Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Application cannot be executed. The file *** is infected.  (Read 94376 times)

0 Members and 1 Guest are viewing this topic.

arunpedha

    Topic Starter


    Rookie

    Application cannot be executed. The file *** is infected.
    « on: November 16, 2009, 09:44:38 AM »
    Hi,

    I got a serious issue with my system. Somehow some trogan/rogue has affected my system. It keeps flashing me virus alert and whenever i try to run any program it says "Application cannot be executed. The file  **** is infected......." (not even a command prompt or notepad can be opened but with multiple try sometime i get the command prompt but it is ridiculous).

    Infact i already had MBAM. Before looking into this forum i tried running MBAM - Malware byte both on Safe mode and normal mode, but i did not find anything.

    Then I google'd and searched this forums and tried the instructions from the below link but no luck. The Superantispyware is not getting installed at all. I get the installer screen and quickly it vanishes before i can access anything. i tried renaming it with .SCR instead of .exe but still same issue.  I even tried in safe mode, but the installation was stalled saying i can install in safe mode or something similar to this effect. PLEASE ADVISE and ASSIST.

    http://www.computerhope.com/forum/index.php?PHPSESSID=3ffee808e87822e364bca900fba99709&/topic,46313.0.html



    alan2273



      Beginner
    • Thanked: 10
      • Experience: Familiar
      • OS: Linux variant
      Re: Application cannot be executed. The file *** is infected.
      « Reply #1 on: November 16, 2009, 11:08:11 AM »

      arunpedha

        Topic Starter


        Rookie

        Re: Application cannot be executed. The file *** is infected.
        « Reply #2 on: November 16, 2009, 04:27:37 PM »
        Thanks What is the tool/utility/freeware. do you have any pers. experience with this. How safe is this to use. Thanks again

        iamtonsoffun247



          Apprentice

          Thanked: 7
          Re: Application cannot be executed. The file *** is infected.
          « Reply #3 on: November 16, 2009, 04:29:49 PM »
          Try renaming the .exe file name to something else, this has helped me.  Not the extension, but the actual name of it.  Like if its mbam.exe, make it mbam2.exe.

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 996
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Application cannot be executed. The file *** is infected.
          « Reply #4 on: November 16, 2009, 04:45:45 PM »
          Hello arunpedha and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

          1.I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
          2.The fixes are specific to your problem and should only be used for this issue on this machine.
          3.If you don't know or understand something, please don't hesitate to ask.
          4.Please DO NOT run any other tools or scans whilst I am helping you.
          5.It is important that you reply to this thread. Do not start a new topic.
          6.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
          7.Absence of symptoms does not mean that everything is clear.

          Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
          Save Rkill to your desktop.

          There are 4 different versions. If one of them won't run then download and try to run the other one.
           
          Vista and Win7 users need to right click Rkill and choose Run as Administrator
           

          You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

          Rkill.exe
          Rkill.com
          Rkill.scr
          Rkill.pif

          Once you've gotten one of them to run then try to immediately run the following.
           
          Now download and Run exeHelper.

          Please download exeHelper from Raktor to your desktop.
          • Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

            Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          arunpedha

            Topic Starter


            Rookie

            Re: Application cannot be executed. The file *** is infected.
            « Reply #5 on: November 16, 2009, 05:43:11 PM »
            Thanks SD. I will try and follow the below instructions and keep you posted. Appreciate your help. Many Thanks again.

            Hello arunpedha and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

            1.I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
            2.The fixes are specific to your problem and should only be used for this issue on this machine.
            3.If you don't know or understand something, please don't hesitate to ask.
            4.Please DO NOT run any other tools or scans whilst I am helping you.
            5.It is important that you reply to this thread. Do not start a new topic.
            6.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
            7.Absence of symptoms does not mean that everything is clear.

            Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
            Save Rkill to your desktop.

            There are 4 different versions. If one of them won't run then download and try to run the other one.
             
            Vista and Win7 users need to right click Rkill and choose Run as Administrator
             

            You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

            Rkill.exe
            Rkill.com
            Rkill.scr
            Rkill.pif

            Once you've gotten one of them to run then try to immediately run the following.
             
