new computer virus

[Helpme220]

Hello, My fiancee and I just opened a new business, I was setting up or office computer and we already have avirus. the webrowser will not connect to secure sites. I am running microsoft secirity  essential , also I am running zone alarm for firewall. I believe in my rushing to get it up and running I clicked on a java update and got infected.This is a brand new compaq presario CQ57 running windows 7 . It has 2 gb of ram and 250 for the harddrive. I have used you guys before and have always been the greatest help. I started with internet explorer because the web browser software works better with it .When I started experiencing issues i downloaded safari. Both browsers would not connect to secure sites. I ran everthing you guys asked to run here are the logs .Also as soon as it happened I ran a hijackthis , so I have that log also If you would like
Thank you for your help

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/18/2011 at 08:07 AM

Application Version : 5.0.1134

Core Rules Database Version : 7809
Trace Rules Database Version: 5621

Scan type       : Complete Scan
Total Scan Time : 01:50:20

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 652
Memory threats detected   : 0
Registry items scanned    : 69835
Registry threats detected : 0
File items scanned        : 115067
File threats detected     : 0
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.1.7601 Service Pack 1

10/17/2011 6:21:45 PM
mbam-log-2011-10-17 (18-21-45).txt

Scan type: Quick Scan
Objects scanned: 76969
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Yogaborn at 8:56:45 on 2011-10-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1643.704 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{708D7C27-4961-4CAA-A759-9482F82BBE80} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{708D7C27-4961-4CAA-A759-9482F82BBE80}\95F4741424F425E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E99281A5-CFB5-42F8-B773-86188358DBF2} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64:     ZoneAlarm Security Engine Registrar - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64:     IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-7-27 945200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-7-27 463408]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-27 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-1 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-27 1817088]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-2-15 822264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2011-7-27 126904]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2011-10-18 10:02:35   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21916713-46F5-43E4-B890-7EED73234696}\offreg.dll
2011-10-17 22:58:19   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\CrashDumps
2011-10-17 22:57:52   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-10-17 22:57:23   --------   d-----w-   C:\ProgramData\SUPERSetup
2011-10-17 22:48:21   --------   d-----w-   C:\Program Files\CCleaner
2011-10-17 22:24:50   --------   d-----w-   C:\Windows\SysWow64\Wat
2011-10-17 22:24:50   --------   d-----w-   C:\Windows\System32\Wat
2011-10-17 21:34:07   --------   d-----w-   C:\Program Files (x86)\MSXML 4.0
2011-10-17 21:33:52   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-10-17 21:32:43   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\SUPERAntiSpyware.com
2011-10-17 21:32:43   --------   d-----w-   C:\Program Files (x86)\SUPERAntiSpyware
2011-10-17 21:32:19   --------   d-----w-   C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-10-17 21:29:24   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\Malwarebytes
2011-10-17 21:29:01   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-10-17 21:29:00   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-10-17 21:28:59   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-16 20:10:33   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Apple Computer
2011-10-16 20:05:04   9049936   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21916713-46F5-43E4-B890-7EED73234696}\mpengine.dll
2011-10-16 20:02:43   --------   d-----w-   C:\Program Files\Bonjour
2011-10-16 20:02:43   --------   d-----w-   C:\Program Files (x86)\Bonjour
2011-10-16 20:01:36   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Apple
2011-10-16 13:51:31   850944   ----a-w-   C:\Windows\SysWow64\sbe.dll
2011-10-16 13:51:31   642048   ----a-w-   C:\Windows\SysWow64\CPFilters.dll
2011-10-16 13:51:31   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-10-16 13:51:31   199680   ----a-w-   C:\Windows\SysWow64\mpg2splt.ax
2011-10-16 13:51:30   723968   ----a-w-   C:\Windows\System32\EncDec.dll
2011-10-16 13:51:30   1118720   ----a-w-   C:\Windows\System32\sbe.dll
2011-10-16 13:51:29   961024   ----a-w-   C:\Windows\System32\CPFilters.dll
2011-10-16 13:51:29   259072   ----a-w-   C:\Windows\System32\mpg2splt.ax
2011-10-16 13:50:36   566208   ----a-w-   C:\Windows\System32\winresume.efi
2011-10-16 13:50:35   605552   ----a-w-   C:\Windows\System32\winload.exe
2011-10-16 13:50:35   518672   ----a-w-   C:\Windows\System32\winresume.exe
2011-10-16 13:50:35   20352   ----a-w-   C:\Windows\System32\kdusb.dll
2011-10-16 13:50:35   19328   ----a-w-   C:\Windows\System32\kd1394.dll
2011-10-16 13:50:35   17792   ----a-w-   C:\Windows\System32\kdcom.dll
2011-10-16 13:50:34   642944   ----a-w-   C:\Windows\System32\winload.efi
2011-10-16 13:48:08   5561216   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-10-16 13:48:08   3967872   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-16 13:48:08   3912576   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-10-16 13:46:59   1395712   ----a-w-   C:\Windows\System32\mfc42.dll
2011-10-16 13:44:57   870912   ----a-w-   C:\Windows\SysWow64\XpsPrint.dll
2011-10-16 13:44:57   1465344   ----a-w-   C:\Windows\System32\XpsPrint.dll
2011-10-16 13:42:19   1923968   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-10-16 13:42:17   976896   ----a-w-   C:\Windows\System32\inetcomm.dll
2011-10-16 13:42:17   741376   ----a-w-   C:\Windows\SysWow64\inetcomm.dll
2011-10-16 13:35:57   90624   ----a-w-   C:\Windows\System32\drivers\bowser.sys
2011-10-16 13:33:24   288256   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
2011-10-16 13:33:23   476160   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2011-10-16 13:33:09   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2011-10-16 13:33:09   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2011-10-16 13:33:09   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2011-10-16 13:33:09   294912   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2011-10-16 13:31:53   267776   ----a-w-   C:\Windows\System32\FXSCOVER.exe
2011-10-16 13:31:23   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-10-16 13:31:23   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-10-16 13:31:22   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-10-16 13:31:22   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-10-16 13:29:46   3138048   ----a-w-   C:\Windows\System32\win32k.sys
2011-10-16 13:28:52   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-10-16 13:28:51   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
2011-10-16 13:28:51   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-10-16 13:28:50   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-10-16 13:26:22   2871808   ----a-w-   C:\Windows\explorer.exe
2011-10-16 13:26:21   2616320   ----a-w-   C:\Windows\SysWow64\explorer.exe
2011-10-16 13:26:06   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2011-10-16 13:26:06   158208   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2011-10-16 13:26:06   128000   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2011-10-16 13:22:52   404480   ----a-w-   C:\Windows\System32\umpnpmgr.dll
