:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/1/2011 1:36:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/1/2011 1:36:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/1/2011 1:36:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/1/2011 1:36:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2011 1:36:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/1/2011 1:30:04 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

SuperDave · « **Reply #4 on:** February 07, 2011, 01:26:15 PM »

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

***********************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*****************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
********************************************
The DDS scan shows that you have just a bit under 15% free space on your harddrive. Windows normally requires 15% or more to function properly. Please keep an eye on this and don't let it drop any further,otherwise, you will start to have operational problems.
*****************************************************
Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Rawrz · « **Reply #5 on:** February 08, 2011, 04:07:47 PM »

Logs as follows

TDSSKILLER

2011/02/08 17:37:47.0831 1948   TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 17:37:48.0002 1948   ================================================================================
2011/02/08 17:37:48.0002 1948   SystemInfo:
2011/02/08 17:37:48.0002 1948
2011/02/08 17:37:48.0002 1948   OS Version: 6.0.6000 ServicePack: 0.0
2011/02/08 17:37:48.0002 1948   Product type: Workstation
2011/02/08 17:37:48.0002 1948   ComputerName: DOUG-PC
2011/02/08 17:37:48.0002 1948   UserName: Doug
2011/02/08 17:37:48.0002 1948   Windows directory: C:\Windows
2011/02/08 17:37:48.0002 1948   System windows directory: C:\Windows
2011/02/08 17:37:48.0002 1948   Processor architecture: Intel x86
2011/02/08 17:37:48.0002 1948   Number of processors: 2
2011/02/08 17:37:48.0002 1948   Page size: 0x1000
2011/02/08 17:37:48.0002 1948   Boot type: Safe boot with network
2011/02/08 17:37:48.0002 1948   ================================================================================
2011/02/08 17:37:57.0737 1948   Initialize success
2011/02/08 17:38:49.0435 1928   ================================================================================
2011/02/08 17:38:49.0435 1928   Scan started
2011/02/08 17:38:49.0435 1928   Mode: Manual;
2011/02/08 17:38:49.0435 1928   ================================================================================
2011/02/08 17:38:50.0839 1928   ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/02/08 17:38:50.0948 1928   adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/08 17:38:51.0073 1928   adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/08 17:38:51.0167 1928   adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/08 17:38:51.0260 1928   adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/08 17:38:51.0401 1928   AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/02/08 17:38:51.0510 1928   agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/08 17:38:51.0635 1928   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/08 17:38:51.0744 1928   aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/08 17:38:51.0853 1928   amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/08 17:38:51.0947 1928   amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/08 17:38:52.0056 1928   AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/08 17:38:52.0087 1928   AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/08 17:38:52.0196 1928   arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/08 17:38:52.0321 1928   arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/08 17:38:52.0446 1928   AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/08 17:38:52.0555 1928   atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/02/08 17:38:52.0664 1928   atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
2011/02/08 17:38:52.0805 1928   BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/02/08 17:38:52.0914 1928   Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/02/08 17:38:53.0164 1928   bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/08 17:38:53.0242 1928   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/08 17:38:53.0288 1928   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/08 17:38:53.0382 1928   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/08 17:38:53.0444 1928   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/08 17:38:53.0522 1928   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/08 17:38:53.0569 1928   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/08 17:38:53.0663 1928   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/08 17:38:53.0772 1928   cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/08 17:38:53.0866 1928   cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/08 17:38:53.0912 1928   circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/08 17:38:54.0022 1928   CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/02/08 17:38:54.0146 1928   CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/08 17:38:54.0193 1928   cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/08 17:38:54.0318 1928   Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/08 17:38:54.0380 1928   crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/08 17:38:54.0443 1928   Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/08 17:38:54.0583 1928   DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/02/08 17:38:54.0708 1928   disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/02/08 17:38:54.0833 1928   drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/08 17:38:54.0926 1928   DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/08 17:38:55.0051 1928   E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/02/08 17:38:55.0129 1928   E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/08 17:38:55.0254 1928   Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/02/08 17:38:55.0363 1928   elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/08 17:38:55.0488 1928   fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/02/08 17:38:55.0597 1928   fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/08 17:38:55.0706 1928   FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/02/08 17:38:55.0738 1928   Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/02/08 17:38:55.0831 1928   flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/08 17:38:55.0909 1928   FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/02/08 17:38:55.0972 1928   Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/08 17:38:56.0065 1928   gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/08 17:38:56.0143 1928   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/08 17:38:56.0268 1928   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/08 17:38:56.0330 1928   HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/08 17:38:56.0408 1928   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/08 17:38:56.0486 1928   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/08 17:38:56.0596 1928   HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/08 17:38:56.0705 1928   HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/08 17:38:56.0798 