            Now download and Run exeHelper.

            Please download exeHelper from Raktor to your desktop.
            • Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

              Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


            arunpedha

              Topic Starter


              Rookie

              Re: Application cannot be executed. The file *** is infected.
              « Reply #6 on: November 16, 2009, 06:52:35 PM »
              Thanks. I ran rkill.exe and exehelper as suggested.  Please find the log. Please advise next course of action.

              **********************************************************************************
              exeHelper by Raktor
              Build 20091021
              Run at 20:46:47 on 11/16/09
              Now searching...
              Checking for numerical processes...
              Checking for bad processes...
              Checking for bad files...
              Checking for bad registry entries...
              Resetting filetype association for .exe
              Resetting filetype association for .com
              Resetting userinit and shell values...
              Resetting policies...
              --Finished--
              **************************************************************************

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 996
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Application cannot be executed. The file *** is infected.
              « Reply #7 on: November 16, 2009, 07:32:51 PM »
              Quote
              Thanks SD. I will try and follow the below instructions and keep you posted. Appreciate your help. Many Thanks again
              Don't thank me until I'm able to get your computer working well.

              SUPERAntiSpyware

              If you already have SUPERAntiSpyware be sure to check for updates before scanning!


              Download SuperAntispyware Free Edition (SAS)
              * Double-click the icon on your desktop to run the installer.
              * When asked to Update the program definitions, click Yes
              * If you encounter any problems while downloading the updates, manually download and unzip them from here
              * Next click the Preferences button.

              •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
              * Click the Scanning Control tab.
              * Under Scanner Options make sure only the following are checked:

              •Close browsers before scanning
              •Scan for tracking cookies
              •Terminate memory threats before quarantining
              Please leave the others unchecked

              •Click the Close button to leave the control center screen.

              * On the main screen click Scan your computer
              * On the left check the box for the drive you are scanning.
              * On the right choose Perform Complete Scan
              * Click Next to start the scan. Please be patient while it scans your computer.
              * After the scan is complete a summary box will appear. Click OK
              * Make sure everything in the white box has a check next to it, then click Next
              * It will quarantine what it found and if it asks if you want to reboot, click Yes

              •To retrieve the removal information please do the following:
              •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
              •Click Preferences. Click the Statistics/Logs tab.

              •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

              •It will open in your default text editor (preferably Notepad).
              •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

              * Save the log somewhere you can easily find it. (normally the desktop)
              * Click close and close again to exit the program.
              *Copy and Paste the log in your post

              Malwarebytes' Anti-Malware (MBAM)

              If you already have Malwarebytes be sure to check for updates before scanning!


              Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

              •Double-click mbam-setup.exe and follow the prompts to install the program.

              •Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

              If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

              •If an update is found, it will download and install the latest version.
              •Once the program has loaded, select Perform Quick Scan, then click Scan.

              •When the scan is complete, click OK, then Show Results to view the results.

              •Be sure that everything is checked, and click Remove Selected.

              •When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

              •The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

              Copy and Paste the contents of the report in your reply.

              •Exit MBAM.
              .
              Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



              HijackThis

              Download and rename HijackThis.exe (HJT)

              * Double-click on HJTInstall.
              * Click on the Install button.
              * It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
              * Upon install, HijackThis should open for you.

              Close HijackThis and rename it.

              •Go to C:\Program Files\Trend Micro\HijackThis.exe

              •Right click on HijackThis.exe and select Rename.

              •Type in sniper.exe and press Enter.

              •Right-click on sniper.exe and select Send To > Desktop (create shortcut)
              .
              * From the desktop open HijackThis.
              * If using Windows Vista, Right-click and Run As Administrator.
              * Click on the Do a system scanand save a log file button
              * HijackThis will scan and then a log will open in notepad.
              Copy and Paste the entire contents of the log in your post.
              .
              Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
              .
              Although we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.

              Please copy and paste any logs that you are able to generate.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              arunpedha

                Topic Starter


                Rookie

                Re: Application cannot be executed. The file *** is infected.
                « Reply #8 on: November 17, 2009, 07:25:19 AM »
                Thanks for the instruction. Please find the logs.

