I have had some pretty serious virus and malware problems over the course of a year or so, not constant but the average major ones that have poped up. Such as one, today, that makes your machine behave as if it has a serious problem. I believe that was called Windows Vista Updater, or something to the effect. I've recently been noticing a progressively slowing machine, on the internet and just browsing the files on the C: drive. When playing Rift (MMO) frame rates are in the teens even though I have recently bought a new video card, along with extremely high CPU usage when only one program is running. I have no clue where to start please help.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2007 9:28:01 PM
System Uptime: 6/8/2011 8:35:27 AM (9 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 366 GiB total, 247.52 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.873 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ATI High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100& REV_1002\5&262529C2&0&0001
Manufacturer: ATI Technologies Inc.
Name: ATI High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100& REV_1002\5&262529C2&0&0001
Service: AtiHDAudioService
.
==== System Restore Points ===================
.
RP1425: 5/30/2011 12:00:08 AM - Scheduled Checkpoint
RP1426: 5/30/2011 3:00:25 AM - Windows Update
RP1427: 5/31/2011 12:00:09 AM - Scheduled Checkpoint
RP1428: 5/31/2011 2:00:18 AM - Windows Update
RP1429: 5/31/2011 3:00:22 AM - Windows Update
RP1430: 6/1/2011 12:02:21 AM - Scheduled Checkpoint
RP1431: 6/1/2011 3:00:21 AM - Windows Update
RP1432: 6/2/2011 12:00:06 AM - Scheduled Checkpoint
RP1433: 6/2/2011 3:00:28 AM - Windows Update
RP1434: 6/3/2011 12:00:05 AM - Scheduled Checkpoint
RP1435: 6/3/2011 2:00:01 AM - Windows Update
RP1436: 6/3/2011 3:00:18 AM - Windows Update
RP1437: 6/4/2011 3:00:29 AM - Windows Update
RP1438: 6/4/2011 7:14:33 PM - Scheduled Checkpoint
RP1439: 6/5/2011 3:00:15 AM - Windows Update
RP1440: 6/6/2011 12:16:08 AM - Scheduled Checkpoint
RP1441: 6/6/2011 3:00:22 AM - Windows Update
RP1442: 6/6/2011 5:35:00 PM - Scheduled Checkpoint
RP1443: 6/7/2011 3:00:21 AM - Windows Update
RP1444: 6/8/2011 12:00:12 AM - Scheduled Checkpoint
RP1445: 6/8/2011 3:00:25 AM - Windows Update
RP1446: 6/8/2011 8:16:43 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
AMD Fuel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
avast! Free Antivirus
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
Choice Guard
Conduit Engine
CustomerResearchQFolder
D2400
D2400_Help
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Dragon Age II
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
HydraVision
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Launcher
Lexmark 1200 Series
LightScribe 1.4.124.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Media Player Classic
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft DirectX 9.0 SDK
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox (3.5.19)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 260.99
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Platform
PSSWCORE
PVSonyDll
Python 2.4.3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RIFT
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype Toolbars
Skype™ 5.0
Soft Data Fax Modem with SmartCP
SolutionCenter
Sony Picture Utility
Spybot - Search & Destroy
The Lord of the Rings FREE Trial
Toolbox
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
VGA USB Camera
VIA Platform Device Manager
VideoToolkit01
VirtualCloneDrive
VLC media player 1.0.1
VMN Toolbar
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
World of Logs Client
Xfire (remove only)
XfireXO Toolbar
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 9:59:25 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 49 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:58:25 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 48 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:57:24 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 47 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 923 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 46 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:55:23 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:54:22 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:53:22 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:52:21 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:51:20 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:50:20 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 40 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:49:19 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 39 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:48:18 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 38 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:47:17 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 37 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:46:16 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 36 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:45:15 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 35 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:44:15 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 34 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:43:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 33 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:42:13 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 32 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:41:12 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:40:11 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:39:11 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:38:10 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:37:09 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:36:08 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:35:07 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:34:07 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:33:06 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:32:05 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:31:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:30:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:29:03 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:28:02 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:27:01 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:26:01 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:25:00 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:23:59 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:22:58 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 957 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:20:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:19:55 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:18:54 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:17:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:16:53 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
6/7/2011 9:16:52 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:16:51 PM, Error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 3 time(s).
6/7/2011 9:15:52 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:14:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:13:50 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:13:50 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:13:42 PM, Error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 2 time(s).
6/7/2011 9:12:49 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:11:48 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:11:07 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
6/7/2011 9:10:56 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/7/2011 9:10:49 PM, Error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:49 PM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 2 time(s).
6/7/2011 9:10:48 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:47 PM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:47 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 9:10:46 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:46 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:46 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:46 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/7/2011 9:10:45 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:45 PM, Error: Service Control Manager [7034] - The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:45 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:45 PM, Error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:45 PM, Error: Service Control Manager [7034] - The AMD Reservation Manager service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:44 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:44 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:43 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 9:10:41 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:51:56 AM, Error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 10:07:30 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 57 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:06:30 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 56 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:05:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 55 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:04:28 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 54 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:03:28 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 53 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:02:27 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 52 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:01:27 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 51 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 10:00:26 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 50 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/6/2011 8:38:33 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/6/2011 8:33:18 AM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
6/6/2011 3:25:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
6/6/2011 3:25:23 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/6/2011 3:25:15 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.5, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
6/6/2011 3:25:15 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/6/2011 3:24:58 AM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.
6/6/2011 1:27:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
6/6/2011 1:27:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2011 3:07:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 (KB2449798).
6/1/2011 3:05:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2502786).
6/1/2011 3:05:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2509503).
6/1/2011 3:04:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2536411).
6/1/2011 3:03:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2003 (KB2535812).
6/1/2011 3:02:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2289163).
6/1/2011 3:01:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
6/1/2011 12:44:03 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
6/1/2011 10:05:18 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/1/2011 1:15:32 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
.
==== End Of File ===========================