2011-10-16 13:22:51   64512   ----a-w-   C:\Windows\SysWow64\devobj.dll
2011-10-16 13:22:51   44544   ----a-w-   C:\Windows\SysWow64\devrtl.dll
2011-10-16 13:22:51   252928   ----a-w-   C:\Windows\SysWow64\drvinst.exe
2011-10-16 13:22:51   145920   ----a-w-   C:\Windows\SysWow64\cfgmgr32.dll
2011-10-16 13:22:42   31232   ----a-w-   C:\Windows\SysWow64\prevhost.exe
2011-10-16 13:22:42   31232   ----a-w-   C:\Windows\System32\prevhost.exe
2011-10-16 13:22:12   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1206000.01D
2011-10-14 21:21:30   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Diagnostics
2011-10-14 21:13:57   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\CheckPoint
2011-10-14 20:58:47   --------   d-----w-   C:\Program Files\CheckPoint
2011-10-14 20:57:30   1238528   ----a-w-   C:\Windows\SysWow64\zpeng25.dll
2011-10-14 20:57:27   --------   d-----w-   C:\Windows\SysWow64\ZoneLabs
2011-10-14 20:57:19   458840   ----a-w-   C:\Windows\System32\drivers\~GLH0023.TMP
2011-10-14 20:56:34   458840   ------w-   C:\Windows\System32\drivers\vsdatant.sys
2011-10-14 20:56:31   --------   d-----w-   C:\Program Files (x86)\Zone Labs
2011-10-14 20:55:46   --------   d-----w-   C:\ProgramData\CheckPoint
2011-10-14 20:55:43   --------   d-----w-   C:\Windows\Internet Logs
2011-10-14 20:10:24   9049936   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-14 20:09:09   917840   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0618841-57E2-459B-8563-496CBB29D6AE}\gapaengine.dll
2011-10-14 20:05:23   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2011-10-14 20:05:07   --------   d-----w-   C:\Program Files\Microsoft Security Client
2011-10-14 20:03:19   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\AMD
2011-10-14 20:02:43   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\ATI
2011-10-14 20:02:31   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\PictureMover
2011-10-14 20:01:40   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\BMExplorer
2011-10-14 20:01:28   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\Synaptics
2011-10-14 20:00:03   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\hpqlog
2011-10-14 19:59:54   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\RemEngine
2011-10-14 19:53:46   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Hewlett-Packard
2011-10-14 19:53:26   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Hewlett-Packard_Company
2011-10-14 19:51:06   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2011-10-18 12:44:30   525544   ----a-w-   C:\Windows\System32\deployJava1.dll
2011-09-01 05:24:07   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57   1389056   ----a-w-   C:\Windows\System32\wininet.dll
2011-09-01 05:12:04   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-08-31 03:05:32   96104   ----a-w-   C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32   85864   ----a-w-   C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32   61288   ----a-w-   C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32   212840   ----a-w-   C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04   83816   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04   73064   ----a-w-   C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04   50536   ----a-w-   C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04   178536   ----a-w-   C:\Windows\SysWow64\dnssdX.dll
2011-07-27 11:00:01   174640   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-07-27 10:47:14   0   ----a-w-   C:\Windows\ativpsrm.bin
.
============= FINISH:  8:59:04.59 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2011 3:50:04 PM
System Uptime: 10/18/2011 6:02:02 AM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 3577
Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 195.272 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.724 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 10/14/2011 3:52:00 PM - First_User_Boot
RP4: 10/14/2011 4:07:00 PM - Windows Update
RP5: 10/16/2011 4:03:03 PM - Installed Safari
RP6: 10/17/2011 5:17:48 PM - Windows Update
RP7: 10/18/2011 8:42:16 AM - Installed Java(TM) 6 Update 27 (64-bit)
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compaq Setup Manager
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HijackThis 2.0.2
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Solitaire 2
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Safari
SUPERAntiSpyware Free Edition
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 6:13:43 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072ee2     Error description: The operation timed out
10/18/2011 6:08:07 AM, Error: NetBT [4307]  - Initialization failed because the transport refused to open initial addresses.
10/18/2011 6:05:25 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
10/18/2011 6:05:25 AM, Error: Service Control Manager [7000]  - The HP Health Check Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/18/2011 6:04:17 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/18/2011 6:04:17 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
10/18/2011 6:03:17 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/17/2011 6:37:26 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/17/2011 6:33:03 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
10/17/2011 6:28:03 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/17/2011 6:27:52 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL
10/17/2011 6:26:32 PM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 6:26:32 PM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 5:37:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/17/2011 5:33:59 PM, Error: Service Control Manager [7000]  - The SASENUM service failed to start due to the following error:  This driver has been blocked from loading
10/17/2011 5:33:59 PM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 5:32:56 PM, Error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  This driver has been blocked from loading
10/17/2011 5:32:55 PM, Error: Service Control Manager [7000]  - The SASKUTIL service failed to start due to the following error:  This driver has been blocked from loading
10/17/2011 5:24:50 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
10/17/2011 5:23:52 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
10/17/2011 5:17:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
10/17/2011 12:33:59 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
10/16/2011 9:09:18 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1674.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/16/2011 8:59:52 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/16/2011 5:41:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/16/2011 2:57:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/16/2011 10:14:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1674.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072ee2     Error description: The operation timed out
10/14/2011 5:16:38 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/14/2011 5:16:22 PM, Error: Service Control Manager [7022]  - The AMD FUEL Service service hung on starting.
10/14/2011 5:14:58 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/14/2011 5:11:36 PM, Error: Microsoft-Windows-DistributedCOM [10009]  - DCOM was unable to communicate with the computer WIN-JT0CBKGICFJ using any of the configured protocols.
10/14/2011 5:00:20 PM, Error: Service Control Manager [7030]  - The ZoneAlarm Toolbar IswSvc service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
10/14/2011 4:57:45 PM, Error: Service Control Manager [7030]  - The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
  Thank you

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The logs show that you have two AV programs and two Firewalls on your computer. Please make sure that only one of each is activated at any time.

