need my wifes laptop :(

i have the gmer log GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 05:49:45
Windows 6.0.6001 Service Pack 1
Running: ewgrqd99.exe; Driver: C:\Users\LILBIG~1\AppData\Local\Temp\ufxiqkob.sys

---- System - GMER 1.0.15 ----

Code 8482A798 ZwEnumerateKey
Code 8482A760 ZwFlushInstructionCache
Code 84C86E2D IofCallDriver
Code 84C86E66 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81E81FE2 5 Bytes JMP 84C86E6B
.text ntkrnlpa.exe!IofCallDriver 81F03F6F 5 Bytes JMP 84C86E32
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FFA30B 5 Bytes JMP 8482A764
PAGE ntkrnlpa.exe!ZwEnumerateKey 8204FBAC 5 Bytes JMP 8482A79C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!DialogBoxIndirectParamW 76E9BD25 5 Bytes JMP 727843F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!CreateWindowExW 76EA3D67 5 Bytes JMP 7268D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!DialogBoxParamA 76ED80B2 5 Bytes JMP 72784394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!DialogBoxIndirectParamA 76ED83DD 5 Bytes JMP 7278445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxIndirectA 76EED471 5 Bytes JMP 72784329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxIndirectW 76EED56B 5 Bytes JMP 727842BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxExA 76EED5D1 5 Bytes JMP 7278425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxExW 76EED5F5 5 Bytes JMP 727841FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] ole32.dll!OleLoadFromStream 76FD9726 5 Bytes JMP 72784778 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpAddRequestHeadersA 7712CF46 5 Bytes JMP 008F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpOpenRequestA 7712D508 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!InternetConnectA 7712DEAE 5 Bytes JMP 00D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!InternetConnectW 7712F862 5 Bytes JMP 00D7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpOpenRequestW 7712FBFB 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpAddRequestHeadersW 7712FE49 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!closesocket 76F3330C 5 Bytes JMP 031F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!recv 76F3343A 5 Bytes JMP 0309000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!connect 76F340D9 5 Bytes JMP 030A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!send 76F3659B 5 Bytes JMP 0320000A
.text C:\Program Files\Trend Micro\supercool\HijackThis.exe[312] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 0177000A
.text C:\Program Files\DAP\DAP.EXE[320] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 00A9000A
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 01D9000A
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 009A000A
.text C:\Windows\system32\services.exe[648] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 00EB000A
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[1896] WS2_32.dll!closesocket 76F3330C 5 Bytes JMP 034F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1896] WS2_32.dll!connect 76F340D9 5 Bytes JMP 034E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1896] WS2_32.dll!send 76F3659B 5 Bytes JMP 0350000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 0203BFC0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 0203C030
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 02039F00
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 0203C560
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 0203B230
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 020386C0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 02039920
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 02039B90
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 0203B340
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 0203C550
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 0203B190
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 0203AFF0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 0203A3F0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 0203AB80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 0203A830
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 0203AFB0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetACP] 0203C570
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 02039E80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 020399A0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 0203A000
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 0203C230
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 0203A150
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0203C550
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0203C030
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0203B190
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0203CAD0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 0203A150
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 02039B00
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 02039E80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0203AFF0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0203B6B0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0203B440
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0203B630
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0203BB10
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0203B820
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 0203B340
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0203B580
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0203B130
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 0203AFB0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 0203C570
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0203A000
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0203C290
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0203C1B0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0203C170
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0203A830
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 020399A0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0203B230
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 02039920
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 02039B90
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 020386C0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 0203AB80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 0203C540
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 0203C810
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 0203C7B0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0203CA00
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0203CAA0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 0203C8D0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0203C4C0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0203C470

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \FileSystem\fastfat \Fat B4A0EA7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys (*** hidden *** ) 8BF36000-8BF52000 (114688 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [192] 0x00E70000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [600] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [896] 0x009E0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1008] 0x00990000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1056] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1096] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1120] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1136] 0x00990000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1296] 0x00990000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1408] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1896] 0x02050000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\H8SRTdcwtvxbmfb.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start

Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll

---- EOF - GMER 1.0.15 ----

i might have been under safe mode when i did it cant remember dag sorry ppl but i know it has a virus and trojan none of the antivirus programs will work on her laptop and the web browser keeps redirecting to other sites any help you all can give will be very appreciated