1928   HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/02/08 17:38:56.0830 1928   HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/02/08 17:38:56.0939 1928   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/02/08 17:38:57.0001 1928   HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/02/08 17:38:57.0110 1928   HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/02/08 17:38:57.0157 1928   i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/08 17:38:57.0266 1928   i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/08 17:38:57.0422 1928   ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/08 17:38:57.0547 1928   iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/08 17:38:57.0610 1928   iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/08 17:38:57.0734 1928   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/08 17:38:57.0890 1928   IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/08 17:38:58.0015 1928   intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2011/02/08 17:38:58.0062 1928   intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/08 17:38:58.0187 1928   IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/08 17:38:58.0312 1928   IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/08 17:38:58.0390 1928   IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/08 17:38:58.0468 1928   IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/02/08 17:38:58.0530 1928   isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/08 17:38:58.0608 1928   iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/08 17:38:58.0686 1928   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/08 17:38:58.0811 1928   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/08 17:38:58.0873 1928   kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/08 17:38:58.0967 1928   kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/08 17:38:59.0045 1928   KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/08 17:38:59.0216 1928   lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/02/08 17:38:59.0279 1928   lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/08 17:38:59.0404 1928   LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/08 17:38:59.0482 1928   LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/08 17:38:59.0591 1928   LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/08 17:38:59.0622 1928   luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/02/08 17:38:59.0762 1928   megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/08 17:38:59.0825 1928   Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/02/08 17:38:59.0918 1928   monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/08 17:38:59.0965 1928   mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/08 17:39:00.0059 1928   mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/08 17:39:00.0152 1928   MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/02/08 17:39:00.0262 1928   mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/08 17:39:00.0293 1928   mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/08 17:39:00.0371 1928   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/08 17:39:00.0449 1928   MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/02/08 17:39:00.0574 1928   mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/08 17:39:00.0667 1928   mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/08 17:39:00.0761 1928   mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/08 17:39:00.0870 1928   msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/08 17:39:00.0917 1928   msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/08 17:39:01.0010 1928   Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/02/08 17:39:01.0120 1928   msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys
2011/02/08 17:39:01.0229 1928   MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/08 17:39:01.0260 1928   MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/08 17:39:01.0354 1928   MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/02/08 17:39:01.0385 1928   MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/02/08 17:39:01.0494 1928   mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/08 17:39:01.0525 1928   MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/02/08 17:39:01.0603 1928   Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/02/08 17:39:01.0728 1928   NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/08 17:39:01.0837 1928   NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/02/08 17:39:01.0946 1928   NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/08 17:39:02.0009 1928   Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/08 17:39:02.0087 1928   NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/08 17:39:02.0180 1928   NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/02/08 17:39:02.0274 1928   NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/08 17:39:02.0368 1928   netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/08 17:39:02.0570 1928   NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/02/08 17:39:02.0695 1928   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/08 17:39:02.0789 1928   Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/02/08 17:39:02.0836 1928   nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/08 17:39:02.0945 1928   Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/02/08 17:39:03.0038 1928   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/08 17:39:03.0085 1928   Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/02/08 17:39:03.0366 1928   nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/08 17:39:03.0943 1928   nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/08 17:39:03.0990 1928   nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/08 17:39:04.0068 1928   nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/08 17:39:04.0224 1928   ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/08 17:39:04.0349 1928   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/08 17:39:04.0427 1928   partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/02/08 17:39:04.0489 1928   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/08 17:39:04.0567 1928   pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys