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     Symantec NCO BHO - No File
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64:     ZoneAlarm Security Engine Registrar - No File
BHO-X64:     IESpeakDoc - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************

You may uninstall Java(TM) 6 Update 22. It is no longer needed.

*************************************************
Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post. .

[Helpme220]

Hey dave, thank you for your help. followed your instructions here are the two logs. Just to let you know when I tried to unistall Java 22 it wouldnt unistall and kept asking me if I wanted this program to update . I said no and ran the other log . Hope i did this correctly , look forwrd to hearing from you .
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10182011_214209

MiniToolBox by Farbar
Ran by Yogaborn (administrator) on 18-10-2011 at 21:50:15
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Yogaborn-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 3C-D9-2B-2B-6B-52
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : D0-DF-9A-89-0B-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : D0-DF-9A-88-9C-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8455:925c:c388:85a0%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 18, 2011 9:26:34 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 19, 2011 9:26:33 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248569754
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-C1-A1-8A-D0-DF-9A-88-9C-0B
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{708D7C27-4961-4CAA-A759-9482F82BBE80}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:ca7:9ad:bbf6:3812(Preferred)
   Link-local IPv6 Address . . . . . : fe80::ca7:9ad:bbf6:3812%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.73.104
     74.125.73.105
     74.125.73.106
     74.125.73.147
     74.125.73.99
     74.125.73.103


Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=122ms TTL=50
Reply from 74.125.73.104: bytes=32 time=72ms TTL=50

Ping statistics for 74.125.73.104:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 72ms, Maximum = 122ms, Average = 97ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.137.149.56
     98.139.180.149
     209.191.122.70
     67.195.160.76
     72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=154ms TTL=55
Reply from 72.30.2.43: bytes=32 time=116ms TTL=55

Ping statistics for 72.30.2.43:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 116ms, Maximum = 154ms, Average = 135ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
 15...3c d9 2b 2b 6b 52 ......Realtek PCIe FE Family Controller
 13...d0 df 9a 89 0b 9b ......Bluetooth Device (Personal Area Network)
 11...d0 df 9a 88 9c 0b ......Atheros AR9285 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:4137:9e76:ca7:9ad:bbf6:3812/128
                                    On-link
 11    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::ca7:9ad:bbf6:3812/128
                                    On-link
 11    281 fe80::8455:925c:c388:85a0/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/18/2011 09:50:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:49:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:49:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:47:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:47:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (10/18/2011 09:41:19 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (10/18/2011 09:41:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (10/18/2011 09:37:37 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.113.1787.0

   Update Source: %NT AUTHORITY59

   Update Stage: 3.0.8402.00

   Source Path: 3.0.8402.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2011 09:32:09 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:32:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:32:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:32:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:29:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/18/2011 09:29:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/18/2011 09:26:58 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

   Feature: %%835

   Error Code: 0x80004005

   Error description: Unspecified error

   Reason: %%842


Microsoft Office Sessions:
=========================
Error: (10/18/2011 09:50:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:49:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:49:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:54 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:47:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:47:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1642.9 MB
Available physical RAM: 532.29 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1678.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.12 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:218.76 GB) (Free:194.36 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.83 GB) (Free:1.72 GB) NTFS
4 Drive f: (ROBSHIT) (Removable) (Total:1.89 GB) (Free:1.58 GB) FAT
5 Drive g: (ROBSHIT 2) (Removable) (Total:3.74 GB) (Free:0.07 GB) FAT32

========================= Users: ========================================

User accounts for \\YOGABORN-HP

Administrator            Guest                    Yogaborn                 


**** End of log ****
 Cross my fingers
Rob

[SuperDave]

There doesn't appear to be anything wrong with your internet connection.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Helpme220]