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

21:20:00:444 1564 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
21:20:00:444 1564 ================================================================================
21:20:00:444 1564 SystemInfo:

21:20:00:444 1564 OS Version: 6.0.6001 ServicePack: 1.0
21:20:00:444 1564 Product type: Workstation
21:20:00:444 1564 ComputerName: LILBIGPIMPIN-PC
21:20:00:444 1564 UserName: Lil Big Pimpin'
21:20:00:444 1564 Windows directory: C:\Windows
21:20:00:444 1564 Processor architecture: Intel x86
21:20:00:444 1564 Number of processors: 2
21:20:00:444 1564 Page size: 0x1000
21:20:00:444 1564 Boot type: Normal boot
21:20:00:444 1564 ================================================================================
21:20:00:444 1564 UnloadDriverW: NtUnloadDriver error 2
21:20:00:444 1564 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:20:00:444 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:20:00:460 1564 UtilityInit: KLMD drop and load success
21:20:00:460 1564 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
21:20:00:460 1564 UtilityInit: KLMD open success
21:20:00:460 1564 UtilityInit: Initialize success
21:20:00:460 1564
21:20:00:460 1564 Scanning Services ...
21:20:00:476 1564 CreateRegParser: Registry parser init started
21:20:00:476 1564 CreateRegParser: DisableWow64Redirection error
21:20:00:476 1564 wfopen_ex: Trying to open file C:\Windows\system32\config\system
21:20:00:476 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
21:20:00:476 1564 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:20:00:476 1564 wfopen_ex: Trying to KLMD file open
21:20:00:476 1564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
21:20:00:476 1564 wfopen_ex: File opened ok (Flags 2)
21:20:00:476 1564 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 2521318
21:20:00:476 1564 wfopen_ex: Trying to open file C:\Windows\system32\config\software
21:20:00:476 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
21:20:00:476 1564 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:20:00:476 1564 wfopen_ex: Trying to KLMD file open
21:20:00:476 1564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
21:20:00:476 1564 wfopen_ex: File opened ok (Flags 2)
21:20:00:476 1564 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 2521340
21:20:00:476 1564 CreateRegParser: EnableWow64Redirection error
21:20:00:476 1564 CreateRegParser: RegParser init completed
21:20:01:380 1564 GetAdvancedServicesInfo: Raw services enum returned 432 services
21:20:01:380 1564 ScanTDL2Services: Exact detect H8SRTd.sys (h: 1)
21:20:01:380 1564 RegNode HKLM\SYSTEM\ControlSet001\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:380 1564 will be deleted on reboot
21:20:01:380 1564 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:20:01:380 1564 DeleteTDL2Service: SafeBoot Network doesn't infected
21:20:01:396 1564 RegNode HKLM\SYSTEM\ControlSet002\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:396 1564 will be deleted on reboot
21:20:01:396 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet002\control\safeboot) error 5
21:20:01:427 1564 RegNode HKLM\SYSTEM\ControlSet003\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:427 1564 will be deleted on reboot
21:20:01:427 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet003\control\safeboot) error 5
21:20:01:458 1564 RegNode HKLM\SYSTEM\ControlSet004\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:458 1564 will be deleted on reboot
21:20:01:458 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet004\control\safeboot) error 5
21:20:01:458 1564 RegNode HKLM\SYSTEM\ControlSet005\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:458 1564 will be deleted on reboot
21:20:01:458 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet005\control\safeboot) error 5
21:20:01:474 1564 RegNode HKLM\SYSTEM\ControlSet006\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:474 1564 will be deleted on reboot
21:20:01:474 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet006\control\safeboot) error 5
21:20:01:490 1564 RegNode HKLM\SYSTEM\ControlSet007\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:490 1564 will be deleted on reboot
21:20:01:490 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet007\control\safeboot) error 5
21:20:01:490 1564 RegNode HKLM\SYSTEM\ControlSet008\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:490 1564 will be deleted on reboot
21:20:01:490 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet008\control\safeboot) error 5
21:20:01:490 1564 RegNode HKLM\SYSTEM\ControlSet009\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:490 1564 will be deleted on reboot
21:20:01:490 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet009\control\safeboot) error 5
21:20:01:505 1564 RegNode HKLM\SYSTEM\ControlSet010\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:505 1564 will be deleted on reboot
21:20:01:505 1564 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:20:01:521 1564 DeleteTDL2Service: SafeBoot Network doesn't infected
21:20:01:521 1564 File C:\Windows\system32\drivers\H8SRTdcwtvxbmfb.sys infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: H8SRTd. Type: 1