                FYI. i am no longer getting the error or fake alert message. I know this does not mean the system is fully recovered. i will wait for your confirmation. Many Thanks again.

                _______________________________________ _______________________________________ ________
                SuperAntiSpyware

                SUPERAntiSpyware Scan Log
                http://www.superantispyware.com

                Generated 11/17/2009 at 01:33 AM

                Application Version : 4.30.1004

                Core Rules Database Version : 4260
                Trace Rules Database Version: 1978

                Scan type       : Complete Scan
                Total Scan Time : 02:49:58

                Memory items scanned      : 496
                Memory threats detected   : 1
                Registry items scanned    : 8760
                Registry threats detected : 39
                File items scanned        : 56489
                File threats detected     : 6

                Trojan.Agent/Gen-FakeSpy[Broad]
                   C:\USERS\PEDHA\APPDATA\LOCAL\SCEYRK\JXHXSYSGUARD.EXE
                   C:\USERS\PEDHA\APPDATA\LOCAL\SCEYRK\JXHXSYSGUARD.EXE
                   [kvxahext] C:\USERS\PEDHA\APPDATA\LOCAL\SCEYRK\JXHXSYSGUARD.EXE

                Rogue.Agent/Gen
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#aazalirt
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#skaaanret
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jungertab
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#zibaglertz
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#iddqdops
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ronitfst
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#tobmygers
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jikglond
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#tobykke
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#klopnidret
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jiklagka
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#salrtybek
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#seeukluba
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#jrjakdsd
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krkdkdkee
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#dkewiizkjdks
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#dkekkrkska
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#rkaskssd
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#kuruhccdsdd
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krujmmwlrra
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#kkwknrbsggeg
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ktknamwerr
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#iqmcnoeqz
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ienotas
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krkmahejdk
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#otpeppggq
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#krtawefg
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#oranerkka
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#kitiiwhaas
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#otowjdseww
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#otnnbektre
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#oropbbsee
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#irprokwks
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ooorjaas
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#id
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#ready
                   HKU\S-1-5-21-4237141364-4078770496-3588282335-1000\SOFTWARE\AVSCAN#knkd

                Adware.Tracking Cookie
                   C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
                   C:\Users\pedha\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
                   C:\Users\pedha\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected]*censored*.122.2o7[1].txt

                Trojan.Agent/Gen
                   C:\USERS\PEDHA\DESKTOP\ARUN LAPTOP\EXEHELPER.COM

                Trojan.Agent/Gen-PEC
                   C:\WINDOWS\PEV.EXE
                _______________________________________ _______________________________________ ________
                MBAM logs

                Malwarebytes' Anti-Malware 1.41
                Database version: 3186
                Windows 6.0.6001 Service Pack 1

                11/17/2009 8:32:03 AM
                mbam-log-2009-11-17 (08-32-03).txt

                Scan type: Quick Scan
                Objects scanned: 109287
                Time elapsed: 6 minute(s), 46 second(s)

                Memory Processes Infected: 0
                Memory Modules Infected: 0
                Registry Keys Infected: 0
                Registry Values Infected: 0
                Registry Data Items Infected: 0
                Folders Infected: 0
                Files Infected: 0

                Memory Processes Infected:
                (No malicious items detected)

                Memory Modules Infected:
                (No malicious items detected)

                Registry Keys Infected:
                (No malicious items detected)

                Registry Values Infected:
                (No malicious items detected)

                Registry Data Items Infected:
                (No malicious items detected)

                Folders Infected:
                (No malicious items detected)

                Files Infected:
                (No malicious items detected)
                _______________________________________ _______________________________________ ________

                hijackthis log

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 9:15:37 AM, on 11/17/2009
                Platform: Windows Vista SP1 (WinNT 6.00.1905)
                MSIE: Internet Explorer v7.00 (7.00.6001.18319)
                Boot mode: Normal