2011/02/08 17:39:04.0614 1928   pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/08 17:39:04.0708 1928   pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/08 17:39:04.0832 1928   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/08 17:39:05.0004 1928   PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/08 17:39:05.0051 1928   Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/08 17:39:05.0160 1928   PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/08 17:39:05.0238 1928   ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/08 17:39:05.0316 1928   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/08 17:39:05.0425 1928   QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/08 17:39:05.0519 1928   RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/08 17:39:05.0550 1928   Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/08 17:39:05.0659 1928   RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/08 17:39:05.0675 1928   rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/08 17:39:05.0753 1928   RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/08 17:39:05.0800 1928   rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/08 17:39:05.0878 1928   RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/08 17:39:05.0924 1928   RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/02/08 17:39:06.0065 1928   rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/02/08 17:39:06.0158 1928   rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/02/08 17:39:06.0190 1928   rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/02/08 17:39:06.0283 1928   rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/08 17:39:06.0346 1928   RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/02/08 17:39:06.0424 1928   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/08 17:39:06.0455 1928   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/08 17:39:06.0533 1928   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/08 17:39:06.0580 1928   sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/08 17:39:06.0736 1928   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/08 17:39:06.0892 1928   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/08 17:39:06.0985 1928   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/08 17:39:07.0048 1928   sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/02/08 17:39:07.0172 1928   sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/08 17:39:07.0219 1928   sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/08 17:39:07.0313 1928   sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/08 17:39:07.0344 1928   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/08 17:39:07.0438 1928   sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/08 17:39:07.0484 1928   SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/08 17:39:07.0547 1928   SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/08 17:39:07.0609 1928   Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/02/08 17:39:07.0703 1928   smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
2011/02/08 17:39:07.0781 1928   spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/02/08 17:39:07.0859 1928   sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/02/08 17:39:07.0859 1928   Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/02/08 17:39:07.0874 1928   sptd - detected Locked file (1)
2011/02/08 17:39:07.0952 1928   srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/02/08 17:39:08.0062 1928   srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/08 17:39:08.0155 1928   srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/08 17:39:08.0280 1928   swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/08 17:39:08.0389 1928   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/08 17:39:08.0545 1928   symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\Windows\system32\drivers\symlcbrd.sys
2011/02/08 17:39:08.0608 1928   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/08 17:39:08.0654 1928   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/08 17:39:08.0732 1928   SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/08 17:39:08.0857 1928   Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/02/08 17:39:08.0998 1928   Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/08 17:39:09.0044 1928   tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/08 17:39:09.0122 1928   TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/02/08 17:39:09.0154 1928   TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/08 17:39:09.0247 1928   tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/08 17:39:09.0278 1928   TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/08 17:39:09.0403 1928   tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/08 17:39:09.0466 1928   tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/08 17:39:09.0559 1928   tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/08 17:39:09.0590 1928   uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/08 17:39:09.0684 1928   udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/08 17:39:09.0746 1928   uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/08 17:39:09.0778 1928   uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/08 17:39:09.0856 1928   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/08 17:39:09.0887 1928   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/08 17:39:09.0918 1928   umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/08 17:39:10.0012 1928   USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/08 17:39:10.0090 1928   usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/08 17:39:10.0136 1928   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/08 17:39:10.0214 1928   usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/08 17:39:10.0261 1928   usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/08 17:39:10.0339 1928   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/08 17:39:10.0370 1928   usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/08 17:39:10.0480 1928   usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/08 17:39:10.0526 1928   USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/08 17:39:10.0589 1928   usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/08 17:39:10.0651 1928   usbvideo (46f3a2912ef88cd8e87d4f9b304cd949) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/08 17:39:10.0729 1928   usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/08 17:39:10.0776 1928   vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/08 17:39:10.0838 1928   VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/02/08 17:39:10.0901 1928   viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/08 17:39:10.0948 1928   ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/08 17:39:11.0026 1928   viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/08 17:39:11.0057 1928   volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys
2011/02/08 17:39:11.0150 1928   volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/02/08 17:39:11.0213 1928   volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/02/08 17:39:11.0291 1928   vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/08 17:39:11.0369 1928   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/08 17:39:11.0431 1928   Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/08 17:39:11.0462 1928   Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/08 17:39:11.0525 1928   Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/08 17:39:11.0603 1928   Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/08 17:39:11.0774 1928   winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/02/08 17:39:11.0962 1928   WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/08 17:39:12.0102 1928   WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/08 17:39:12.0180 1928   ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/08 17:39:12.0242 1928   WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/08 17:39:12.0336 1928   ================================================================================
2011/02/08 17:39:12.0336 1928   Scan finished
2011/02/08 17:39:12.0336 1928   ================================================================================
2011/02/08 17:39:12.0352 0436   Detected object count: 1
2011/02/08 17:39:21.0930 0436   Locked file(sptd) - User select action: Skip