21:20:01:521 1564 DeleteTDL2Service: Module clone ImagePath, skipping
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: H8SRTc. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRTcbmpqdpfen.dll infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: H8SRTsrcr. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRTcsvsvehtdd.dat infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: h8srtserf. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRToteayxrxwp.dll infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: h8srtbbr. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRTiqwlipbtig.dll infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:536 1564 DeleteTDL2Service: Module enum: Name: h8srtmsg. Type: 1
21:20:01:536 1564 File C:\Windows\system32\H8SRTebtpkforyo.dll infected by TDSS rootkit ... 21:20:01:536 1564 will be deleted on reboot
21:20:01:536 1564 ScanTDL2Services: DeleteEvilService(H8SRTd.sys) success
21:20:01:536 1564 fclose_ex: Trying to close file C:\Windows\system32\config\system
21:20:01:536 1564 fclose_ex: Trying to close file C:\Windows\system32\config\software
21:20:01:536 1564
21:20:01:536 1564 Scanning Kernel memory ...
21:20:01:536 1564 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
21:20:01:536 1564 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84EE8C68
21:20:01:536 1564 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
21:20:01:536 1564
21:20:01:536 1564 DetectCureTDL3: DEVICE_OBJECT: 84FEBAC8
21:20:01:536 1564 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84FEBAC8
21:20:01:536 1564 DetectCureTDL3: DEVICE_OBJECT: 84851BA0
21:20:01:536 1564 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84851BA0
21:20:01:536 1564 KLMD_ReadMem: Trying to ReadMemory 0x84851BA0[0x38]
21:20:01:536 1564 DetectCureTDL3: DRIVER_OBJECT: 847DB908
21:20:01:536 1564 KLMD_ReadMem: Trying to ReadMemory 0x847DB908[0xA8]
21:20:01:536 1564 KLMD_ReadMem: Trying to ReadMemory 0x847CF170[0x1A]
21:20:01:536 1564 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
21:20:01:536 1564 DetectCureTDL3: IrpHandler (0) addr: 879C20FC
21:20:01:536 1564 DetectCureTDL3: IrpHandler (1) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (2) addr: 879C20FC
21:20:01:536 1564 DetectCureTDL3: IrpHandler (3) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (4) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (5) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (6) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (7) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (8) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (9) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (10) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (11) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (12) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (13) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (14) addr: 879B09D6
21:20:01:536 1564 DetectCureTDL3: IrpHandler (15) addr: 879B09A8
21:20:01:536 1564 DetectCureTDL3: IrpHandler (16) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (17) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (18) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (19) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (20) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (21) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (22) addr: 879B0A04
21:20:01:536 1564 DetectCureTDL3: IrpHandler (23) addr: 879BDB70
21:20:01:536 1564 DetectCureTDL3: IrpHandler (24) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (25) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (26) addr: 81E75FE3
21:20:01:536 1564 TDL3_FileDetect: Processing driver: atapi
21:20:01:536 1564 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
21:20:01:536 1564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
21:20:01:536 1564 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean
21:20:01:536 1564 UtilityBootReinit: Reboot required for cure complete..
21:20:01:536 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
21:20:01:552 1564 UtilityBootReinit: KLMD drop success
21:20:01:552 1564 KLMD_ApplyPendList: Pending buffer(5816_6DB5, 2216) dropped successfully
21:20:01:552 1564 UtilityBootReinit: Cure on reboot scheduled successfully
21:20:01:552 1564
21:20:01:552 1564 Completed
21:20:01:552 1564
21:20:01:552 1564 Results:
21:20:01:552 1564 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:20:01:552 1564 Registry objects infected / cured / cured on reboot: 10 / 0 / 10
21:20:01:552 1564 File objects infected / cured / cured on reboot: 6 / 0 / 6
21:20:01:552 1564
21:20:01:614 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:20:01:614 1564 UtilityDeinit: KLMD(ARK) unloaded successfully

Very good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

"some files could not be created close all applications restart windows and restart installation " restarted numerous time ill try again after work in the morn after i check back for advice maybe i need to update it dont have internet on at all been using my computer to transfer through usb stick....thanks for all the help so far though...