                Running processes:
                C:\Windows\system32\taskeng.exe
                C:\Windows\system32\Dwm.exe
                C:\Windows\Explorer.EXE
                C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                C:\Windows\System32\igfxtray.exe
                C:\Windows\System32\hkcmd.exe
                C:\Windows\System32\igfxpers.exe
                C:\Windows\System32\WLTRAY.EXE
                C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                C:\Program Files\Dell\MediaDirect\PCMService.exe
                C:\Program Files\McAfee\Common Framework\UdaterUI.exe
                C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
                C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe
                C:\Program Files\Java\jre1.6.0\bin\jusched.exe
                C:\Program Files\Dell Support Center\bin\sprtcmd.exe
                C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\Gizmo Project\Gizmo.exe
                C:\Windows\sttray.exe
                C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
                C:\Program Files\Windows Sidebar\sidebar.exe
                C:\Program Files\McAfee\Common Framework\McTray.exe
                C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                C:\Program Files\Digital Line Detect\DLG.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                C:\Program Files\Dell\QuickSet\quickset.exe
                C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
                C:\Windows\system32\wbem\unsecapp.exe
                C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                C:\Windows\system32\wuauclt.exe
                C:\Windows\System32\cmd.exe
                C:\Program Files\Internet Explorer\ieuser.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Windows\system32\NOTEPAD.EXE
                C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
                C:\Users\pedha\Desktop\Arun1\app\coolbar\Coolbar.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Windows\explorer.exe
                C:\Windows\system32\SearchFilterHost.exe
                C:\Program Files\Trend Micro\HijackThis\sniper.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O1 - Hosts: ::1 localhost
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
                O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
                O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
                O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
                O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
                O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
                O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
                O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\EULALauncher.exe"
                O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
                O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
                O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
                O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
                O4 - HKLM\..\Run: [snpstd] "C:\Windows\vsnpstd.exe"
                O4 - HKLM\..\Run: [DLinkMonitor.exe] "C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe"
                O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
                O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
                O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Windows\sttray.exe"
                O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Windows\system32\NeroCheck.exe"
                O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
                O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
                O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
                O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                O4 - HKCU\..\Run: [cdloader] "C:\Users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
                O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                O4 - HKCU\..\Run: [Google Update] "C:\Users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
                O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
                O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
                O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                O4 - Global Startup: QuickSet.lnk = ?
                O4 - Global Startup: SJphone 1.65.lnk = ?
                O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
                O9 - Extra button: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
                O9 - Extra 'Tools' menuitem: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
                O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                O13 - Gopher Prefix:
                O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
                O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://asia-ml04.asia.csc.com/dwa8W.cab
                O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
                O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
                O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
                O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
                O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
                O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
                O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - (no file)
                O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
                O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
                O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
                O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
                O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
                O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                --
                End of file - 11680 bytes
                _______________________________________ _______________________________________ ________

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 996
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Application cannot be executed. The file *** is infected.
                « Reply #9 on: November 17, 2009, 01:49:30 PM »
                Hello arunpedha. It looks like we're making some headway.

                Right click HijackThis and choose Run as Administrator

                Next select Do a system scan only

                Place a check mark next to the following entries: (if there)

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


                Important: Close all open windows except for HijackThis and then click Fix checked.

                Once completed, exit HijackThis.

                Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

                link # 1
                Link # 2

                Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

                Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                Double-click combofix.exe and follow the prompts.
                When finished, ComboFix will produce a log for you.
                Post the ComboFix log and a new HijackThis log in your next reply.

                NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
                « Last Edit: November 17, 2009, 03:18:02 PM by evilfantasy »
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 996
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Application cannot be executed. The file *** is infected.
                « Reply #10 on: November 17, 2009, 04:11:50 PM »
                Arunpedha, I forgot to mention for ComboFix. To start it you will need to right-click it and select Run as Administrator.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                SuperPat

                • Guest
                Re: Application cannot be executed. The file *** is infected.
                « Reply #11 on: November 17, 2009, 10:04:41 PM »
                I hate to jump in like this, but I started out with the same problem. I followed these steps and they seemed to get rid of it. But in my case the audio on my computer no longer works. I hasn't worked since the problem first started. Do you have the same issue with the audio?

                I must say though this forum has been extremely helpful.

                arunpedha

                  Topic Starter


                  Rookie

                  Re: Application cannot be executed. The file *** is infected.
                  « Reply #12 on: November 18, 2009, 08:16:11 AM »

                  Please find the logs. Please assist next course of action.