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:11 PM, on 2/8/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8992
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Mgisilesoq] rundll32.exe "C:\Users\Doug\AppData\Local\KBAge3dn.dll",Startup
O4 - HKCU\..\Run: [Udiqulor] rundll32.exe "C:\Users\Doug\AppData\Local\ugiqowaqifi.dll",Startup
O4 - HKCU\..\Run: [aehrleib] C:\Users\Doug\AppData\Local\Temp\fbrlarvcs\pqkjqaxsjmo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 10170 bytes

Security Check

Results of screen317's Security Check version 0.99.8
Windows Vista (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 2
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

And i have removed ask and viewpoint using add/remove programs and double checked in C drive, do not see them, assuming gone.

All this help is much appreciated Superdave, all these steps were done in safemode w/networking due to virus not allowing .exe's again.

SuperDave · « **Reply #6 on:** February 09, 2011, 11:52:43 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
*****************************************************
Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***********************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8992
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Mgisilesoq] rundll32.exe "C:\Users\Doug\AppData\Local\KBAge3dn.dll",Startup
O4 - HKCU\..\Run: [Udiqulor] rundll32.exe "C:\Users\Doug\AppData\Local\ugiqowaqifi.dll",Startup
O4 - HKCU\..\Run: [aehrleib] C:\Users\Doug\AppData\Local\Temp\fbrlarvcs\pqkjqaxsjmo.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***********************************************
Please update and run MBAM again and post the log.

Rawrz · « **Reply #7 on:** February 18, 2011, 08:30:52 PM »

MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5806

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16982

2/18/2011 10:27:20 PM
mbam-log-2011-02-18 (22-27-20).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 375185
Time elapsed: 1 hour(s), 0 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yepriwlp (Trojan.FakeAlert) -> Value: yepriwlp -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Doug\AppData\Local\Temp\jorqqhdck\nljrmqdsikk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.6320000434182925.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Doug\AppData\Local\Temp\0.9494665878668938.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Sorry for the lengthy reply been busy with some stuff and my laptop had to be put on hold.

I downloaded Avast antivirus, i do have Trendmicro tho waiting to be installed on this computer.

Whats next Superdave

SuperDave · « **Reply #8 on:** February 19, 2011, 12:07:35 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Rawrz · « **Reply #9 on:** February 21, 2011, 05:51:08 AM »

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:07 AM, on 2/21/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 9813 bytes

ComboFix

ComboFix 11-02-19.02 - Doug 02/20/2011 9:42.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.2382 [GMT -5:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Doug\AppData\Local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}
c:\users\Doug\AppData\Local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}\chrome.manifest
c:\users\Doug\AppData\Local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}\chrome\content\_cfg.js
c:\users\Doug\AppData\Local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}\chrome\content\overlay.xul
c:\users\Doug\AppData\Local\{9E6732A7-DAB8-4AEC-9157-2007D58749D0}\install.rdf
c:\windows\system32\drivers\mkjc.sys
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_amwoajo