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_17
Run by jeff at 17:37:40 on 2011-06-08
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.857 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! UK
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [wrna3ls] c:\program files\rnamfler\naomf.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [VBTUCopy] c:\program files\vbtucopy\VBTUCopy.exe /a /f
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\jeff\appdata\roaming\microsoft\windows\st art menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\sta rtm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\sta rtm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66FB05C3-26A1-4D96-955F-F3C3D4EB93B0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC3BBCA3-C7B5-40E8-A847-84526C0616AC} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\prof iles\owdxzf9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin \mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin \mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [2011-6-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 307928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2011-6-8 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-6-8 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-8 42184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-2-25 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atik mdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atik mpag.sys [2011-1-26 238592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-8 136176]
S3 {8C72B40D-82A8-4650-A27CF804C2476255};{8C72B40D-82A8-4650-A27CF804C2476255};c:\windows\system32\svchost.exe -k netsvcs [2008-6-24 21504]
S3 {A016859F-D629-4781-8EBEDB99AEC0470A};{A016859F-D629-4781-8EBEDB99AEC0470A};c:\windows\system32\svchost.exe -k netsvcs [2008-6-24 21504]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-2-25 99344]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2009-6-2 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-4-18 366080]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2011-6-8 39984]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-08 13:25:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 13:17:23 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-08 13:17:22 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-08 13:17:05 40112 ----a-w- c:\windows\avastSS.scr
2011-06-08 13:16:49 -------- d-----w- c:\programdata\AVAST Software
2011-06-08 13:16:49 -------- d-----w- c:\program files\AVAST Software
2011-06-06 18:54:35 -------- d-----w- C:\Cache
2011-06-06 04:17:40 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol500.dll
2011-06-06 04:17:40 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-06-06 04:17:38 -------- d-----w- c:\users\jeff\appdata\roaming\Catalina Marketing Corp
2011-06-06 04:17:35 525856 ----a-w- c:\users\jeff\appdata\roaming\microsoft\windows\st art menu\programs\catalina marketing corp\UninstallCouponActivator.exe
2011-06-06 01:25:34 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-06 01:25:34 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-03 07:00:27 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{45cfbeaa-1c9f-41cf-b3b3-e1e236328b5c}\mpengine.dll
2011-05-11 11:14:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-04-17 19:57:54 41872 ----a-w- c:\windows\system32\xfcodec.dll
2008-02-16 23:58:04 693248 --sha-w- c:\windows\system32\_re082.exe
.
============= FINISH: 17:38:46.48 ===============