Hello, I ran security check , here is the log. I tried running combofix several times and it would always get stuck on completed scan 48 then do nothing for like half an hour . Hope i'm not doing anything wrong. I disabled all my protection and followed  instructions .
 Results of screen317's Security Check version 0.99.24 
 Windows 7  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Norton Internet Security   
 ZoneAlarm     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 22 
 Out of date Java installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
 Windows Defender MSMpEng.exe
 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
 Microsoft Security Essentials msseces.exe
 Microsoft Security Client Antimalware MsMpEng.exe 
 Microsoft Security Client Antimalware NisSrv.exe 
 Zone Labs ZoneAlarm zlclient.exe 
``````````End of Log````````````
Hope you can help
Thank you for your time
Rob

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Delete your copy of ComboFix from your desktop or just drag it into your Recycling bin.

Download ComboFix by sUBs from one of the below links.  You must rename it before saving it!

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[Helpme220]

I 've tried running combo fix , I get top completed scan 48 and then it stops runs for about half an hour and no text log.  I have disabled my firewall and microsoft essential . Please let me know what I could possibly be doing wrong
Thank you again

[SuperDave]

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

[Helpme220]

Here you go

Blackpudding.bat is not valid Win 32 app

Whatever that means

We will keep trying
Thank you for your help

[SuperDave]

Ok. Please boot in Safe Mode and try running ComboFix from there.

Safe Mode

[Helpme220]

It worked here we go
ComboFix 11-10-24.04 - Yogaborn 10/25/2011  18:40:34.8.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1643.1137 [GMT -4:00]
Running from: c:\users\Yogaborn\Desktop\blackpudding.bat.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-25 to 2011-10-25  )))))))))))))))))))))))))))))))
.
.
2011-10-25 22:49 . 2011-10-25 22:49   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-25 22:32 . 2011-10-25 22:32   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B13DC33-BF30-4599-B1B4-D53C7E3DAF12}\offreg.dll
2011-10-23 22:11 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B13DC33-BF30-4599-B1B4-D53C7E3DAF12}\mpengine.dll
2011-10-17 22:57 . 2011-10-17 22:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-17 22:57 . 2011-10-17 22:57   --------   d-----w-   c:\programdata\SUPERSetup
2011-10-17 22:48 . 2011-10-17 22:48   --------   d-----w-   c:\program files\CCleaner
2011-10-17 22:24 . 2011-10-17 22:24   --------   d-----w-   c:\windows\SysWow64\Wat
2011-10-17 22:24 . 2011-10-17 22:24   --------   d-----w-   c:\windows\system32\Wat
2011-10-17 21:34 . 2011-10-17 21:34   --------   d-----w-   c:\program files (x86)\MSXML 4.0
2011-10-17 21:33 . 2011-10-17 21:33   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-10-17 21:32 . 2011-10-17 21:32   --------   d-----w-   c:\program files (x86)\SUPERAntiSpyware
2011-10-17 21:32 . 2011-10-17 21:32   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-17 21:29 . 2011-10-17 21:29   --------   d-----w-   c:\programdata\Malwarebytes
2011-10-17 21:29 . 2011-08-31 21:00   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-17 21:28 . 2011-10-18 12:19   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-16 20:04 . 2011-10-16 20:04   --------   d-----w-   c:\program files (x86)\Safari
2011-10-16 20:04 . 2011-10-16 20:04   --------   d-----w-   c:\programdata\Apple Computer
2011-10-16 20:02 . 2011-10-16 20:02   --------   d-----w-   c:\program files\Bonjour
2011-10-16 20:02 . 2011-10-16 20:02   --------   d-----w-   c:\program files (x86)\Bonjour
2011-10-16 20:02 . 2011-10-16 20:02   --------   d-----w-   c:\program files (x86)\Common Files\Apple
2011-10-16 20:01 . 2011-10-16 20:01   --------   d-----w-   c:\program files (x86)\Apple Software Update
2011-10-16 20:01 . 2011-10-16 20:01   --------   d-----w-   c:\programdata\Apple
2011-10-16 13:51 . 2010-12-23 05:54   850944   ----a-w-   c:\windows\SysWow64\sbe.dll
2011-10-16 13:51 . 2010-12-23 05:54   642048   ----a-w-   c:\windows\SysWow64\CPFilters.dll
2011-10-16 13:51 . 2010-12-23 05:54   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-10-16 13:51 . 2010-12-23 05:50   199680   ----a-w-   c:\windows\SysWow64\mpg2splt.ax
2011-10-16 13:51 . 2010-12-23 10:42   1118720   ----a-w-   c:\windows\system32\sbe.dll
2011-10-16 13:51 . 2010-12-23 10:42   723968   ----a-w-   c:\windows\system32\EncDec.dll
2011-10-16 13:51 . 2010-12-23 10:42   961024   ----a-w-   c:\windows\system32\CPFilters.dll
2011-10-16 13:51 . 2010-12-23 10:36   259072   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-10-16 13:50 . 2011-02-05 17:06   566208   ----a-w-   c:\windows\system32\winresume.efi
2011-10-16 13:50 . 2011-02-05 17:10   20352   ----a-w-   c:\windows\system32\kdusb.dll
2011-10-16 13:50 . 2011-02-05 17:10   19328   ----a-w-   c:\windows\system32\kd1394.dll
2011-10-16 13:50 . 2011-02-05 17:10   17792   ----a-w-   c:\windows\system32\kdcom.dll
2011-10-16 13:50 . 2011-02-05 17:06   605552   ----a-w-   c:\windows\system32\winload.exe
2011-10-16 13:50 . 2011-02-05 17:06   518672   ----a-w-   c:\windows\system32\winresume.exe
2011-10-16 13:50 . 2011-02-05 17:10   642944   ----a-w-   c:\windows\system32\winload.efi
2011-10-16 13:48 . 2011-06-23 05:43   5561216   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-16 13:48 . 2011-06-23 04:33   3967872   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-10-16 13:48 . 2011-06-23 04:33   3912576   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-10-16 13:46 . 2011-03-11 06:34   1359872   ----a-w-   c:\windows\system32\mfc42u.dll
2011-10-16 13:44 . 2011-03-12 12:08   1465344   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-10-16 13:44 . 2011-03-12 11:23   870912   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-10-16 13:42 . 2011-06-21 06:34   1923968   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-10-16 13:42 . 2011-05-03 05:29   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-10-16 13:42 . 2011-05-03 04:30   741376   ----a-w-   c:\windows\SysWow64\inetcomm.dll
2011-10-16 13:35 . 2011-02-23 04:55   90624   ----a-w-   c:\windows\system32\drivers\bowser.sys
2011-10-16 13:33 . 2011-02-24 05:38   288256   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-10-16 13:33 . 2011-02-24 06:15   476160   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-10-16 13:33 . 2011-02-19 12:03   46080   ----a-w-   c:\windows\system32\atmlib.dll
2011-10-16 13:33 . 2011-02-19 09:00   367616   ----a-w-   c:\windows\system32\atmfd.dll
2011-10-16 13:33 . 2011-02-19 06:30   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-10-16 13:33 . 2011-02-19 04:34   294912   ----a-w-   c:\windows\SysWow64\atmfd.dll
2011-10-16 13:31 . 2011-02-12 11:34   267776   ----a-w-   c:\windows\system32\FXSCOVER.exe
2011-10-16 13:31 . 2011-08-27 05:37   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-10-16 13:31 . 2011-08-27 04:26   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-10-16 13:31 . 2011-08-27 05:37   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-10-16 13:31 . 2011-08-27 04:26   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-10-16 13:29 . 2011-09-06 03:03   3138048   ----a-w-   c:\windows\system32\win32k.sys
