new computer virus

[Helpme220]

Hello, My fiancee and I just opened a new business, I was setting up or office computer and we already have avirus. the webrowser will not connect to secure sites. I am running microsoft secirity  essential , also I am running zone alarm for firewall. I believe in my rushing to get it up and running I clicked on a java update and got infected.This is a brand new compaq presario CQ57 running windows 7 . It has 2 gb of ram and 250 for the harddrive. I have used you guys before and have always been the greatest help. I started with internet explorer because the web browser software works better with it .When I started experiencing issues i downloaded safari. Both browsers would not connect to secure sites. I ran everthing you guys asked to run here are the logs .Also as soon as it happened I ran a hijackthis , so I have that log also If you would like
Thank you for your help

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/18/2011 at 08:07 AM

Application Version : 5.0.1134

Core Rules Database Version : 7809
Trace Rules Database Version: 5621

Scan type       : Complete Scan
Total Scan Time : 01:50:20

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 652
Memory threats detected   : 0
Registry items scanned    : 69835
Registry threats detected : 0
File items scanned        : 115067
File threats detected     : 0
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.1.7601 Service Pack 1

10/17/2011 6:21:45 PM
mbam-log-2011-10-17 (18-21-45).txt

Scan type: Quick Scan
Objects scanned: 76969
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Yogaborn at 8:56:45 on 2011-10-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1643.704 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{708D7C27-4961-4CAA-A759-9482F82BBE80} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{708D7C27-4961-4CAA-A759-9482F82BBE80}\95F4741424F425E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E99281A5-CFB5-42F8-B773-86188358DBF2} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64:     ZoneAlarm Security Engine Registrar - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64:     IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-7-27 945200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-7-27 463408]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-27 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-1 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-27 1817088]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-2-15 822264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2011-7-27 126904]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2011-10-18 10:02:35   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21916713-46F5-43E4-B890-7EED73234696}\offreg.dll
2011-10-17 22:58:19   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\CrashDumps
2011-10-17 22:57:52   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-10-17 22:57:23   --------   d-----w-   C:\ProgramData\SUPERSetup
2011-10-17 22:48:21   --------   d-----w-   C:\Program Files\CCleaner
2011-10-17 22:24:50   --------   d-----w-   C:\Windows\SysWow64\Wat
2011-10-17 22:24:50   --------   d-----w-   C:\Windows\System32\Wat
2011-10-17 21:34:07   --------   d-----w-   C:\Program Files (x86)\MSXML 4.0
2011-10-17 21:33:52   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-10-17 21:32:43   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\SUPERAntiSpyware.com
2011-10-17 21:32:43   --------   d-----w-   C:\Program Files (x86)\SUPERAntiSpyware
2011-10-17 21:32:19   --------   d-----w-   C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-10-17 21:29:24   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\Malwarebytes
2011-10-17 21:29:01   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-10-17 21:29:00   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-10-17 21:28:59   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-16 20:10:33   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Apple Computer
2011-10-16 20:05:04   9049936   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21916713-46F5-43E4-B890-7EED73234696}\mpengine.dll
2011-10-16 20:02:43   --------   d-----w-   C:\Program Files\Bonjour
2011-10-16 20:02:43   --------   d-----w-   C:\Program Files (x86)\Bonjour
2011-10-16 20:01:36   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Apple
2011-10-16 13:51:31   850944   ----a-w-   C:\Windows\SysWow64\sbe.dll
2011-10-16 13:51:31   642048   ----a-w-   C:\Windows\SysWow64\CPFilters.dll
2011-10-16 13:51:31   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-10-16 13:51:31   199680   ----a-w-   C:\Windows\SysWow64\mpg2splt.ax
2011-10-16 13:51:30   723968   ----a-w-   C:\Windows\System32\EncDec.dll
2011-10-16 13:51:30   1118720   ----a-w-   C:\Windows\System32\sbe.dll
2011-10-16 13:51:29   961024   ----a-w-   C:\Windows\System32\CPFilters.dll
2011-10-16 13:51:29   259072   ----a-w-   C:\Windows\System32\mpg2splt.ax
2011-10-16 13:50:36   566208   ----a-w-   C:\Windows\System32\winresume.efi
2011-10-16 13:50:35   605552   ----a-w-   C:\Windows\System32\winload.exe
2011-10-16 13:50:35   518672   ----a-w-   C:\Windows\System32\winresume.exe
2011-10-16 13:50:35   20352   ----a-w-   C:\Windows\System32\kdusb.dll