((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 14:48 . 2011-02-20 14:51   --------   d-----w-   c:\users\Doug\AppData\Local\temp
2011-02-20 14:48 . 2011-02-20 14:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-02-19 00:58 . 2011-01-13 08:41   294608   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-02-19 00:58 . 2011-01-13 08:40   47440   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-02-19 00:58 . 2011-01-13 08:37   23632   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-02-19 00:58 . 2011-01-13 08:37   51280   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-02-19 00:58 . 2011-01-13 08:37   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-02-19 00:58 . 2011-01-13 08:47   38848   ----a-w-   c:\windows\avastSS.scr
2011-02-19 00:58 . 2011-01-13 08:47   188216   ----a-w-   c:\windows\system32\aswBoot.exe
2011-02-19 00:58 . 2011-02-19 00:58   --------   d-----w-   c:\program files\Alwil Software
2011-02-19 00:58 . 2011-02-19 00:58   --------   d-----w-   c:\progra~2\Alwil Software
2011-02-19 00:53 . 2011-02-19 00:53   --------   d-----w-   c:\progra~2\NOS
2011-02-19 00:53 . 2011-02-19 00:53   --------   d-----w-   c:\program files\NOS
2011-02-19 00:30 . 2011-02-19 00:30   --------   d-----w-   c:\windows\Sun
2011-02-18 21:42 . 2011-02-18 21:41   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-18 21:42 . 2011-02-18 21:41   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-18 07:29 . 2011-01-13 09:41   5890896   ----a-w-   c:\progra~2\Microsoft\Windows Defender\Definition Updates\{785A28AD-8A37-4880-AE7E-F87A1BE30B95}\mpengine.dll
2011-02-08 22:56 . 2011-02-08 22:56   --------   d-----w-   c:\program files\Trend Micro
2011-02-08 22:44 . 2011-02-08 22:44   --------   d-----w-   c:\users\Doug\AppData\Roaming\InstallShield
2011-02-05 05:47 . 2011-02-05 05:47   --------   d-----w-   c:\users\Doug\AppData\Roaming\Malwarebytes
2011-02-05 05:47 . 2011-02-05 05:47   --------   d-----w-   c:\progra~2\Malwarebytes
2011-02-05 05:47 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 05:46 . 2011-02-05 05:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-05 05:46 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-05 03:50 . 2011-02-05 03:50   3066   ----a-w-   c:\users\Doug\AppData\Local\ofarihehafil.dll
2011-02-05 01:49 . 2011-02-05 01:49   3066   ----a-w-   c:\users\Doug\AppData\Local\ekogerutewotevig.dll
2011-02-04 23:47 . 2011-02-04 23:47   3066   ----a-w-   c:\users\Doug\AppData\Local\oyoyirogo.dll
2011-02-04 21:45 . 2011-02-04 21:45   3066   ----a-w-   c:\users\Doug\AppData\Local\aqobagogagimo.dll
2011-02-04 19:43 . 2011-02-04 19:43   3066   ----a-w-   c:\users\Doug\AppData\Local\ujicofezip.dll
2011-02-04 17:40 . 2011-02-04 17:41   3066   ----a-w-   c:\users\Doug\AppData\Local\ogitazal.dll
2011-02-04 17:36 . 2011-02-04 17:36   3066   ----a-w-   c:\users\Doug\AppData\Local\unociluv.dll
2011-02-04 15:43 . 2011-02-04 15:43   3066   ----a-w-   c:\users\Doug\AppData\Local\ixabiwey.dll
2011-02-04 03:20 . 2011-02-04 03:20   3066   ----a-w-   c:\users\Doug\AppData\Local\ufacamunumat.dll
2011-02-04 01:18 . 2011-02-04 01:18   3066   ----a-w-   c:\users\Doug\AppData\Local\atopakenupiy.dll
2011-02-03 23:16 . 2011-02-03 23:16   3066   ----a-w-   c:\users\Doug\AppData\Local\iqaxuyoy.dll
2011-02-03 21:14 . 2011-02-03 21:14   3066   ----a-w-   c:\users\Doug\AppData\Local\iqakafomo.dll
2011-02-03 14:03 . 2011-02-03 14:03   3066   ----a-w-   c:\users\Doug\AppData\Local\onocecisuwaq.dll
2011-02-02 02:56 . 2011-02-02 02:56   --------   d-----w-   c:\users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2011-02-02 02:56 . 2011-02-02 02:56   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2011-02-02 02:56 . 2011-02-02 05:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-01 22:47 . 2011-02-01 22:47   3066   ----a-w-   c:\users\Doug\AppData\Local\ivozaxeqeta.dll
2011-02-01 13:05 . 2011-02-01 13:05   3066   ----a-w-   c:\users\Doug\AppData\Local\eyekeyoj.dll
2011-02-01 06:30 . 2011-02-01 06:30   3066   ----a-w-   c:\users\Doug\AppData\Local\etanutulivihanof.dll
2011-01-31 17:57 . 2011-02-05 05:44   0   ----a-w-   c:\users\Doug\AppData\Local\Wpixobubobog.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-02 14:18 . 2011-01-02 14:18   249856   ------w-   c:\windows\Setup1.exe
2011-01-02 14:18 . 2011-01-02 14:18   73216   ----a-w-   c:\windows\ST6UNST.EXE
2010-12-29 19:48 . 2010-12-29 19:48   21840   ----a-w-   c:\windows\system32\SIntfNT.dll
2010-12-29 19:48 . 2010-12-29 19:48   17212   ----a-w-   c:\windows\system32\SIntf32.dll
2010-12-29 19:48 . 2010-12-29 19:48   12067   ----a-w-   c:\windows\system32\SIntf16.dll
2010-12-29 19:26 . 2010-12-29 19:26   94208   ----a-w-   c:\windows\DIIUnin.exe
2010-12-29 19:26 . 2010-12-29 19:26   2829   ----a-w-   c:\windows\DIIUnin.pif
2010-12-24 22:21 . 2010-12-25 03:03   258352   ----a-w-   c:\windows\system32\unicows.dll
2010-11-29 22:38 . 2010-11-29 22:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-23 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2009-05-11 311976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-11-17 476464]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-11-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2006-11-02 22016]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-27 721904]
S1 aswSP;aswSP;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 594600]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5rfnqyog.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-EVE - g:\program files\Uninstall.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe
AddRemove-Graboid Video - c:\program files\Graboid\uninst.exe
AddRemove-Metro 2033_is1 - c:\program files\THQ\Metro 2033\unins000.exe
AddRemove-Warhammer Online - Age of Reckoning - c:\program files\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
AddRemove-{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1 - c:\program files\Paradox Interactive\Majesty 2\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 09:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\RtHDVCpl.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\LogonUI.exe
.
**************************************************************************
.
Completion time: 2011-02-20 09:59:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-20 14:59