2011-10-16 13:28 . 2011-08-17 05:26   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-10-16 13:28 . 2011-08-17 04:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-10-16 13:28 . 2011-08-17 04:19   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2011-10-16 13:28 . 2011-08-17 05:25   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-10-16 13:26 . 2011-02-25 06:19   2871808   ----a-w-   c:\windows\explorer.exe
2011-10-16 13:26 . 2011-02-25 05:30   2616320   ----a-w-   c:\windows\SysWow64\explorer.exe
2011-10-16 13:26 . 2011-07-09 02:46   288768   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-10-16 13:26 . 2011-04-27 02:40   158208   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-10-16 13:26 . 2011-04-27 02:39   128000   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-10-16 13:23 . 2011-04-22 22:15   27520   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-10-16 13:23 . 2011-03-03 06:24   183296   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-10-14 20:58 . 2011-10-14 20:58   --------   d-----w-   c:\program files\CheckPoint
2011-10-14 20:57 . 2011-03-18 05:24   69120   ----a-w-   c:\windows\SysWow64\zlcomm.dll
2011-10-14 20:57 . 2011-03-18 05:24   104448   ----a-w-   c:\windows\SysWow64\zlcommdb.dll
2011-10-14 20:57 . 2011-03-18 05:24   1238528   ----a-w-   c:\windows\SysWow64\zpeng25.dll
2011-10-14 20:57 . 2011-10-14 21:00   --------   d-----w-   c:\windows\SysWow64\ZoneLabs
2011-10-14 20:57 . 2010-05-15 20:30   458840   ----a-w-   c:\windows\system32\drivers\~GLH0023.TMP
2011-10-14 20:56 . 2010-05-15 20:30   458840   ------w-   c:\windows\system32\drivers\vsdatant.sys
2011-10-14 20:56 . 2011-10-14 20:56   --------   d-----w-   c:\program files (x86)\Zone Labs
2011-10-14 20:55 . 2011-10-14 20:55   --------   d-----w-   c:\programdata\CheckPoint
2011-10-14 20:55 . 2011-10-25 22:23   --------   d-----w-   c:\windows\Internet Logs
2011-10-14 20:10 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-14 20:09 . 2011-10-14 20:08   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0618841-57E2-459B-8563-496CBB29D6AE}\gapaengine.dll
2011-10-14 20:05 . 2011-10-14 20:05   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-10-14 20:05 . 2011-10-14 20:05   --------   d-----w-   c:\program files\Microsoft Security Client
2011-10-14 19:53 . 2011-10-14 19:53   --------   d-----w-   c:\users\Public\Symantec
2011-10-14 19:50 . 2011-10-14 20:00   --------   d-----w-   c:\users\Yogaborn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 22:30 . 2011-04-11 18:48   525544   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-14 19:51 . 2010-06-24 18:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-31 03:05 . 2011-08-31 03:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   61288   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   50536   ----a-w-   c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21   548352   ----a-w-   c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-25  18:54:05
ComboFix-quarantined-files.txt  2011-10-25 22:54
.
Pre-Run: 206,573,289,472 bytes free
Post-Run: 206,196,031,488 bytes free
.
- - End Of File - - F081C4A61ACC4341890E8249D3540735



Hope this work
Thank you
again

[SuperDave]

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

********************************************
AVENGER

• Download The Avenger by Swandog46 from here.
  
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Click the Execute button.
  
• You will be asked No script has been entered.  Do you want to execute a rootkit scan only?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot.  Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  
• Please post this log in your next reply.

[Helpme220]

Thank you dave, I wil run all this tonight and hopefully get the logs posted. One question, should I stay in safe mode while running these programs?
Let me know
Thank you again

[SuperDave]

One question, should I stay in safe mode while running these programs?
Let me know

Please try to run them in Normal Mode.

[Helpme220]

Heres the rooter log
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\  [Fixed-NTFS] .. ( Total:218 Go - Free:192 Go )
D:\  [Fixed-NTFS] .. ( Total:13 Go - Free:1 Go )
E:\  [CD_Rom]
.
Scan : 17:03.44
Path : C:\Users\Yogaborn\Desktop\Rooter.exe
User : Yogaborn ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked ? (288)
Locked ? (452)
Locked ? (544)
Locked ? (552)
Locked ? (608)
Locked ? (628)
Locked ? (656)
Locked ? (664)
Locked ? (776)
Locked ? (852)
Locked ? (900)
Locked ? (992)
Locked ? (304)
Locked ? (424)
Locked ? (380)
Locked ? (1120)
Locked ? (1212)
Locked ? (1336)
Locked ? (1420)
Locked ? (1528)
Locked ? (1536)
Locked ? (1856)
Locked ? (1956)
Locked ? (2008)
Locked ? (1380)
Locked ? (1348)
Locked ? (1232)
Locked ? (1688)
Locked ? (1684)
Locked ? (1776)
Locked ? (1708)
Locked ? (1692)
Locked ? (1912)
Locked ? (1188)
Locked ? (1752)
Locked ? (2108)
Locked ? (2164)
Locked ? (2200)
Locked ? (2292)
Locked ? (2336)
Locked ? (2360)
Locked ? (2384)
Locked ? (3004)
Locked ? (3012)
Locked ? (2260)
Locked ? (2708)
Locked ? (3200)
Locked ? (1720)
Locked ? (3456)
Locked ? (3312)
Locked ? (3624)
Locked ? (1832)
Locked ? (3668)
______ }??? (2720)
Locked ? (860)
______ }??? (3904)
______ }??? (2540)
______ }??? (1364)
______ }??? (1924)
______ }??? (3544)
______ }??? (2704)
______ }??? (4088)
Locked ? (3260)
______ C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (4248)
______ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (4512)
______ C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (4604)
______ }??? (4612)
Locked ? (5084)
______ }??? (4448)
______ }??? (5116)
______ }??? (4944)
______ C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (5012)
Locked ? (4664)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (5264)
Locked ? (5784)
______ }??? (6068)
______ }??? (5336)
______ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (6108)
______ C:\Users\Yogaborn\Desktop\Rooter.exe (4016)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:234893606912)
\Device\Harddisk0\Partition3 (Start_Offset:235103322112 | Length:14846787584)
\Device\Harddisk0\Partition4 (Start_Offset:249950109696 | Length:108191744)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:03.52
.
C:\Rooter$\Rooter_1.txt - (27/10/2011 | 17:03.52)

 I ran the avenger , normal and in safe mode , wouldn't save the log
Let me know what I need to do to finish this
Thank you again for your help

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Helpme220]

I'm ready to throw this thing in a river . Tried running Eset i get an unexpected error 3!!!  i still have all my firewall and microsoft essential turned off. Sorry this took so long storm dropped us for days just got back online

What next am I doing something wrong thank you again for help.

[Helpme220]

I forgot to tell you at first the application said , esetsmartinstaller _enu.exe  is not a valid Win32 application

[SuperDave]

I forgot to tell you at first the application said , esetsmartinstaller _enu.exe  is not a valid Win32 application.

ESET is supposed to run on a 64 bit machine which, according to the logs, you have.
Please try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

[Helpme220]

Ok , so I cannot get the link to work . I tried with safari and it was a no go just kept giving me the spinning icon. then I tried link form internet explorer nothing. then I went to www.bitdefender .com directly and tried a quick scan. It gave me this


Your browser has javascript disabled or another plugin/ software is blocking Javascript code. Please enable javascript in your browser or add bit defender.com to the exceptions list ?

Would this have something to do with my problem?

I'm sorry if i'm not doing everything correctly this is so frustrating