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6809

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

6/8/2011 5:45:46 PM
mbam-log-2011-06-08 (17-45-46).txt

Scan type: Quick scan
Objects scanned: 156137
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: RK569AA-ABA m7750n
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 156):
0x8361B000 \SystemRoot\system32\ntkrnlpa.exe
0x839D4000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80608000 \SystemRoot\system32\PSHED.dll
0x80619000 \SystemRoot\system32\BOOTVID.dll
0x80621000 \SystemRoot\system32\CLFS.SYS
0x80662000 \SystemRoot\system32\CI.dll
0x80742000 \SystemRoot\System32\drivers\kfhmkak.sys
0x80750000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8920A000 \SystemRoot\system32\drivers\acpi.sys
0x89250000 \SystemRoot\system32\drivers\WMILIB.SYS
0x89259000 \SystemRoot\system32\drivers\msisadrv.sys
0x89261000 \SystemRoot\system32\drivers\pci.sys
0x89288000 \SystemRoot\System32\drivers\partmgr.sys
0x89297000 \SystemRoot\system32\drivers\volmgr.sys
0x892A6000 \SystemRoot\System32\drivers\volmgrx.sys
0x892F0000 \SystemRoot\system32\drivers\pciide.sys
0x892F7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x89305000 \SystemRoot\System32\drivers\mountmgr.sys
0x89315000 \SystemRoot\system32\drivers\atapi.sys
0x8931D000 \SystemRoot\system32\drivers\ataport.SYS
0x8933B000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x89348000 \SystemRoot\system32\DRIVERS\storport.sys
0x89389000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x893A6000 \SystemRoot\system32\drivers\fltmgr.sys
0x893D8000 \SystemRoot\system32\drivers\fileinfo.sys
0x893E8000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89401000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89472000 \SystemRoot\system32\drivers\ndis.sys
0x8957D000 \SystemRoot\system32\drivers\msrpc.sys
0x895A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x89603000 \SystemRoot\System32\drivers\tcpip.sys
0x896EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8980C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8991B000 \SystemRoot\system32\drivers\volsnap.sys
0x89954000 \SystemRoot\System32\Drivers\spldr.sys
0x8995C000 \SystemRoot\System32\Drivers\mup.sys
0x8996B000 \SystemRoot\System32\drivers\ecache.sys
0x89992000 \SystemRoot\system32\drivers\disk.sys
0x899A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x899C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x899E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x899EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89724000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x89734000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8DC0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E408000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E4A7000 \SystemRoot\System32\drivers\watchdog.sys
0x8E4B4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E4C6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E4D0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E50E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E51D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E535000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8E53B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E54B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E559000 \SystemRoot\system32\DRIVERS\MRVW13B.sys
0x8E809000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E909000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E937000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E942000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E959000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E964000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E987000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E996000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E9AA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E9BF000 \SystemRoot\system32\DRIVERS\pctnullport.sys
0x8E9C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E9D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E9E2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9ED000 \SystemRoot\system32\DRIVERS\VClone.sys
0x8E59C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8E9F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5C2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E5EC000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x8E391000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E39B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E3A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E3DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC02000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EE39000 \SystemRoot\system32\drivers\portcls.sys
0x8EE66000 \SystemRoot\system32\drivers\drmk.sys
0x8EE8B000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8EEFB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EF04000 \SystemRoot\System32\Drivers\Null.SYS
0x8EF0B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EF2E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EF35000 \SystemRoot\System32\drivers\vga.sys
0x8EF41000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EF62000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EF6A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EF72000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EF7D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EF8B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EF94000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EFAA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8EFB4000 \SystemRoot\system32\DRIVERS\smb.sys
0x89773000 \SystemRoot\system32\drivers\afd.sys