2011-10-16 13:50:35   19328   ----a-w-   C:\Windows\System32\kd1394.dll
2011-10-16 13:50:35   17792   ----a-w-   C:\Windows\System32\kdcom.dll
2011-10-16 13:50:34   642944   ----a-w-   C:\Windows\System32\winload.efi
2011-10-16 13:48:08   5561216   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-10-16 13:48:08   3967872   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-16 13:48:08   3912576   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-10-16 13:46:59   1395712   ----a-w-   C:\Windows\System32\mfc42.dll
2011-10-16 13:44:57   870912   ----a-w-   C:\Windows\SysWow64\XpsPrint.dll
2011-10-16 13:44:57   1465344   ----a-w-   C:\Windows\System32\XpsPrint.dll
2011-10-16 13:42:19   1923968   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-10-16 13:42:17   976896   ----a-w-   C:\Windows\System32\inetcomm.dll
2011-10-16 13:42:17   741376   ----a-w-   C:\Windows\SysWow64\inetcomm.dll
2011-10-16 13:35:57   90624   ----a-w-   C:\Windows\System32\drivers\bowser.sys
2011-10-16 13:33:24   288256   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
2011-10-16 13:33:23   476160   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2011-10-16 13:33:09   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2011-10-16 13:33:09   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2011-10-16 13:33:09   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2011-10-16 13:33:09   294912   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2011-10-16 13:31:53   267776   ----a-w-   C:\Windows\System32\FXSCOVER.exe
2011-10-16 13:31:23   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-10-16 13:31:23   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-10-16 13:31:22   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-10-16 13:31:22   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-10-16 13:29:46   3138048   ----a-w-   C:\Windows\System32\win32k.sys
2011-10-16 13:28:52   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-10-16 13:28:51   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
2011-10-16 13:28:51   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-10-16 13:28:50   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-10-16 13:26:22   2871808   ----a-w-   C:\Windows\explorer.exe
2011-10-16 13:26:21   2616320   ----a-w-   C:\Windows\SysWow64\explorer.exe
2011-10-16 13:26:06   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2011-10-16 13:26:06   158208   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2011-10-16 13:26:06   128000   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2011-10-16 13:22:52   404480   ----a-w-   C:\Windows\System32\umpnpmgr.dll
2011-10-16 13:22:51   64512   ----a-w-   C:\Windows\SysWow64\devobj.dll
2011-10-16 13:22:51   44544   ----a-w-   C:\Windows\SysWow64\devrtl.dll
2011-10-16 13:22:51   252928   ----a-w-   C:\Windows\SysWow64\drvinst.exe
2011-10-16 13:22:51   145920   ----a-w-   C:\Windows\SysWow64\cfgmgr32.dll
2011-10-16 13:22:42   31232   ----a-w-   C:\Windows\SysWow64\prevhost.exe
2011-10-16 13:22:42   31232   ----a-w-   C:\Windows\System32\prevhost.exe
2011-10-16 13:22:12   --------   d-----w-   C:\Windows\System32\drivers\NISx64\1206000.01D
2011-10-14 21:21:30   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Diagnostics
2011-10-14 21:13:57   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\CheckPoint
2011-10-14 20:58:47   --------   d-----w-   C:\Program Files\CheckPoint
2011-10-14 20:57:30   1238528   ----a-w-   C:\Windows\SysWow64\zpeng25.dll
2011-10-14 20:57:27   --------   d-----w-   C:\Windows\SysWow64\ZoneLabs
2011-10-14 20:57:19   458840   ----a-w-   C:\Windows\System32\drivers\~GLH0023.TMP
2011-10-14 20:56:34   458840   ------w-   C:\Windows\System32\drivers\vsdatant.sys
2011-10-14 20:56:31   --------   d-----w-   C:\Program Files (x86)\Zone Labs
2011-10-14 20:55:46   --------   d-----w-   C:\ProgramData\CheckPoint
2011-10-14 20:55:43   --------   d-----w-   C:\Windows\Internet Logs
2011-10-14 20:10:24   9049936   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-14 20:09:09   917840   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0618841-57E2-459B-8563-496CBB29D6AE}\gapaengine.dll
2011-10-14 20:05:23   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2011-10-14 20:05:07   --------   d-----w-   C:\Program Files\Microsoft Security Client
2011-10-14 20:03:19   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\AMD
2011-10-14 20:02:43   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\ATI
2011-10-14 20:02:31   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\PictureMover
2011-10-14 20:01:40   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\BMExplorer
2011-10-14 20:01:28   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\Synaptics
2011-10-14 20:00:03   --------   d-----w-   C:\Users\Yogaborn\AppData\Roaming\hpqlog
2011-10-14 19:59:54   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\RemEngine
2011-10-14 19:53:46   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Hewlett-Packard
2011-10-14 19:53:26   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\Hewlett-Packard_Company
2011-10-14 19:51:06   --------   d-----w-   C:\Users\Yogaborn\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2011-10-18 12:44:30   525544   ----a-w-   C:\Windows\System32\deployJava1.dll