Pre-Run: 38,596,104,192 bytes free
Post-Run: 46,434,156,544 bytes free

- - End Of File - - 0DFFC194FF083AAE92FF1A2DE4AEB7DB

Whats our next step

SuperDave · « **Reply #10 on:** February 21, 2011, 01:22:55 PM »

Which AV program did you install from the list I gave you in Reply # 6?

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\users\Doug\AppData\Local\ofarihehafil.dll
c:\users\Doug\AppData\Local\ekogerutewotevig.dll
c:\users\Doug\AppData\Local\oyoyirogo.dll
c:\users\Doug\AppData\Local\aqobagogagimo.dll
c:\users\Doug\AppData\Local\ujicofezip.dll
c:\users\Doug\AppData\Local\ogitazal.dll
c:\users\Doug\AppData\Local\unociluv.dll
c:\users\Doug\AppData\Local\ixabiwey.dll
c:\users\Doug\AppData\Local\ufacamunumat.dll
c:\users\Doug\AppData\Local\atopakenupiy.dll
c:\users\Doug\AppData\Local\iqaxuyoy.dll
c:\users\Doug\AppData\Local\iqakafomo.dll
c:\users\Doug\AppData\Local\onocecisuwaq.dll
c:\users\Doug\AppData\Local\ivozaxeqeta.dll
c:\users\Doug\AppData\Local\eyekeyoj.dll
c:\users\Doug\AppData\Local\etanutulivihanof.dll
c:\users\Doug\AppData\Local\Wpixobubobog.bin