0x8EFC8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8EFCD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EF12000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x897BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EF1B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E3ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F40E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F44A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F454000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8F45E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F475000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8F4BF000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x8F4C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F4DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F4DC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F4E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F4F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F4FD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F50A000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8F514000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8F531000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x990A0000 \SystemRoot\System32\win32k.sys
0x8F543000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F54D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8F557000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F560000 \SystemRoot\system32\DRIVERS\monitor.sys
0x992C0000 \SystemRoot\System32\TSDDD.dll
0x992E0000 \SystemRoot\System32\cdd.dll
0x8F56F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8F5A7000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x82E00000 \SystemRoot\system32\drivers\spsys.sys
0x82EAF000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x82EDF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82EEF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82F19000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82F23000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82F36000 \SystemRoot\system32\drivers\HTTP.sys
0x82FA3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82FC0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x82FD9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8F5BB000 \SystemRoot\system32\drivers\mrxdav.sys
0x8F5DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9FA09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9FA42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9FA5A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FA82000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FAE9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9FAED000 \SystemRoot\system32\drivers\peauth.sys
0x9FBCB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FBD5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FBE1000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9FAD1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9FBF6000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x897D1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x899CD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x89707000 \??\C:\Users\jeff\AppData\Local\Temp\pgldypob.sys
0x776C0000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
552 C:\Windows\System32\smss.exe
684 csrss.exe
756 C:\Windows\System32\wininit.exe
768 csrss.exe
800 C:\Windows\System32\services.exe
812 C:\Windows\System32\lsass.exe
820 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\winlogon.exe
1016 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\nvvsvc.exe
1104 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\atiesrxx.exe
1232 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\SLsvc.exe
1476 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\atieclxx.exe
1612 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1772 C:\Windows\System32\svchost.exe
1936 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
748 C:\Windows\System32\LEXBCES.EXE
1008 C:\Windows\System32\LEXPPS.EXE
1440 C:\Windows\System32\spoolsv.exe
1680 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\dwm.exe
2208 C:\Windows\explorer.exe
2868 C:\hp\support\hpsysdrv.exe
3056 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
3072 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3100 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
3144 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3284 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
3304 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
3340 C:\Windows\System32\svchost.exe
3396 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3492 C:\Windows\System32\svchost.exe
3528 C:\Windows\System32\svchost.exe
3548 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3612 C:\Windows\System32\SearchIndexer.exe
3732 C:\Windows\System32\drivers\XAudio.exe
3788 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3844 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
3880 WUDFHost.exe
3896 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
3932 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
1380 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2424 WmiPrvSE.exe
1248 C:\Windows\System32\alg.exe
1508 C:\Windows\System32\mobsync.exe
2508 C:\Windows\RtHDVCpl.exe
2488 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4448 C:\Program Files\iTunes\iTunesHelper.exe
4488 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
4504 C:\Program Files\real\realplayer\Update\realsched.exe
4512 C:\Program Files\AVAST Software\Avast\AvastUI.exe
4520 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4544 C:\Program Files\Windows Sidebar\sidebar.exe
4552 C:\Windows\ehome\ehtray.exe
4592 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4604 C:\Program Files\Windows Media Player\wmpnscfg.exe
4632 C:\Windows\System32\ctfmon.exe
4648 C:\Windows\ehome\ehmsas.exe
4708 C:\Program Files\Windows Media Player\wmpnetwk.exe
4824 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
5252 C:\Windows\System32\wbem\unsecapp.exe
5328 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5704 C:\Program Files\Windows Sidebar\sidebar.exe
5732 C:\Windows\System32\taskeng.exe
6136 C:\Program Files\iPod\bin\iPodService.exe
3764 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
3744 C:\Windows\System32\taskeng.exe
5352 C:\Program Files\Mozilla Firefox\firefox.exe
4252 C:\hp\KBD\kbd.exe
2900 C:\Program Files\Internet Explorer\iexplore.exe
6076 C:\Windows\System32\SearchProtocolHost.exe
6388 C:\Windows\System32\SearchFilterHost.exe
6532 C:\Program Files\Internet Explorer\iexplore.exe
4272 C:\Program Files\Windows Live\Toolbar\wltuser.exe
5936 C:\Windows\System32\SearchProtocolHost.exe
332 C:\Users\jeff\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000005b`966da000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725040VLA, Rev: V5CO