2011-09-01 05:24:07   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57   1389056   ----a-w-   C:\Windows\System32\wininet.dll
2011-09-01 05:12:04   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-08-31 03:05:32   96104   ----a-w-   C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32   85864   ----a-w-   C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32   61288   ----a-w-   C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32   212840   ----a-w-   C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04   83816   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04   73064   ----a-w-   C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04   50536   ----a-w-   C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04   178536   ----a-w-   C:\Windows\SysWow64\dnssdX.dll
2011-07-27 11:00:01   174640   ----a-w-   C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-07-27 10:47:14   0   ----a-w-   C:\Windows\ativpsrm.bin
.
============= FINISH:  8:59:04.59 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2011 3:50:04 PM
System Uptime: 10/18/2011 6:02:02 AM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 3577
Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 195.272 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.724 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 10/14/2011 3:52:00 PM - First_User_Boot
RP4: 10/14/2011 4:07:00 PM - Windows Update
RP5: 10/16/2011 4:03:03 PM - Installed Safari
RP6: 10/17/2011 5:17:48 PM - Windows Update
RP7: 10/18/2011 8:42:16 AM - Installed Java(TM) 6 Update 27 (64-bit)
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compaq Setup Manager
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HijackThis 2.0.2
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Solitaire 2
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Safari
SUPERAntiSpyware Free Edition
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 6:13:43 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072ee2     Error description: The operation timed out
10/18/2011 6:08:07 AM, Error: NetBT [4307]  - Initialization failed because the transport refused to open initial addresses.
10/18/2011 6:05:25 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
10/18/2011 6:05:25 AM, Error: Service Control Manager [7000]  - The HP Health Check Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/18/2011 6:04:17 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/18/2011 6:04:17 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
10/18/2011 6:03:17 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/17/2011 6:37:26 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/17/2011 6:33:03 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
10/17/2011 6:28:03 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/17/2011 6:27:52 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL
10/17/2011 6:26:32 PM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 6:26:32 PM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 5:37:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/17/2011 5:33:59 PM, Error: Service Control Manager [7000]  - The SASENUM service failed to start due to the following error:  This driver has been blocked from loading
10/17/2011 5:33:59 PM, Error: Application Popup [1060]  - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 5:32:56 PM, Error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  This driver has been blocked from loading
10/17/2011 5:32:55 PM, Error: Service Control Manager [7000]  - The SASKUTIL service failed to start due to the following error:  This driver has been blocked from loading
10/17/2011 5:24:50 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
10/17/2011 5:23:52 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
10/17/2011 5:17:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
10/17/2011 12:33:59 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
10/16/2011 9:09:18 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1674.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/16/2011 8:59:52 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/16/2011 5:41:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1787.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
10/16/2011 2:57:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/16/2011 10:14:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.113.1674.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7702.0     Error code: 0x80072ee2     Error description: The operation timed out
10/14/2011 5:16:38 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/14/2011 5:16:22 PM, Error: Service Control Manager [7022]  - The AMD FUEL Service service hung on starting.
10/14/2011 5:14:58 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/14/2011 5:11:36 PM, Error: Microsoft-Windows-DistributedCOM [10009]  - DCOM was unable to communicate with the computer WIN-JT0CBKGICFJ using any of the configured protocols.
10/14/2011 5:00:20 PM, Error: Service Control Manager [7030]  - The ZoneAlarm Toolbar IswSvc service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
10/14/2011 4:57:45 PM, Error: Service Control Manager [7030]  - The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
  Thank you