MBR::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Rawrz · « **Reply #11 on:** February 21, 2011, 06:06:05 PM »

Antivirus i chose to install was avast

ComboFix LOG

ComboFix 11-02-20.03 - Doug 02/21/2011 19:31:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.1673 [GMT -5:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\CFScript.txt

FILE ::
"c:\users\Doug\AppData\Local\aqobagogagimo.dll"
"c:\users\Doug\AppData\Local\atopakenupiy.dll"
"c:\users\Doug\AppData\Local\ekogerutewotevig.dll"
"c:\users\Doug\AppData\Local\etanutulivihanof.dll"
"c:\users\Doug\AppData\Local\eyekeyoj.dll"
"c:\users\Doug\AppData\Local\iqakafomo.dll"
"c:\users\Doug\AppData\Local\iqaxuyoy.dll"
"c:\users\Doug\AppData\Local\ivozaxeqeta.dll"
"c:\users\Doug\AppData\Local\ixabiwey.dll"
"c:\users\Doug\AppData\Local\ofarihehafil.dll"
"c:\users\Doug\AppData\Local\ogitazal.dll"
"c:\users\Doug\AppData\Local\onocecisuwaq.dll"
"c:\users\Doug\AppData\Local\oyoyirogo.dll"
"c:\users\Doug\AppData\Local\ufacamunumat.dll"
"c:\users\Doug\AppData\Local\ujicofezip.dll"
"c:\users\Doug\AppData\Local\unociluv.dll"
"c:\users\Doug\AppData\Local\Wpixobubobog.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Doug\AppData\Local\aqobagogagimo.dll
c:\users\Doug\AppData\Local\atopakenupiy.dll
c:\users\Doug\AppData\Local\ekogerutewotevig.dll
c:\users\Doug\AppData\Local\etanutulivihanof.dll
c:\users\Doug\AppData\Local\eyekeyoj.dll
c:\users\Doug\AppData\Local\iqakafomo.dll
c:\users\Doug\AppData\Local\iqaxuyoy.dll
c:\users\Doug\AppData\Local\ivozaxeqeta.dll
c:\users\Doug\AppData\Local\ixabiwey.dll
c:\users\Doug\AppData\Local\ofarihehafil.dll
c:\users\Doug\AppData\Local\ogitazal.dll
c:\users\Doug\AppData\Local\onocecisuwaq.dll
c:\users\Doug\AppData\Local\oyoyirogo.dll
c:\users\Doug\AppData\Local\ufacamunumat.dll
c:\users\Doug\AppData\Local\ujicofezip.dll
c:\users\Doug\AppData\Local\unociluv.dll
c:\users\Doug\AppData\Local\Wpixobubobog.bin