                  _______________________________________ _______________________________________ ________
                  Hijackthis Log

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 10:12:16 AM, on 11/18/2009
                  Platform: Windows Vista SP1 (WinNT 6.00.1905)
                  MSIE: Internet Explorer v7.00 (7.00.6001.18319)
                  Boot mode: Normal

                  Running processes:
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\Windows\System32\igfxtray.exe
                  C:\Windows\System32\hkcmd.exe
                  C:\Windows\System32\igfxpers.exe
                  C:\Windows\System32\WLTRAY.EXE
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  C:\Program Files\Dell\MediaDirect\PCMService.exe
                  C:\Program Files\McAfee\Common Framework\UdaterUI.exe
                  C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
                  C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe
                  C:\Program Files\McAfee\Common Framework\McTray.exe
                  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
                  C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Gizmo Project\Gizmo.exe
                  C:\Windows\sttray.exe
                  C:\Program Files\Windows Sidebar\sidebar.exe
                  C:\Windows\system32\wbem\unsecapp.exe
                  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
                  C:\Program Files\Digital Line Detect\DLG.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  C:\Program Files\Dell\QuickSet\quickset.exe
                  C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
                  C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
                  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  C:\Windows\system32\wuauclt.exe
                  C:\Windows\system32\notepad.exe
                  C:\Windows\explorer.exe
                  C:\Windows\system32\wbem\unsecapp.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Trend Micro\HijackThis\sniper.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  O1 - Hosts: ::1 localhost
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
                  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
                  O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                  O3 - Toolbar: Scour Toolbar - {A057A204-BACC-4D26-9A9E-3AF287E2699B} - C:\PROGRA~1\SCOURT~1\SCOURT~1.DLL
                  O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
                  O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
                  O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
                  O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
                  O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                  O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\EULALauncher.exe"
                  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
                  O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
                  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
                  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
                  O4 - HKLM\..\Run: [snpstd] "C:\Windows\vsnpstd.exe"
                  O4 - HKLM\..\Run: [DLinkMonitor.exe] "C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe"
                  O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
                  O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                  O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
                  O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\Windows\sttray.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Windows\system32\NeroCheck.exe"
                  O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
                  O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
                  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
                  O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
                  O4 - HKCU\..\Run: [cdloader] "C:\Users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
                  O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
                  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                  O4 - HKCU\..\Run: [Google Update] "C:\Users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
                  O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
                  O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: QuickSet.lnk = ?
                  O4 - Global Startup: SJphone 1.65.lnk = ?
                  O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
                  O9 - Extra button: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
                  O9 - Extra 'Tools' menuitem: Pardon - {302172A1-A2B4-4402-B1D0-F5D54C3E83C6} - C:\Program Files\Pardon 3\Pardon.exe
                  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                  O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                  O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
                  O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://asia-ml04.asia.csc.com/dwa8W.cab
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
                  O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
                  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
                  O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
                  O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
                  O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                  O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                  O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - (no file)
                  O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
                  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
                  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                  O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
                  O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                  O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
                  O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
                  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                  --
                  End of file - 11064 bytes


                  _______________________________________ _______________________________________ ________
                  Combox fix
                  ComboFix 09-11-18.06 - pedha 11/18/2009  9:20.3.2 - x86
                  Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.2038.1308 [GMT -5:00]
                  Running from: c:\users\pedha\Desktop\ComboFix.exe
                  AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
                  FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
                  SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
                  SP: Webroot Spy Sweeper *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
                  SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
                   * Resident AV is active

                  .

                  (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
                  c:\users\pedha\AppData\Local\sceyrk
                  c:\users\pedha\AppData\Local\sceyrk\jxhxsysguard.exe

                  .
                  (((((((((((((((((((((((((   Files Created from 2009-10-18 to 2009-11-18  )))))))))))))))))))))))))))))))
                  .