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The logs show that you have two AV programs and two Firewalls on your computer. Please make sure that only one of each is activated at any time.

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     Symantec NCO BHO - No File
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64:     ZoneAlarm Security Engine Registrar - No File
BHO-X64:     IESpeakDoc - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************

You may uninstall Java(TM) 6 Update 22. It is no longer needed.

*************************************************
Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post. .

[Helpme220]

Hey dave, thank you for your help. followed your instructions here are the two logs. Just to let you know when I tried to unistall Java 22 it wouldnt unistall and kept asking me if I wanted this program to update . I said no and ran the other log . Hope i did this correctly , look forwrd to hearing from you .
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10182011_214209

MiniToolBox by Farbar
Ran by Yogaborn (administrator) on 18-10-2011 at 21:50:15
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Yogaborn-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 3C-D9-2B-2B-6B-52
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : D0-DF-9A-89-0B-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : D0-DF-9A-88-9C-0B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8455:925c:c388:85a0%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, October 18, 2011 9:26:34 PM
   Lease Expires . . . . . . . . . . : Wednesday, October 19, 2011 9:26:33 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248569754
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-C1-A1-8A-D0-DF-9A-88-9C-0B
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{708D7C27-4961-4CAA-A759-9482F82BBE80}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:ca7:9ad:bbf6:3812(Preferred)
   Link-local IPv6 Address . . . . . : fe80::ca7:9ad:bbf6:3812%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.73.104
     74.125.73.105
     74.125.73.106
     74.125.73.147
     74.125.73.99
     74.125.73.103


Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=122ms TTL=50
Reply from 74.125.73.104: bytes=32 time=72ms TTL=50

Ping statistics for 74.125.73.104:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 72ms, Maximum = 122ms, Average = 97ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.137.149.56
     98.139.180.149
     209.191.122.70
     67.195.160.76
     72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=154ms TTL=55
Reply from 72.30.2.43: bytes=32 time=116ms TTL=55

Ping statistics for 72.30.2.43:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 116ms, Maximum = 154ms, Average = 135ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
 15...3c d9 2b 2b 6b 52 ......Realtek PCIe FE Family Controller
 13...d0 df 9a 89 0b 9b ......Bluetooth Device (Personal Area Network)
 11...d0 df 9a 88 9c 0b ......Atheros AR9285 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:4137:9e76:ca7:9ad:bbf6:3812/128
                                    On-link
 11    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::ca7:9ad:bbf6:3812/128
                                    On-link
 11    281 fe80::8455:925c:c388:85a0/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/18/2011 09:50:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:49:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:49:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:47:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/18/2011 09:47:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (10/18/2011 09:41:19 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (10/18/2011 09:41:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (10/18/2011 09:37:37 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.113.1787.0