What should I do now ?

[SuperDave]

Please enable javascript in your browser or add bit defender.com to the exceptions list ?

Would this have something to do with my problem?

That could be the problem.

[Helpme220]

Okay i turn on java scripting and put bitdefender on my trusted sites. its a no go i can google bitdefender but then when i try to get the free online scanner i cant  connect . It even said that my javascript was disable which it wasnt. I was wondering if a safe mode reboot to last know configuration would help . So I could at least try to run one of these programs . Also when I do get a website now and again, the pictures look weird like trasparent and some time just code looks like it comes up . also it opens two pages at the same time . this computer is screwed .

please help.

[SuperDave]

Ok. Let's see you can run this one.

Download Dr.Web CureIt to the desktop:
Dr WebCureIt

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  
  • Once the short scan has finished, chose the Complete Scan.
    
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow
  
  at the right, and the scan will start.
  
  • Click 'Yes to all' if it asks if you want to cure/move the file.
    
  • When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  

[Helpme220]

ok, so  itried your link to dr. web cure it , said could not find ftp. server . that was on infected computer. i tried link on my personal computer it sent me to umbdrive and some rumba site . Anyways I went on dr web cureit site download the online scanner on the noninfected computer put it on a thumbdrive
and downloaded it to my infected computer desktop. I ran express scan found nothing then I ran complete scan took all night I got this                RTHDCPL.exe  C;swsetup/drivers/audio probably backdoor trojan , I tried to select and cure would not give me that option so i moved it . I guess i should of deleted it but who knows . I am attaching the report . I know Its not exactly what you said to do but its something .

please let this help


RTHDCPL.exe;C:\SWSetup\Drivers\Audio\WDM;Probably BACKDOOR.Trojan;Moved.;

[SuperDave]

Please see if you can run ESET or BitDefender again.

[Helpme220]

I tried running both , eset still says it is a 32 bit application, and bit defender just spins and spins. also when i do get to to download most of the programs you give me to try they  have a shied in front of the icon. combofix, eset, security check . and dr web cure , but rooter and javara don't does that have something to do with it . The shield is yellow and blue.

help

[SuperDave]

but rooter and javara don't does that have something to do with it . The shield is yellow and blue.

Can you give me a screenshot of that?
How to post screenshots or images

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[Helpme220]

Here is my link to image shack of desktop

http://img214.imageshack.us/img214/9867/desktopaw.jpg


I tried running , ansMBR.exe said it wasn't a 32 bit win application

There was no shield on this one though

lets keep it going . I'm not lettting these bastards win

[SuperDave]

I can't really see what you're talking about in the screenshot.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[Helpme220]

okay so i downloaded the mbr , wouldn't run everything said mbr.exe is not valid Win 32 application. So then I went on my other computer and downloaded it to my thumbdrive . I then put it in the infected computer , when I dragged the Mbr to the desktop one of those yellow and blue shields I told you about pops up over the desktop icon . And also said , mbr.exe is not a valid Win 32 application. so then i ran the mbr right from the thumbdrive and it ran
here is the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows 7 Home Premium Edition
Windows Information:      Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:   Hewlett-Packard
BIOS Manufacturer:      Hewlett-Packard
System Manufacturer:      Hewlett-Packard
System Product Name:      Presario CQ57 Notebook PC
Logical Drives Mask:      0x0000003c

Kernel Drivers (total 218):
  0x02C5C000 \SystemRoot\system32\ntoskrnl.exe
  0x02C13000 \SystemRoot\system32\hal.dll
  0x00BBC000 \SystemRoot\system32\kdcom.dll
  0x00C84000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C91000 \SystemRoot\system32\PSHED.dll
  0x00CA5000 \SystemRoot\system32\CLFS.SYS
  0x00D03000 \SystemRoot\system32\CI.dll
  0x00EF2000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F96000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00FA5000 \SystemRoot\system32\drivers\ACPI.sys
  0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E13000 \SystemRoot\system32\drivers\pci.sys
  0x00E46000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E68000 \SystemRoot\system32\drivers\compbatt.sys
  0x00E71000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00E7D000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00DC3000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00DDD000 \SystemRoot\system32\drivers\atapi.sys
  0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
  0x00C2A000 \SystemRoot\system32\drivers\msahci.sys
  0x00C35000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00C45000 \SystemRoot\system32\DRIVERS\amd_sata.sys
  0x010BE000 \SystemRoot\system32\DRIVERS\storport.sys
  0x01121000 \SystemRoot\system32\DRIVERS\amd_xata.sys
  0x0112E000 \SystemRoot\system32\drivers\amdxata.sys
  0x01139000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01185000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMDS64.SYS
  0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01285000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS
  0x01414000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01353000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015B7000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01200000 \SystemRoot\System32\Drivers\cng.sys
  0x015D2000 \SystemRoot\System32\drivers\pcw.sys
  0x015E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016CA000 \SystemRoot\system32\drivers\ndis.sys
  0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x018C5000 \SystemRoot\System32\drivers\tcpip.sys
  0x01AC9000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01B13000 \SystemRoot\system32\drivers\volsnap.sys
  0x01B5F000 \SystemRoot\System32\Drivers\spldr.sys
  0x01B67000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01BA1000 \SystemRoot\System32\Drivers\mup.sys
  0x01BB3000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01BBC000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01800000 \SystemRoot\system32\drivers\disk.sys
  0x01816000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01888000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x0168B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x018B2000 \SystemRoot\System32\Drivers\Null.SYS
  0x018BB000 \SystemRoot\System32\Drivers\Beep.SYS
  0x016BC000 \SystemRoot\System32\drivers\vga.sys
  0x017BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x017E2000 \SystemRoot\System32\drivers\watchdog.sys
  0x01BF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x017F2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01272000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x013B1000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x013D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01014000 \SystemRoot\system32\drivers\afd.sys
  0x02E31000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02E76000 \SystemRoot\system32\DRIVERS\vsdatant.sys