                  2009-11-18 14:38 . 2009-11-18 14:38   --------   d-----w-   c:\users\Public\AppData\Local\temp
                  2009-11-18 14:38 . 2009-11-18 14:38   --------   d-----w-   c:\users\Guest\AppData\Local\temp
                  2009-11-18 14:38 . 2009-11-18 14:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
                  2009-11-17 14:11 . 2009-11-17 14:11   --------   d-----w-   c:\program files\Trend Micro
                  2009-11-17 03:41 . 2009-11-17 03:41   117760   ----a-w-   c:\users\pedha\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                  2009-11-17 03:40 . 2009-11-17 03:40   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
                  2009-11-17 03:34 . 2009-11-17 03:34   4096   d-----w-   c:\program files\SUPERAntiSpyware
                  2009-11-17 03:34 . 2009-11-17 03:34   --------   d-----w-   c:\users\pedha\AppData\Roaming\SUPERAntiSpyware.com
                  2009-11-16 22:35 . 2009-11-16 23:29   8192   d-----w-   c:\program files\a-squared Free
                  2009-11-16 16:09 . 2009-11-16 16:09   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
                  2009-11-16 15:19 . 2009-11-16 15:40   --------   d-----w-   c:\program files\CCleaner
                  2009-11-16 02:47 . 2009-11-18 14:39   8192   d-----w-   c:\users\pedha\AppData\Local\temp
                  2009-11-13 21:44 . 2009-11-18 13:26   --------   d-----w-   c:\users\pedha\Tracing
                  2009-11-13 21:40 . 2009-11-13 21:40   --------   d-----w-   c:\program files\Microsoft
                  2009-11-13 21:40 . 2009-11-13 21:40   --------   d-----w-   c:\program files\Windows Live SkyDrive
                  2009-11-13 21:31 . 2009-11-13 21:31   --------   d-----w-   c:\program files\Common Files\Windows Live
                  2009-11-10 20:21 . 2009-08-14 13:53   2035712   ----a-w-   c:\windows\system32\win32k.sys
                  2009-10-27 14:06 . 2009-08-07 02:24   44768   ----a-w-   c:\windows\system32\wups2.dll
                  2009-10-27 14:06 . 2009-08-07 02:24   53472   ----a-w-   c:\windows\system32\wuauclt.exe
                  2009-10-27 14:06 . 2009-08-07 02:23   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
                  2009-10-27 14:06 . 2009-08-07 01:45   2421760   ----a-w-   c:\windows\system32\wucltux.dll
                  2009-10-27 14:05 . 2009-08-07 02:24   35552   ----a-w-   c:\windows\system32\wups.dll
                  2009-10-27 14:05 . 2009-08-07 02:23   575704   ----a-w-   c:\windows\system32\wuapi.dll
                  2009-10-27 14:05 . 2009-08-07 01:44   87552   ----a-w-   c:\windows\system32\wudriver.dll
                  2009-10-27 14:05 . 2009-08-06 23:23   171608   ----a-w-   c:\windows\system32\wuwebv.dll
                  2009-10-27 14:05 . 2009-08-06 22:44   33792   ----a-w-   c:\windows\system32\wuapp.exe