   Update Source: %NT AUTHORITY59

   Update Stage: 3.0.8402.00

   Source Path: 3.0.8402.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2011 09:32:09 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:32:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:32:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:32:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/18/2011 09:29:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/18/2011 09:29:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/18/2011 09:26:58 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

   Feature: %%835

   Error Code: 0x80004005

   Error description: Unspecified error

   Reason: %%842


Microsoft Office Sessions:
=========================
Error: (10/18/2011 09:50:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:49:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:49:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:54 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:47:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2011 09:47:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1642.9 MB
Available physical RAM: 532.29 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1678.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.12 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:218.76 GB) (Free:194.36 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.83 GB) (Free:1.72 GB) NTFS
4 Drive f: (ROBSHIT) (Removable) (Total:1.89 GB) (Free:1.58 GB) FAT
5 Drive g: (ROBSHIT 2) (Removable) (Total:3.74 GB) (Free:0.07 GB) FAT32

========================= Users: ========================================

User accounts for \\YOGABORN-HP

Administrator            Guest                    Yogaborn                 


**** End of log ****
 Cross my fingers
Rob

[SuperDave]

There doesn't appear to be anything wrong with your internet connection.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Helpme220]

Hello, I ran security check , here is the log. I tried running combofix several times and it would always get stuck on completed scan 48 then do nothing for like half an hour . Hope i'm not doing anything wrong. I disabled all my protection and followed  instructions .
 Results of screen317's Security Check version 0.99.24 
 Windows 7  x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Norton Internet Security   
 ZoneAlarm     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 22 
 Out of date Java installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Norton ccSvcHst.exe
 Windows Defender MSMpEng.exe
 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
 Microsoft Security Essentials msseces.exe
 Microsoft Security Client Antimalware MsMpEng.exe 
 Microsoft Security Client Antimalware NisSrv.exe 
 Zone Labs ZoneAlarm zlclient.exe 
``````````End of Log````````````
Hope you can help
Thank you for your time
Rob

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Delete your copy of ComboFix from your desktop or just drag it into your Recycling bin.

Download ComboFix by sUBs from one of the below links.  You must rename it before saving it!

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[Helpme220]

I 've tried running combo fix , I get top completed scan 48 and then it stops runs for about half an hour and no text log.  I have disabled my firewall and microsoft essential . Please let me know what I could possibly be doing wrong
Thank you again

[SuperDave]

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

[Helpme220]

Here you go

Blackpudding.bat is not valid Win 32 app

Whatever that means

We will keep trying
Thank you for your help

[SuperDave]

Ok. Please boot in Safe Mode and try running ComboFix from there.

Safe Mode

[Helpme220]

It worked here we go
ComboFix 11-10-24.04 - Yogaborn 10/25/2011  18:40:34.8.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1643.1137 [GMT -4:00]
Running from: c:\users\Yogaborn\Desktop\blackpudding.bat.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-25 to 2011-10-25  )))))))))))))))))))))))))))))))