Delete your Combofix file.
Download fresh one from HERE
I renamed the file for a reason.

i have to uninstall the comodo and avg but i cant uninstall the avg it wond do it i have manually deleted everything but the avgse.dll 98kb size ill figure it out later on when i get back home thanx for all the help so far

AVG Remover utility
http://www.avg.com/us-en/download-tools

thanx train it worked

here's the log from combo fix
ComboFix 10-01-27.03 - Lil Big Pimpin' 01/29/2010 15:36:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1158 [GMT -5:00]
Running from: c:\users\Lil Big Pimpin'\Desktop\9c6fg5k7.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\h8srtmainqt.dll
c:\users\Lil Big Pimpin'\AppData\Local\prang4.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\oem2.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 20:41 . 2010-01-29 20:41 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Local\temp
2010-01-29 20:41 . 2010-01-29 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 10:26 . 2010-01-27 10:26 -------- d-----w- c:\program files\Trend Micro
2010-01-27 08:59 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-27 08:59 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-27 08:59 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-27 08:59 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-27 08:59 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-27 08:59 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-27 08:59 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-27 08:59 . 2010-01-27 08:59 -------- d-----w- c:\programdata\Alwil Software
2010-01-27 08:59 . 2010-01-27 08:59 -------- d-----w- c:\program files\Alwil Software
2010-01-23 08:18 . 2010-01-27 08:35 1014 ----a-w- c:\programdata\h8srtkrl32mainweq.dll
2010-01-23 07:57 . 2010-01-23 07:57 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-23 05:14 . 2010-01-23 05:25 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-01-23 04:48 . 2010-01-23 04:48 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\AVG8
2010-01-13 12:53 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:53 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-08 09:30 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 09:30 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 05:01 . 2010-01-23 04:29 -------- d-----w- c:\program files\a-squared Free
2010-01-08 04:54 . 2010-01-08 09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 13:33 . 2010-01-07 13:33 -------- d-----w- c:\programdata\IObit
2010-01-07 13:13 . 2010-01-07 13:13 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-07 03:57 . 2010-01-07 03:57 -------- d-----w- c:\windows\Sun
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Malwarebytes
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\programdata\Malwarebytes
2010-01-02 05:37 . 2010-01-03 05:00 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\DivX
2010-01-02 05:29 . 2010-01-02 05:29 -------- d-----w- c:\program files\DivX
2010-01-02 05:29 . 2010-01-02 05:29 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 20:34 . 2008-11-29 07:42 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Comodo
2010-01-29 20:34 . 2008-11-29 07:41 -------- d-----w- c:\program files\COMODO
2010-01-28 23:19 . 2010-01-28 23:19 -------- d-----w- c:\programdata\avg8
2010-01-28 02:30 . 2008-11-15 14:57 -------- d-----w- c:\programdata\Roxio
2010-01-28 02:02 . 2010-01-28 02:02 0 ------w- c:\windows\system32\trzE5EB.tmp
2010-01-28 02:01 . 2008-11-29 07:34 -------- d-----w- c:\program files\PeerGuardian2
2010-01-27 23:47 . 2010-01-27 23:47 0 ------w- c:\windows\system32\trz708E.tmp
2010-01-27 23:46 . 2010-01-27 23:46 0 ------w- c:\windows\system32\trzFB3F.tmp
2010-01-14 16:12 . 2009-10-03 11:38 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 13:33 . 2008-11-21 08:07 -------- d-----w- c:\program files\IObit
2010-01-07 12:37 . 2008-10-25 16:06 -------- d-----w- c:\program files\Yahoo!
2010-01-03 22:44 . 2008-02-16 20:19 3528 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\wklnhst.dat
2010-01-02 06:38 . 2010-01-22 13:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 13:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 05:29 . 2008-10-27 19:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-02 04:57 . 2010-01-22 13:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 19:50 . 2008-10-25 23:04 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Yahoo!
2009-12-28 19:49 . 2008-10-25 23:03 -------- d-----w- c:\programdata\Yahoo!
2009-12-28 19:42 . 2009-02-23 14:48 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-28 17:04 . 2008-11-29 07:23 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\BitTorrent
2009-12-11 06:45 . 2008-11-25 12:44 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\dvdcss
2009-12-10 10:13 . 2008-10-25 16:11 -------- d-----w- c:\program files\Defraggler
2009-12-07 01:22 . 2009-12-07 01:15 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-12-07 01:18 . 2009-12-07 00:49 -------- d-----w- c:\program files\Riven
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 03:41 . 2009-10-24 03:01 127872 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\uninstall.exe
2009-11-12 03:41 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-11-10 19:39 . 2009-12-28 19:49 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-11-09 13:22 . 2009-12-12 03:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 03:24 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 03:24 411136 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-02-23 14:47 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-19 2743104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-19 20:47 342848 ----a-w- c:\users\Lil Big Pimpin'\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-02-23 14:47 2807296 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpamon]
2007-12-07 10:17 16040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpmon.exe]
2007-12-07 10:17 656040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2008-11-24 19:43 460216 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103471.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2009-12-07 01:15 1435240 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [1/27/2010 3:59 AM 162640]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [1/23/2010 12:14 AM 1858144]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [1/8/2010 12:01 AM 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [1/27/2010 3:59 AM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [1/27/2010 3:59 AM 51792]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/7/2010 8:33 AM 312592]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdpserv.exe [12/1/2007 2:16 AM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2009 8:58 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-13 18:51]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 01:58]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 01:58]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
FF - ProfilePath - c:\users\Lil Big Pimpin'\AppData\Roaming\Mozilla\Firefox\Profiles\jkyse0tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Lil Big Pimpin'\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 15:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-29 15:43:03
ComboFix-quarantined-files.txt 2010-01-29 20:43