  0x02F0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02F14000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02F3A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x02F50000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02F5F000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02F7A000 \SystemRoot\system32\drivers\termdd.sys
  0x02F8E000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMNETS.SYS
  0x03CBF000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
  0x03CF5000 \SystemRoot\system32\drivers\NISx64\1201000.025\Ironx64.SYS
  0x03D21000 \SystemRoot\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS
  0x03D37000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x03D41000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x03D4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03D9C000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03DA8000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03C00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
  0x03C76000 \SystemRoot\System32\drivers\discache.sys
  0x03C85000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03CA3000 \SystemRoot\system32\drivers\blbdrive.sys
  0x04058000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
  0x04143000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04169000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x0417E000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x04ADF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x03EB3000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03FA7000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03FED000 \SystemRoot\system32\drivers\usbohci.sys
  0x03E00000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x03E56000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x03E64000 \SystemRoot\system32\drivers\usbehci.sys
  0x03E75000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x05316000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x03E99000 \SystemRoot\system32\drivers\CmBatt.sys
  0x0534C000 \SystemRoot\system32\drivers\i8042prt.sys
  0x03E9E000 \SystemRoot\system32\drivers\kbdclass.sys
  0x04408000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x04564000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04566000 \SystemRoot\system32\drivers\mouclass.sys
  0x04575000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
  0x0536A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x058B0000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x05B52000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x05B5F000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x05B68000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x05B78000 \SystemRoot\system32\DRIVERS\clwvd.sys
  0x05B7E000 \SystemRoot\system32\DRIVERS\ks.sys
  0x05BC1000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05BC7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x05800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x05824000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x05830000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0585F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0587A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x05BDD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x05BF7000 \SystemRoot\system32\drivers\swenum.sys
  0x0589B000 \SystemRoot\system32\DRIVERS\btath_bus.sys
  0x045CB000 \SystemRoot\system32\DRIVERS\amdiox64.sys
  0x045DF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04A00000 \SystemRoot\system32\drivers\usbhub.sys
  0x04A5A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05CB7000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x05F4B000 \SystemRoot\system32\drivers\portcls.sys
  0x05F88000 \SystemRoot\system32\drivers\drmk.sys
  0x05FAA000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x05FB8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x05FC2000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
  0x05FD9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00070000 \SystemRoot\System32\win32k.sys
  0x05FEC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05C00000 \SystemRoot\system32\DRIVERS\btfilter.sys
  0x05C48000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x026FF000 \SystemRoot\System32\Drivers\bthport.sys
  0x0278B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x027A8000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x02600000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x0262C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x0263C000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x0265C000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
  0x02681000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x0269A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04A6F000 \SystemRoot\system32\drivers\btath_a2dp.sys
  0x02A8B000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
  0x02AEE000 \SystemRoot\system32\DRIVERS\btath_flt.sys
  0x02AFD000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
  0x004A0000 \SystemRoot\System32\TSDDD.dll
  0x00650000 \SystemRoot\System32\cdd.dll
  0x00830000 \SystemRoot\System32\ATMFD.DLL
  0x02B1E000 \SystemRoot\system32\drivers\luafv.sys
  0x02B41000 \SystemRoot\system32\drivers\WudfPf.sys
  0x02B62000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x02B77000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x02BCA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x02BDD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x02A00000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
  0x056F0000 \SystemRoot\system32\drivers\HTTP.sys
  0x057B9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x057D7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0562D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0567B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x06C30000 \SystemRoot\system32\drivers\peauth.sys
  0x06CD6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06CE1000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06D12000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06D24000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07040000 \SystemRoot\System32\DRIVERS\srv.sys
  0x070D8000 \??\C:\Windows\system32\drivers\mbam.sys
  0x07187000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x07195000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x071B0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x77BC0000 \Windows\System32\ntdll.dll
  0x48100000 \Windows\System32\smss.exe
  0xFFEE0000 \Windows\System32\apisetschema.dll
  0xFF710000 \Windows\System32\autochk.exe
  0xFFE50000 \Windows\System32\shlwapi.dll
  0xFFC70000 \Windows\System32\setupapi.dll
  0x77A60000 \Windows\System32\wininet.dll
  0x77940000 \Windows\System32\kernel32.dll
  0xFFBF0000 \Windows\System32\difxapi.dll
  0xFFB50000 \Windows\System32\msvcrt.dll
  0xFFB30000 \Windows\System32\sechost.dll
  0xFFA50000 \Windows\System32\advapi32.dll
  0x77D90000 \Windows\System32\normaliz.dll
  0xFF840000 \Windows\System32\ole32.dll
  0x77D80000 \Windows\System32\psapi.dll
  0xFEAB0000 \Windows\System32\shell32.dll
  0x777F0000 \Windows\System32\urlmon.dll
  0xFEA40000 \Windows\System32\gdi32.dll
  0xFE970000 \Windows\System32\usp10.dll
  0xFE940000 \Windows\System32\imm32.dll
  0x775E0000 \Windows\System32\iertutil.dll
  0x774E0000 \Windows\System32\user32.dll
  0xFE810000 \Windows\System32\rpcrt4.dll
  0xFE770000 \Windows\System32\clbcatq.dll
  0xFE760000 \Windows\System32\lpk.dll
  0xFE700000 \Windows\System32\Wldap32.dll
  0xFE6B0000 \Windows\System32\ws2_32.dll
  0xFE5D0000 \Windows\System32\oleaut32.dll
  0xFE530000 \Windows\System32\comdlg32.dll
  0xFE420000 \Windows\System32\msctf.dll
  0xFE410000 \Windows\System32\nsi.dll
  0xFE3F0000 \Windows\System32\imagehlp.dll