.
.
2011-10-25 22:49 . 2011-10-25 22:49   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-25 22:32 . 2011-10-25 22:32   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B13DC33-BF30-4599-B1B4-D53C7E3DAF12}\offreg.dll
2011-10-23 22:11 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B13DC33-BF30-4599-B1B4-D53C7E3DAF12}\mpengine.dll
2011-10-17 22:57 . 2011-10-17 22:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-17 22:57 . 2011-10-17 22:57   --------   d-----w-   c:\programdata\SUPERSetup
2011-10-17 22:48 . 2011-10-17 22:48   --------   d-----w-   c:\program files\CCleaner
2011-10-17 22:24 . 2011-10-17 22:24   --------   d-----w-   c:\windows\SysWow64\Wat
2011-10-17 22:24 . 2011-10-17 22:24   --------   d-----w-   c:\windows\system32\Wat
2011-10-17 21:34 . 2011-10-17 21:34   --------   d-----w-   c:\program files (x86)\MSXML 4.0
2011-10-17 21:33 . 2011-10-17 21:33   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-10-17 21:32 . 2011-10-17 21:32   --------   d-----w-   c:\program files (x86)\SUPERAntiSpyware
2011-10-17 21:32 . 2011-10-17 21:32   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-17 21:29 . 2011-10-17 21:29   --------   d-----w-   c:\programdata\Malwarebytes
2011-10-17 21:29 . 2011-08-31 21:00   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-17 21:28 . 2011-10-18 12:19   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-16 20:04 . 2011-10-16 20:04   --------   d-----w-   c:\program files (x86)\Safari
2011-10-16 20:04 . 2011-10-16 20:04   --------   d-----w-   c:\programdata\Apple Computer
2011-10-16 20:02 . 2011-10-16 20:02   --------   d-----w-   c:\program files\Bonjour
2011-10-16 20:02 . 2011-10-16 20:02   --------   d-----w-   c:\program files (x86)\Bonjour
2011-10-16 20:02 . 2011-10-16 20:02   --------   d-----w-   c:\program files (x86)\Common Files\Apple
2011-10-16 20:01 . 2011-10-16 20:01   --------   d-----w-   c:\program files (x86)\Apple Software Update
2011-10-16 20:01 . 2011-10-16 20:01   --------   d-----w-   c:\programdata\Apple
2011-10-16 13:51 . 2010-12-23 05:54   850944   ----a-w-   c:\windows\SysWow64\sbe.dll
2011-10-16 13:51 . 2010-12-23 05:54   642048   ----a-w-   c:\windows\SysWow64\CPFilters.dll
2011-10-16 13:51 . 2010-12-23 05:54   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-10-16 13:51 . 2010-12-23 05:50   199680   ----a-w-   c:\windows\SysWow64\mpg2splt.ax
2011-10-16 13:51 . 2010-12-23 10:42   1118720   ----a-w-   c:\windows\system32\sbe.dll
2011-10-16 13:51 . 2010-12-23 10:42   723968   ----a-w-   c:\windows\system32\EncDec.dll
2011-10-16 13:51 . 2010-12-23 10:42   961024   ----a-w-   c:\windows\system32\CPFilters.dll
2011-10-16 13:51 . 2010-12-23 10:36   259072   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-10-16 13:50 . 2011-02-05 17:06   566208   ----a-w-   c:\windows\system32\winresume.efi
2011-10-16 13:50 . 2011-02-05 17:10   20352   ----a-w-   c:\windows\system32\kdusb.dll
2011-10-16 13:50 . 2011-02-05 17:10   19328   ----a-w-   c:\windows\system32\kd1394.dll
2011-10-16 13:50 . 2011-02-05 17:10   17792   ----a-w-   c:\windows\system32\kdcom.dll
2011-10-16 13:50 . 2011-02-05 17:06   605552   ----a-w-   c:\windows\system32\winload.exe
2011-10-16 13:50 . 2011-02-05 17:06   518672   ----a-w-   c:\windows\system32\winresume.exe
2011-10-16 13:50 . 2011-02-05 17:10   642944   ----a-w-   c:\windows\system32\winload.efi
2011-10-16 13:48 . 2011-06-23 05:43   5561216   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-16 13:48 . 2011-06-23 04:33   3967872   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2011-10-16 13:48 . 2011-06-23 04:33   3912576   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2011-10-16 13:46 . 2011-03-11 06:34   1359872   ----a-w-   c:\windows\system32\mfc42u.dll