Pre-Run: 156,842,889,216 bytes free
Post-Run: 156,781,957,120 bytes free

- - End Of File - - BB2DD531736FF47B17FEBB896FFED497

new hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:35 PM, on 1/29/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
C:\Program Files\Trend Micro\supercool\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\dapieloader.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\Windows\system32\lxdpcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5921 bytes

1. Please open Notepad
Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File:: c:\programdata\h8srtkrl32mainweq.dll c:\windows\system32\trzE5EB.tmp c:\windows\system32\trz708E.tmp c:\windows\system32\trzFB3F.tmp c:\users\Lil Big Pimpin'\AppData\Roaming\wklnhst.dat c:\windows\Tasks\AWC Startup.job Folder:: c:\users\Lil Big Pimpin'\AppData\Roaming\AVG8 c:\users\Lil Big Pimpin'\AppData\Roaming\Comodo c:\program files\COMODO c:\programdata\avg8 c:\program files\IObit Driver:: IS360service Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IObit Security 360"=- RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt
A new HijackThis log.

ComboFix 10-01-27.03 - Lil Big Pimpin' 01/31/2010 16:20:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1114 [GMT -5:00]
Running from: c:\users\Lil Big Pimpin'\Desktop\9c6fg5k7.exe
Command switches used :: c:\users\Lil Big Pimpin'\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\h8srtkrl32mainweq.dll"
"c:\users\Lil Big Pimpin'\AppData\Roaming\wklnhst.dat"
"c:\windows\system32\trz708E.tmp"
"c:\windows\system32\trzE5EB.tmp"
"c:\windows\system32\trzFB3F.tmp"
"c:\windows\Tasks\AWC Startup.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\COMODO
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe
c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\IObit\Advanced SystemCare 3\AWCInit.exe
c:\program files\IObit\Advanced SystemCare 3\AwcSchedule.dll
c:\program files\IObit\Advanced SystemCare 3\Backup\RegistryBackup.cab
c:\program files\IObit\Advanced SystemCare 3\comps.exe
c:\program files\IObit\Advanced SystemCare 3\ContextMenu.exe
c:\program files\IObit\Advanced SystemCare 3\CookiesBK.pln
c:\program files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
c:\program files\IObit\Advanced SystemCare 3\Def.dbd
c:\program files\IObit\Advanced SystemCare 3\ESR.exe
c:\program files\IObit\Advanced SystemCare 3\EULA.rtf
c:\program files\IObit\Advanced SystemCare 3\FFSweep.dll
c:\program files\IObit\Advanced SystemCare 3\FileSweep.dll
c:\program files\IObit\Advanced SystemCare 3\Help.html
c:\program files\IObit\Advanced SystemCare 3\IEFavBK.pln
c:\program files\IObit\Advanced SystemCare 3\Images\care.png
c:\program files\IObit\Advanced SystemCare 3\Images\ds.png
c:\program files\IObit\Advanced SystemCare 3\Images\home.png
c:\program files\IObit\Advanced SystemCare 3\Images\mw.png
c:\program files\IObit\Advanced SystemCare 3\Images\tips.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\tips2.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\ut.png
c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe
c:\program files\IObit\Advanced SystemCare 3\Language\Albanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Brasil.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseSimp.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseTrad.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Czech.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dansk.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dutch.lng
c:\program files\IObit\Advanced SystemCare 3\Language\English.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Finnish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\French.lng
c:\program files\IObit\Advanced SystemCare 3\Language\German.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hebrew.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hungarian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Italiano.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Japanese.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Korean.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Persian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Polish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Romanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Russian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Spanish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Srpski.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Svenska.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Swedish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Turkish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Ukrainian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Valencian.lng