.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-22 00:38 . 2011-02-22 00:42   --------   d-----w-   c:\users\Doug\AppData\Local\temp
2011-02-22 00:38 . 2011-02-22 00:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-02-19 00:58 . 2011-01-13 08:41   294608   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-02-19 00:58 . 2011-01-13 08:40   47440   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-02-19 00:58 . 2011-01-13 08:37   23632   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-02-19 00:58 . 2011-01-13 08:37   51280   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-02-19 00:58 . 2011-01-13 08:37   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-02-19 00:58 . 2011-01-13 08:47   38848   ----a-w-   c:\windows\avastSS.scr
2011-02-19 00:58 . 2011-01-13 08:47   188216   ----a-w-   c:\windows\system32\aswBoot.exe
2011-02-19 00:58 . 2011-02-19 00:58   --------   d-----w-   c:\program files\Alwil Software
2011-02-19 00:58 . 2011-02-19 00:58   --------   d-----w-   c:\progra~2\Alwil Software
2011-02-19 00:53 . 2011-02-19 00:53   --------   d-----w-   c:\progra~2\NOS
2011-02-19 00:53 . 2011-02-19 00:53   --------   d-----w-   c:\program files\NOS
2011-02-19 00:30 . 2011-02-19 00:30   --------   d-----w-   c:\windows\Sun
2011-02-18 21:42 . 2011-02-18 21:41   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-18 21:42 . 2011-02-18 21:41   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-02-18 07:29 . 2011-01-13 09:41   5890896   ----a-w-   c:\progra~2\Microsoft\Windows Defender\Definition Updates\{785A28AD-8A37-4880-AE7E-F87A1BE30B95}\mpengine.dll
2011-02-08 22:56 . 2011-02-08 22:56   --------   d-----w-   c:\program files\Trend Micro
2011-02-08 22:44 . 2011-02-08 22:44   --------   d-----w-   c:\users\Doug\AppData\Roaming\InstallShield
2011-02-05 05:47 . 2011-02-05 05:47   --------   d-----w-   c:\users\Doug\AppData\Roaming\Malwarebytes
2011-02-05 05:47 . 2011-02-05 05:47   --------   d-----w-   c:\progra~2\Malwarebytes
2011-02-05 05:47 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 05:46 . 2011-02-05 05:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-05 05:46 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-02 02:56 . 2011-02-02 02:56   --------   d-----w-   c:\users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2011-02-02 02:56 . 2011-02-02 02:56   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2011-02-02 02:56 . 2011-02-02 05:11   --------   d-----w-   c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-02 14:18 . 2011-01-02 14:18   249856   ------w-   c:\windows\Setup1.exe
2011-01-02 14:18 . 2011-01-02 14:18   73216   ----a-w-   c:\windows\ST6UNST.EXE
2010-12-29 19:48 . 2010-12-29 19:48   21840   ----a-w-   c:\windows\system32\SIntfNT.dll
2010-12-29 19:48 . 2010-12-29 19:48   17212   ----a-w-   c:\windows\system32\SIntf32.dll
2010-12-29 19:48 . 2010-12-29 19:48   12067   ----a-w-   c:\windows\system32\SIntf16.dll
2010-12-29 19:26 . 2010-12-29 19:26   94208   ----a-w-   c:\windows\DIIUnin.exe
2010-12-29 19:26 . 2010-12-29 19:26   2829   ----a-w-   c:\windows\DIIUnin.pif
2010-12-24 22:21 . 2010-12-25 03:03   258352   ----a-w-   c:\windows\system32\unicows.dll
2010-11-29 22:38 . 2010-11-29 22:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-23 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2009-05-11 311976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-11-17 476464]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-11-26 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2006-11-02 22016]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-27 721904]
S1 aswSP;aswSP;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 594600]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\5rfnqyog.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GameBox: gamebox@toolbar - %profile%\extensions\gamebox@toolbar
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 19:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3212)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\WerFault.exe
.
**************************************************************************
.
Completion time: 2011-02-21 19:48:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-22 00:47
ComboFix2.txt 2011-02-20 14:59

Pre-Run: 70,112,194,560 bytes free
Post-Run: 70,055,768,064 bytes free

- - End Of File - - 1C884F99923E9462F2EE4612E2847A5B

SuperDave · « **Reply #12 on:** February 22, 2011, 12:16:32 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Computer Hope Forum

News:

Author Topic: Another Application cannot be executed ******.exe is infected virus. (Read 9348 times)

Rawrz

Another Application cannot be executed ******.exe is infected virus.

harry 48

Re: Another Application cannot be executed ******.exe is infected virus.

SuperDave

Re: Another Application cannot be executed ******.exe is infected virus.

Rawrz

Re: Another Application cannot be executed ******.exe is infected virus.

SuperDave

Re: Another Application cannot be executed ******.exe is infected virus.

Rawrz

Re: Another Application cannot be executed ******.exe is infected virus.

SuperDave

Re: Another Application cannot be executed ******.exe is infected virus.

Rawrz

Re: Another Application cannot be executed ******.exe is infected virus.

SuperDave

Re: Another Application cannot be executed ******.exe is infected virus.

Rawrz

Re: Another Application cannot be executed ******.exe is infected virus.

SuperDave

Re: Another Application cannot be executed ******.exe is infected virus.

Rawrz

Re: Another Application cannot be executed ******.exe is infected virus.

SuperDave

Re: Another Application cannot be executed ******.exe is infected virus.