                  .
                  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2009-11-16 15:48 . 2007-08-20 13:41   5568   ----a-w-   c:\users\pedha\AppData\Local\d3d9caps.dat
                  2009-11-16 03:30 . 2008-10-31 01:26   4096   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                  2009-11-16 03:30 . 2009-01-26 15:51   4045527   ----a-w-   c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
                  2009-11-13 21:42 . 2007-12-22 21:48   4096   d-----w-   c:\program files\Windows Live
                  2009-11-11 23:56 . 2007-04-06 23:17   4096   d-----w-   c:\users\pedha\AppData\Roaming\Corel
                  2009-11-03 01:42 . 2009-10-02 23:33   195456   ------w-   c:\windows\system32\MpSigStub.exe
                  2009-11-02 23:50 . 2007-04-06 23:57   14606   ----a-w-   c:\users\pedha\AppData\Roaming\wklnhst.dat
                  2009-10-17 11:23 . 2007-05-10 23:14   --------   d-----w-   c:\program files\Microsoft SQL Server
                  2009-10-17 11:16 . 2007-04-05 12:00   24576   d-----w-   c:\program files\Microsoft Works
                  2009-10-12 02:43 . 2008-01-10 03:03   8192   d-----w-   c:\users\pedha\AppData\Roaming\mjusbsp
                  2009-10-11 18:48 . 2009-10-11 18:48   --------   d-----w-   c:\programdata\Office Genuine Advantage
                  2009-09-26 17:35 . 2009-09-26 17:35   --------   d-----w-   c:\users\pedha\AppData\Roaming\Ashampoo
                  2009-09-26 17:31 . 2009-09-26 17:31   --------   d-----w-   c:\program files\Ashampoo
                  2009-09-25 02:15 . 2009-09-25 02:15   4096   dc-h--w-   c:\programdata\{BEC4F512-CB5F-42E6-9ACF-FAEA2CF7A840}
                  2009-09-25 02:15 . 2009-09-25 02:15   --------   d-----w-   c:\programdata\ExamForce
                  2009-09-23 23:12 . 2007-05-10 22:59   32768   d-----w-   c:\programdata\Microsoft Help
                  2009-09-23 22:44 . 2009-09-16 22:14   4096   d-----w-   c:\users\pedha\AppData\Roaming\HpUpdate
                  2009-09-21 19:15 . 2007-04-01 21:45   84584   ----a-w-   c:\users\pedha\AppData\Local\GDIPFONTCACHEV1.DAT
                  2009-09-21 15:11 . 2009-09-21 15:11   --------   d-----w-   c:\program files\MSDN
                  2009-09-21 14:48 . 2009-09-21 14:35   --------   d-----w-   c:\program files\HTML Help Workshop
                  2009-09-21 14:47 . 2009-07-19 18:07   20480   d-----w-   c:\program files\Common Files\Merge Modules
                  2009-09-21 14:46 . 2007-05-10 22:59   4096   d-----w-   c:\program files\Microsoft Visual Studio 8
                  2009-09-14 09:44 . 2009-10-16 23:40   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
                  2009-09-10 19:54 . 2008-10-31 01:26   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                  2009-09-10 19:53 . 2008-10-31 01:26   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
                  2009-09-10 17:30 . 2009-10-16 23:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
                  2009-09-04 12:24 . 2009-10-16 23:40   61440   ----a-w-   c:\windows\system32\msasn1.dll
                  2009-08-27 13:32 . 2009-10-16 23:49   833024   ----a-w-   c:\windows\system32\wininet.dll
                  2009-08-27 13:29 . 2009-10-16 23:49   78336   ----a-w-   c:\windows\system32\ieencode.dll
                  2009-08-27 10:58 . 2009-10-16 23:49   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
                  2007-04-05 19:25 . 2007-04-05 19:24   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
                  .

                  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Note* empty entries & legit default entries are not shown
                  REGEDIT4

                  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}]

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
                  "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
                  "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
                  "cdloader"="c:\users\pedha\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]
                  "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
                  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
                  "Google Update"="c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-12 133104]
                  "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
                  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
                  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
                  "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
                  "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
                  "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
                  "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
                  "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
                  "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
                  "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
                  "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
                  "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
                  "snpstd"="c:\windows\vsnpstd.exe" [2005-10-12 339968]
                  "DLinkMonitor.exe"="c:\program files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe" [2007-01-03 651264]
                  "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
                  "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-05 77824]
                  "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
                  "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
                  "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
                  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-08 98304]
                  "Gizmo Project"="c:\program files\Gizmo Project\Gizmo.exe" [2007-06-15 3850240]
                  "SigmatelSysTrayApp"="c:\windows\sttray.exe" [2007-02-08 303104]
                  "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
                  "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-01-20 6278520]

                  c:\users\pedha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                  Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-3-14 385024]

                  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                  Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
                  Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-5 50688]
                  HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
                  QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-5 45056]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "EnableUIADesktopToggle"= 0 (0x0)

                  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                  2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                  "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                  "aux1"=wdmaud.drv

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
                  @="Service"

                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
                  "DisableMonitoring"=dword:00000001