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\madBasic_.bpl
c:\program files\IObit\Advanced SystemCare 3\madDisAsm_.bpl
c:\program files\IObit\Advanced SystemCare 3\madExcept_.bpl
c:\program files\IObit\Advanced SystemCare 3\News\bnews.html
c:\program files\IObit\Advanced SystemCare 3\News\Css\bstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\Css\wstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\wnews.html
c:\program files\IObit\Advanced SystemCare 3\NtfsData.dll
c:\program files\IObit\Advanced SystemCare 3\RegeditBK.pln
c:\program files\IObit\Advanced SystemCare 3\Registration.exe
c:\program files\IObit\Advanced SystemCare 3\Routine.dll
c:\program files\IObit\Advanced SystemCare 3\rtl70.bpl
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_BottomLine.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\sqlite3.dll
c:\program files\IObit\Advanced SystemCare 3\STFix.dll
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskChk.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskCleaner.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskExplorer.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DriverUpdate.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_FirefoxTCP.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_GameBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_InternetBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_IS360.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ISD.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_RegistryDefrag.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ShortcutsFixer.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_DriverBackUp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_PIeHelp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemBackup.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemFileScan.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_AutoShutDown.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ClonedFilesFinder.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ContextManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_DiskExplorer.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_RestoreCenter.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstaller.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_StartUpManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SysInfo.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_WinManager.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.dat
c:\program files\IObit\Advanced SystemCare 3\unins000.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.msg
c:\program files\IObit\Advanced SystemCare 3\Update History.txt
c:\program files\IObit\Advanced SystemCare 3\Update\awc3check.upt
c:\program files\IObit\Advanced SystemCare 3\UpdateLog.txt
c:\program files\IObit\Advanced SystemCare 3\vcl70.bpl
c:\program files\IObit\Advanced SystemCare 3\vclx70.bpl
c:\program files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
c:\program files\IObit\Advanced SystemCare 3\Wizard.exe
c:\program files\IObit\Advanced SystemCare 3\ZLB9A2D.tmp
c:\program files\IObit\IObit Security 360\a_hijackscan.exe
c:\program files\IObit\IObit Security 360\addition.def
c:\program files\IObit\IObit Security 360\b_securityholes.exe
c:\program files\IObit\IObit Security 360\c_passivedefense.exe
c:\program files\IObit\IObit Security 360\core.def
c:\program files\IObit\IObit Security 360\d_powerfuldelete.exe
c:\program files\IObit\IObit Security 360\data.dat
c:\program files\IObit\IObit Security 360\e_privacysweeper.exe
c:\program files\IObit\IObit Security 360\EULA.rtf
c:\program files\IObit\IObit Security 360\f_pctuneup.exe
c:\program files\IObit\IObit Security 360\ffsweep.dll
c:\program files\IObit\IObit Security 360\filesweep.dll
c:\program files\IObit\IObit Security 360\g_portable.exe
c:\program files\IObit\IObit Security 360\help.html
c:\program files\IObit\IObit Security 360\holesscan.bpl
c:\program files\IObit\IObit Security 360\Images\main_pro.jpg
c:\program files\IObit\IObit Security 360\Images\main_upgrade.jpg
c:\program files\IObit\IObit Security 360\Images\overview.jpg
c:\program files\IObit\IObit Security 360\Images\protection.jpg
c:\program files\IObit\IObit Security 360\Images\scan.jpg
c:\program files\IObit\IObit Security 360\Images\scan_main.jpg
c:\program files\IObit\IObit Security 360\Images\tools.jpg
c:\program files\IObit\IObit Security 360\information.ini
c:\program files\IObit\IObit Security 360\is360.exe
c:\program files\IObit\IObit Security 360\IS360DataBase.db
c:\program files\IObit\IObit Security 360\is360ext.dll
c:\program files\IObit\IObit Security 360\IS360Init.exe
c:\program files\IObit\IObit Security 360\is360mon.dll
c:\program files\IObit\IObit Security 360\is360srv.exe