2011-10-16 13:44 . 2011-03-12 12:08   1465344   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-10-16 13:44 . 2011-03-12 11:23   870912   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-10-16 13:42 . 2011-06-21 06:34   1923968   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-10-16 13:42 . 2011-05-03 05:29   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-10-16 13:42 . 2011-05-03 04:30   741376   ----a-w-   c:\windows\SysWow64\inetcomm.dll
2011-10-16 13:35 . 2011-02-23 04:55   90624   ----a-w-   c:\windows\system32\drivers\bowser.sys
2011-10-16 13:33 . 2011-02-24 05:38   288256   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-10-16 13:33 . 2011-02-24 06:15   476160   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-10-16 13:33 . 2011-02-19 12:03   46080   ----a-w-   c:\windows\system32\atmlib.dll
2011-10-16 13:33 . 2011-02-19 09:00   367616   ----a-w-   c:\windows\system32\atmfd.dll
2011-10-16 13:33 . 2011-02-19 06:30   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-10-16 13:33 . 2011-02-19 04:34   294912   ----a-w-   c:\windows\SysWow64\atmfd.dll
2011-10-16 13:31 . 2011-02-12 11:34   267776   ----a-w-   c:\windows\system32\FXSCOVER.exe
2011-10-16 13:31 . 2011-08-27 05:37   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-10-16 13:31 . 2011-08-27 04:26   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-10-16 13:31 . 2011-08-27 05:37   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-10-16 13:31 . 2011-08-27 04:26   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-10-16 13:29 . 2011-09-06 03:03   3138048   ----a-w-   c:\windows\system32\win32k.sys
2011-10-16 13:28 . 2011-08-17 05:26   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-10-16 13:28 . 2011-08-17 04:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-10-16 13:28 . 2011-08-17 04:19   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2011-10-16 13:28 . 2011-08-17 05:25   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-10-16 13:26 . 2011-02-25 06:19   2871808   ----a-w-   c:\windows\explorer.exe
2011-10-16 13:26 . 2011-02-25 05:30   2616320   ----a-w-   c:\windows\SysWow64\explorer.exe
2011-10-16 13:26 . 2011-07-09 02:46   288768   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-10-16 13:26 . 2011-04-27 02:40   158208   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-10-16 13:26 . 2011-04-27 02:39   128000   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-10-16 13:23 . 2011-04-22 22:15   27520   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2011-10-16 13:23 . 2011-03-03 06:24   183296   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-10-14 20:58 . 2011-10-14 20:58   --------   d-----w-   c:\program files\CheckPoint
2011-10-14 20:57 . 2011-03-18 05:24   69120   ----a-w-   c:\windows\SysWow64\zlcomm.dll
2011-10-14 20:57 . 2011-03-18 05:24   104448   ----a-w-   c:\windows\SysWow64\zlcommdb.dll
2011-10-14 20:57 . 2011-03-18 05:24   1238528   ----a-w-   c:\windows\SysWow64\zpeng25.dll
2011-10-14 20:57 . 2011-10-14 21:00   --------   d-----w-   c:\windows\SysWow64\ZoneLabs
2011-10-14 20:57 . 2010-05-15 20:30   458840   ----a-w-   c:\windows\system32\drivers\~GLH0023.TMP
2011-10-14 20:56 . 2010-05-15 20:30   458840   ------w-   c:\windows\system32\drivers\vsdatant.sys
2011-10-14 20:56 . 2011-10-14 20:56   --------   d-----w-   c:\program files (x86)\Zone Labs
2011-10-14 20:55 . 2011-10-14 20:55   --------   d-----w-   c:\programdata\CheckPoint
2011-10-14 20:55 . 2011-10-25 22:23   --------   d-----w-   c:\windows\Internet Logs
2011-10-14 20:10 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-14 20:09 . 2011-10-14 20:08   917840   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0618841-57E2-459B-8563-496CBB29D6AE}\gapaengine.dll
2011-10-14 20:05 . 2011-10-14 20:05   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-10-14 20:05 . 2011-10-14 20:05   --------   d-----w-   c:\program files\Microsoft Security Client
2011-10-14 19:53 . 2011-10-14 19:53   --------   d-----w-   c:\users\Public\Symantec