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 RE: Hewlett-Packard MBR code detected
SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8


Done!


The other file you wanted to be uploaded, gave me a blue screen of death 2 times in a row. Also malwarebytes says 0 for everything found, but the first scan found like 9 i just lost track of the file and havn't been able to locate it on the computer suggestions? Thanks in advance for your help

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ==================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

• Link 1 (.exe file)
  Link 2 (zipped file)
  Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D803000 C:\Windows\system32\DRIVERS\atikmdag.sys 7888896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x83609000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x83609000 PnpManager 3903488 bytes
0x83609000 RAW 3903488 bytes
0x83609000 WMIxWDM 3903488 bytes
0x8E801000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x990C0000 Win32k 2109440 bytes
0x990C0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89400000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x84277000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D44B000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x89203000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x8066B000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA8A0F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EF0F000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8935F000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x84206000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8074B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8EA8A000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x82017000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82187000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8EE03000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x840A6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E2E9000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8400A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D408000 C:\Windows\system32\DRIVERS\MRVW13B.sys 274432 bytes (Marvell Semiconductor, Inc, ExtSta NDIS 6.0 driver)
0x8062A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x84148000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x89320000 C:\Windows\system32\DRIVERS\atikmpag.sys 258048 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8DFB2000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E39A000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x843AD000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8210E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8950F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8EEC3000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8E299000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x839C2000 ACPI_HAL 208896 bytes
0x839C2000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x841A6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E331000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EFBE000 C:\Windows\system32\DRIVERS\RMCAST.sys 196608 bytes (Microsoft Corporation, Reliable Multicast Transport)
0x8D54B000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EA38000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x84382000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E248000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x895C1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8215F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8955F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x84061000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA8B32000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8E220000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8EA65000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D5A6000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89597000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8EB40000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x820CF000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x820EF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8411D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8EE8D000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x84189000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x82084000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x892EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x820A1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x843E7000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x82147000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E3E0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D584000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8EB61000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA8B58000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E363000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EBCD000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x820BA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807DA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA8B03000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8D5D8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EB11000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x82004000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E387000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8DF96000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8EE64000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA8B18000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x89586000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E2CD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80611000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E272000 C:\Windows\system32\DRIVERS\amdiox86.sys 65536 bytes (Advanced Micro Devices, AMD IO Driver)
0x89310000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x841D8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8EB83000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8EFEE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x84105000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x807CA000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x807EF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8EEB4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89550000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x84088000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D5C9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8DFF0000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x84097000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x841F1000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x99300000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E379000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EBB6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x840F7000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x807BC000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8EE76000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8413B000 C:\Windows\system32\DRIVERS\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x8E28C000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8DF89000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0xA8AF7000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E214000 C:\Windows\system32\DRIVERS\VClone.sys 49152 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x8EB34000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D5F4000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E209000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8EBAB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D59B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D579000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x895F5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EBE3000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8EE83000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8EEAA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E3D6000 C:\Windows\System32\Drivers\ElbyCDIO.sys 40960 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x8E282000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E2DE000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8EBF6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA8AED000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8DFA8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8EE51000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xA8B6E000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x895B8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8EAFA000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8EB7A000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8EE5B000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x841E8000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8EBC4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x992E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89307000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x84050000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8EBED000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x84115000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80622000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80609000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8EB93000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x84059000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D5EC000 C:\Windows\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0x8EB9B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EBA3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89548000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA8B2A000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8EB0A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EB2D000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8EB03000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x840F0000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x84200000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EB25000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8EE4D000 C:\Windows\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x821EE000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8EEFB000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8E246000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8EB78000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x87B3DA91 Unknown page with executable code, 1391 bytes
0x8950F000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
0x87B3C288 Unknown page with executable code, 3448 bytes
0x87B3E191 Unknown page with executable code, 3695 bytes
0x87B40E7A Unknown thread object [ ETHREAD 0x87E808B8 ] TID: 252, 600 bytes
0x87B43008 Unknown thread object [ ETHREAD 0x87E9EC58 ] TID: 256, 600 bytes
0x87B42CDC Unknown page with executable code, 804 bytes

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Extracted and tried to run by double-click and run as admin, get the "thinking" icon on the mouse then just stops trying, without opening the program