                  R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [12/7/2008 9:26 PM 29808]
                  R0 TLRecAgent;TLRecAgent;c:\windows\System32\drivers\TLRecAgent.sys [9/4/2007 7:15 PM 37208]
                  R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
                  R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
                  R2 Gizmo Plugin;Gizmo VoIP Service;c:\program files\GizmoPlugin\GizmoPlugin.exe [9/22/2007 8:48 PM 962048]
                  R2 VService;VService;c:\program files\D-Link\D-Link USB VoIP Adapter\VServ.exe [1/2/2007 12:07 PM 105208]
                  R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [1/26/2009 11:11 AM 1090936]
                  R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
                  S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/5/2007 6:59 AM 29744]
                  S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [12/5/2006 10:34 AM 507136]
                  S3 slusbvip;SL3800 USB Driver;c:\windows\System32\drivers\slusbvip.sys [9/4/2007 7:15 PM 591832]
                  S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\System32\drivers\slvad.sys [9/4/2007 7:16 PM 85656]
                  S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]

                  --- Other Services/Drivers In Memory ---

                  *NewlyCreated* - MBR
                  *NewlyCreated* - PROCEXP113
                  *Deregistered* - mbr
                  *Deregistered* - PROCEXP113

                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
                  HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
                  hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
                  .
                  Contents of the 'Scheduled Tasks' folder

                  2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237141364-4078770496-3588282335-1000Core.job
                  - c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 02:39]

                  2009-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237141364-4078770496-3588282335-1000UA.job
                  - c:\users\pedha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 02:39]

                  2009-11-18 c:\windows\Tasks\User_Feed_Synchronization-{9D4F5082-4799-4D10-A007-3DE4F0A0FF55}.job
                  - c:\windows\system32\msfeedssync.exe [2008-09-16 07:33]
                  .
                  .
                  ------- Supplementary Scan -------
                  .
                  uStart Page = about:blank
                  IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                  FF - ProfilePath - c:\users\pedha\AppData\Roaming\Mozilla\Firefox\Profiles\m329wuil.default\
                  FF - prefs.js: browser.startup.homepage - about:blank
                  FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
                  FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
                  FF - plugin: c:\program files\Microsoft Silverlight\3.0.40818.0\npctrl.1.0.20926.0.dll
                  FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
                  FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
                  FF - plugin: c:\users\pedha\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
                  FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
                  .
                  - - - - ORPHANS REMOVED - - - -

                  AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



                  **************************************************************************

                  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2009-11-18 09:39
                  Windows 6.0.6001 Service Pack 1 NTFS

                  scanning hidden processes ... 

                  scanning hidden autostart entries ...

                  scanning hidden files ... 

                  scan completed successfully
                  hidden files: 0

                  **************************************************************************
                  .
                  --------------------- LOCKED REGISTRY KEYS ---------------------

                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  .
                  Completion time: 2009-11-18 09:45
                  ComboFix-quarantined-files.txt  2009-11-18 14:44
                  ComboFix2.txt  2009-11-16 02:47
                  ComboFix3.txt  2009-11-15 21:59
                  ComboFix4.txt  2009-10-11 14:21
                  ComboFix5.txt  2009-11-18 14:17

                  Pre-Run: 7,614,136,320 bytes free
                  Post-Run: 7,459,921,920 bytes free

                  - - End Of File - - 46B73A30C809E49E095E25C2F3E4519B
                  _______________________________________ _______________________________________ ________


                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 996
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: Application cannot be executed. The file *** is infected.
                  « Reply #13 on: November 18, 2009, 01:23:57 PM »
                  Hello SuperPat. As I stated in my earlier post, these instructions are for this poster only and trying these fixes on your computer is not advised. Hijacking someone else's thread is also frowned upon. You should start your own thread to get help. It's too confusing to try to help more than one poster in a thread.

                  Hello arunpedha. How is your computer working now?
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                  arunpedha

                    Topic Starter


                    Rookie

                    Re: Application cannot be executed. The file *** is infected.
                    « Reply #14 on: November 18, 2009, 03:00:28 PM »
                    Thanks SD. Its works great now. Thanks for all your help. Did you had a chance to look at my last log post. Hope my system is completed recovered. Many Thanks again