2011-10-14 19:50 . 2011-10-14 20:00   --------   d-----w-   c:\users\Yogaborn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 22:30 . 2011-04-11 18:48   525544   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-14 19:51 . 2010-06-24 18:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-31 03:05 . 2011-08-31 03:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   61288   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05   50536   ----a-w-   c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21   548352   ----a-w-   c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32   2240000   ----a-w-   c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-25  18:54:05
ComboFix-quarantined-files.txt  2011-10-25 22:54
.
Pre-Run: 206,573,289,472 bytes free
Post-Run: 206,196,031,488 bytes free
.
- - End Of File - - F081C4A61ACC4341890E8249D3540735



Hope this work
Thank you
again

[SuperDave]

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

********************************************
AVENGER

• Download The Avenger by Swandog46 from here.
  
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Click the Execute button.
  
• You will be asked No script has been entered.  Do you want to execute a rootkit scan only?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot.  Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  
• Please post this log in your next reply.

[Helpme220]

Thank you dave, I wil run all this tonight and hopefully get the logs posted. One question, should I stay in safe mode while running these programs?
Let me know
Thank you again

[SuperDave]

One question, should I stay in safe mode while running these programs?
Let me know

Please try to run them in Normal Mode.

[Helpme220]

Heres the rooter log
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\  [Fixed-NTFS] .. ( Total:218 Go - Free:192 Go )
D:\  [Fixed-NTFS] .. ( Total:13 Go - Free:1 Go )
E:\  [CD_Rom]
.
Scan : 17:03.44
Path : C:\Users\Yogaborn\Desktop\Rooter.exe
User : Yogaborn ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked ? (288)
Locked ? (452)
Locked ? (544)
Locked ? (552)
Locked ? (608)
Locked ? (628)
Locked ? (656)
Locked ? (664)
Locked ? (776)
Locked ? (852)
Locked ? (900)
Locked ? (992)
Locked ? (304)
Locked ? (424)
Locked ? (380)
Locked ? (1120)
Locked ? (1212)
Locked ? (1336)
Locked ? (1420)
Locked ? (1528)
Locked ? (1536)
Locked ? (1856)
Locked ? (1956)
Locked ? (2008)
Locked ? (1380)
Locked ? (1348)
Locked ? (1232)
Locked ? (1688)
Locked ? (1684)
Locked ? (1776)
Locked ? (1708)
Locked ? (1692)
Locked ? (1912)
Locked ? (1188)
Locked ? (1752)
Locked ? (2108)
Locked ? (2164)
Locked ? (2200)
Locked ? (2292)
Locked ? (2336)
Locked ? (2360)
Locked ? (2384)
Locked ? (3004)
Locked ? (3012)
Locked ? (2260)
Locked ? (2708)
Locked ? (3200)
Locked ? (1720)
Locked ? (3456)
Locked ? (3312)
Locked ? (3624)
Locked ? (1832)
Locked ? (3668)
______ }??? (2720)
Locked ? (860)
______ }??? (3904)
______ }??? (2540)
______ }??? (1364)
______ }??? (1924)
______ }??? (3544)
______ }??? (2704)
______ }??? (4088)
Locked ? (3260)
______ C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (4248)
______ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (4512)
______ C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (4604)
______ }??? (4612)
Locked ? (5084)
______ }??? (4448)
______ }??? (5116)
______ }??? (4944)
______ C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (5012)
Locked ? (4664)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (5264)
Locked ? (5784)
______ }??? (6068)
______ }??? (5336)
______ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (6108)
______ C:\Users\Yogaborn\Desktop\Rooter.exe (4016)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:234893606912)
\Device\Harddisk0\Partition3 (Start_Offset:235103322112 | Length:14846787584)
\Device\Harddisk0\Partition4 (Start_Offset:249950109696 | Length:108191744)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:03.52
.
C:\Rooter$\Rooter_1.txt - (27/10/2011 | 17:03.52)

 I ran the avenger , normal and in safe mode , wouldn't save the log
Let me know what I need to do to finish this
Thank you again for your help