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

ComboFix 11-06-13.01 - jeff 06/13/2011 16:27:35.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1513 [GMT -5:00]
Running from: c:\users\jeff\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\rnamfler
c:\program files\rnamfler\manual.htm
c:\program files\rnamfler\naofsvc.exe
c:\program files\rnamfler\naomf.exe
c:\program files\rnamfler\radhslib.dll
c:\program files\rnamfler\radprcmp.exe
c:\program files\rnamfler\radprlib.dll
c:\program files\rnamfler\tray.jpg
c:\program files\rnamfler\unims000.dat
c:\users\jeff\AppData\Roaming\.#
c:\users\jeff\AppData\Roaming\Microsoft\Windows\Re cent\Curse Client.appref-ms
c:\users\jeff\AppData\Roaming\Microsoft\Windows\Re cent\MSN Money.url
c:\users\jeff\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows Vista Recovery
c:\users\jeff\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\jeff\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\jeff\Desktop\Windows Vista Recovery.lnk
c:\users\jeff\DX8Test.exe
c:\users\Public\Desktop\Malware Protection.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 21:34 . 2011-06-13 21:34 -------- d-----w- c:\users\jeff\AppData\Local\temp
2011-06-13 21:34 . 2011-06-13 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-13 21:20 . 2011-06-13 21:24 -------- d-----w- C:\32788R22FWJFW
2011-06-08 13:25 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 13:17 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-08 13:17 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-08 13:17 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-08 13:17 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-08 13:17 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-08 13:17 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-08 13:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-08 13:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-08 13:16 . 2011-06-08 13:16 -------- d-----w- c:\programdata\AVAST Software
2011-06-08 13:16 . 2011-06-08 13:16 -------- d-----w- c:\program files\AVAST Software
2011-06-06 18:54 . 2011-06-06 18:54 -------- d-----w- C:\Cache
2011-06-06 04:17 . 2011-06-06 04:17 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol500.dll
2011-06-06 04:17 . 2011-06-06 04:17 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll
2011-06-06 04:17 . 2011-06-06 04:17 -------- d-----w- c:\users\jeff\AppData\Roaming\Catalina Marketing Corp
2011-06-06 04:17 . 2011-06-06 04:17 525856 ----a-w- c:\users\jeff\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-06-06 01:25 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-06 01:25 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-03 07:00 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45CFBEAA-1C9F-41CF-B3B3-E1E236328B5C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2008-02-16 23:58 693248 --sha-w- c:\windows\System32\_re082.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 21:54 175912 ----a-w- c:\program files\XfireXO\prxtbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-26 273544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\jeff\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
CurseClientStartup.ccip [2010-7-26 0]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-6-12 385024]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-17 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-05-10 53592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 {8C72B40D-82A8-4650-A27CF804C2476255};{8C72B40D-82A8-4650-A27CF804C2476255};c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 {A016859F-D629-4781-8EBEDB99AEC0470A};{A016859F-D629-4781-8EBEDB99AEC0470A};c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [2011-01-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [2011-01-26 238592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{A016859F-D629-4781-8EBEDB99AEC0470A}
{8C72B40D-82A8-4650-A27CF804C2476255}
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 13:17]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 13:17]
.
2011-06-13 c:\windows\Tasks\User_Feed_Synchronization-{39C75368-CC8B-43C6-921F-07D081FB9A0F}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! UK
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Prof iles\owdxzf9i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-NCsoft Launcher - c:\program files\ncsoft\launcher\NCLauncher.exe
HKLM-Run-wrna3ls - c:\program files\rnamfler\naomf.exe
HKLM-Run-VBTUCopy - c:\program files\VBTUCopy\VBTUCopy.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-13 16:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 8C72B40D-82A8-4650-A27CF804C2476255}]
"ServiceDll"="c:\users\jeff\AppData\Local\Temp\A19 6.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ A016859F-D629-4781-8EBEDB99AEC0470A}]
"ServiceDll"="c:\users\jeff\AppData\Local\Temp\A19 6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-13 16:35:43
ComboFix-quarantined-files.txt 2011-06-13 21:35
ComboFix2.txt 2009-07-23 01:15
.
Pre-Run: 256,121,020,416 bytes free
Post-Run: 256,145,338,368 bytes free
.
- - End Of File - - 9EA158292FAD4D220F8BAE5E7736E8BC

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\users\jeff\AppData\Local\Temp\A196.tmp

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{8C72B40D-82A8-4650-A27CF804C2476255}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{A016859F-D629-4781-8EBEDB99AEC0470A}]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

I tried this and it started up comboFix really well, once the blue screen showed up and it started to go through it's process, the entire computer froze. Can hear all the fans go into overdrive and had to do a hard shutdown after waiting 20 minutes to make sure it wasn't part of the process. Also I now have Iexplorer opening 2 versions of itself in the background constantly no matter how often I close it down or end process tree via Windows task manager it still opens itself again roughly 5 minutes later. I wouldn't worry about it although I noticed that when this occurs my computer really bogs down, at it's worse point looking at the Task Manager I've seen Iexplorer taking up 500,000k memory.

Try to run the fix from Safe Mode.