  0xFE380000 \Windows\System32\KernelBase.dll
  0xFE340000 \Windows\System32\cfgmgr32.dll
  0xFE1D0000 \Windows\System32\crypt32.dll
  0xFE130000 \Windows\System32\comctl32.dll
  0xFE110000 \Windows\System32\devobj.dll
  0xFE0D0000 \Windows\System32\wintrust.dll
  0xFE0C0000 \Windows\System32\msasn1.dll
  0x77D70000 \Windows\SysWOW64\normaliz.dll

Processes (total 91):
       0 System Idle Process
       4 System
     288 C:\Windows\System32\smss.exe
     436 csrss.exe
     532 C:\Windows\System32\wininit.exe
     552 csrss.exe
     596 C:\Windows\System32\services.exe
     612 C:\Windows\System32\lsass.exe
     620 C:\Windows\System32\lsm.exe
     648 C:\Windows\System32\winlogon.exe
     776 C:\Windows\System32\svchost.exe
     852 C:\Windows\System32\svchost.exe
     916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
     996 C:\Windows\System32\atiesrxx.exe
     304 C:\Windows\System32\svchost.exe
     444 C:\Windows\System32\svchost.exe
     544 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\atieclxx.exe
    1320 C:\Windows\System32\svchost.exe
    1400 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1564 C:\Windows\System32\wlanext.exe
    1576 C:\Windows\System32\conhost.exe
    1844 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    1928 C:\Windows\System32\spoolsv.exe
    1984 C:\Windows\System32\svchost.exe
    1232 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1440 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    1540 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    1608 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    1288 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    1708 C:\Program Files\Bonjour\mDNSResponder.exe
    1676 C:\Windows\System32\svchost.exe
    1792 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    1896 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    1108 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    1560 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    2088 C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    2144 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    2180 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2320 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2348 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    2448 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2176 C:\Windows\System32\svchost.exe
    2888 C:\Windows\System32\taskhost.exe
    2912 C:\Windows\System32\svchost.exe
    3148 C:\Windows\System32\dwm.exe
    3172 C:\Windows\explorer.exe
    3236 C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    3372 WmiPrvSE.exe
    3748 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    3636 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    3624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3668 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    3724 C:\Program Files\Microsoft Security Client\msseces.exe
    3888 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    1296 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    4172 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    4192 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    4352 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4444 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4612 C:\Windows\System32\SearchIndexer.exe
    5052 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5064 C:\Windows\System32\taskeng.exe
    5116 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
     352 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    4344 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    2680 C:\Windows\System32\svchost.exe
    2696 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
     440 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    3040 WmiPrvSE.exe
    4928 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    4876 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    5200 C:\Windows\System32\svchost.exe
    5856 dllhost.exe
    4416 C:\Windows\ehome\ehmsas.exe
    5888 C:\Windows\System32\mspaint.exe
    4244 C:\Program Files (x86)\Safari\Safari.exe
    2992 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
     156 C:\Windows\System32\wuauclt.exe
    6052 C:\Windows\System32\audiodg.exe
    6440 C:\Windows\servicing\TrustedInstaller.exe
    5908 WUDFHost.exe
    7000 C:\Windows\System32\SearchFilterHost.exe
    5136 C:\Windows\System32\wbem\WMIADAP.exe
    6428 C:\Windows\System32\SearchProtocolHost.exe
    2256 dllhost.exe
    1204 dllhost.exe
    6660 F:\MBRCheck.exe
    6980 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`bd400000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OCA1G

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9

Done!


Hope this helps .
Thank you again for this saga of trying to get this computer to run

[SuperDave]

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

exit

Restart computer.

Post new aswMBR log.

[Helpme220]

okay so i tried downloading asw mbr again , wouldn t open up on desktop " not a win32 application". So i put the aswmbr on a stick and ran it from there . everytime i try to download anything to my desktop when I try to run it it says " not a win 32 application" here is the log


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 20:17:09
-----------------------------
20:17:09.799    OS Version: Windows x64 6.1.7601 Service Pack 1
20:17:09.799    Number of processors: 2 586 0x100
20:17:09.814    ComputerName: YOGABORN-HP  UserName: Yogaborn
20:17:13.933    Initialize success
20:17:36.742    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
20:17:36.758    Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 11
20:17:38.802    Disk 0 MBR read successfully
20:17:38.802    Disk 0 MBR scan
20:17:38.817    Disk 0 Windows 7 default MBR code
20:17:38.817    Service scanning
20:17:41.422    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:17:42.000    Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
20:17:42.670    Modules scanning
20:17:42.670    Disk 0 trace - called modules:
20:17:42.702    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:17:42.717    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002427410]
20:17:42.733    3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> [0xfffffa800230eac0]
20:17:42.748    5 amd_xata.sys[fffff88001111900] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8001dfa250]
20:17:43.294    Scan finished successfully
20:18:54.087    Disk 0 MBR has been saved successfully to "C:\Users\Yogaborn\Desktop\MBR.dat"
20:18:54.118    The log file has been saved successfully to "C:\Users\Yogaborn\Desktop\aswMBR.txt"

hope this helps

[Helpme220]

forgot to say , i did reboot into system recovery options
choose command propmpt

got x:\ windows \systems32

 not x:\sources>..
 still ran bootrec/fixmbr

said operation completed successfully

aswmbe still would nor run from desk top

thank you

[SuperDave]

Try a repair install. XPrepairinstall

[Helpme220]

I'm a little confused , I have windows seven on this computer , why do an xp repair?

[SuperDave]

I'm a little confused , I have windows seven on this computer , why do an xp repair?

Sorry. Incorrect link. Please try this link.

[Helpme220]

What if i do not have a windows seven installation dvd ? I don't believe I was given one , the computer was just loaded with windows seven when i bought it .

[SuperDave]

You can create an OS DVD by downloading Windows 7 from this site. You will need an ISO Burner to create the DVD.
CDBurnerXP works on all operating systems from Microsoft Windows 2000 SP4 onwards.