c:\program files\IObit\IObit Security 360\is360tray.exe
c:\program files\IObit\IObit Security 360\is360updater.exe
c:\program files\IObit\IObit Security 360\IWsIS360.exe
c:\program files\IObit\IObit Security 360\language\Arabic.lng
c:\program files\IObit\IObit Security 360\language\ChineseSimp.lng
c:\program files\IObit\IObit Security 360\language\ChineseTrad.lng
c:\program files\IObit\IObit Security 360\language\Czech.lng
c:\program files\IObit\IObit Security 360\language\Danish.lng
c:\program files\IObit\IObit Security 360\language\Dutch.lng
c:\program files\IObit\IObit Security 360\language\English.lng
c:\program files\IObit\IObit Security 360\language\Estonian.lng
c:\program files\IObit\IObit Security 360\language\French.lng
c:\program files\IObit\IObit Security 360\language\German.lng
c:\program files\IObit\IObit Security 360\language\Hungarian.lng
c:\program files\IObit\IObit Security 360\language\Italian.lng
c:\program files\IObit\IObit Security 360\language\Japanese.lng
c:\program files\IObit\IObit Security 360\language\Korean.lng
c:\program files\IObit\IObit Security 360\language\Portuguese(PT-BR).lng
c:\program files\IObit\IObit Security 360\language\Portuguese.lng
c:\program files\IObit\IObit Security 360\language\Russian.lng
c:\program files\IObit\IObit Security 360\language\Slovak.lng
c:\program files\IObit\IObit Security 360\language\Spanish.lng
c:\program files\IObit\IObit Security 360\language\Swedish.lng
c:\program files\IObit\IObit Security 360\language\Turkish.lng
c:\program files\IObit\IObit Security 360\language\Vietnamese.lng
c:\program files\IObit\IObit Security 360\license.dat
c:\program files\IObit\IObit Security 360\madbasic_.bpl
c:\program files\IObit\IObit Security 360\maddisAsm_.bpl
c:\program files\IObit\IObit Security 360\madexcept_.bpl
c:\program files\IObit\IObit Security 360\Quarantine Zone\info.db
c:\program files\IObit\IObit Security 360\readme.txt
c:\program files\IObit\IObit Security 360\rtl120.bpl
c:\program files\IObit\IObit Security 360\shellextdll.dll
c:\program files\IObit\IObit Security 360\sqlite3.dll
c:\program files\IObit\IObit Security 360\taskdll.dll
c:\program files\IObit\IObit Security 360\unins000.dat
c:\program files\IObit\IObit Security 360\unins000.exe
c:\program files\IObit\IObit Security 360\unins000.msg
c:\program files\IObit\IObit Security 360\update.dat
c:\program files\IObit\IObit Security 360\vcl120.bpl
c:\program files\IObit\IObit Security 360\vclx120.bpl
c:\programdata\avg8
c:\programdata\avg8\cfg\mail.cfg
c:\programdata\avg8\cfg\sched.cfg
c:\programdata\avg8\log\avildr.log
c:\programdata\avg8\log\commonpriv.log.lock
c:\programdata\h8srtkrl32mainweq.dll
c:\users\Lil Big Pimpin'\AppData\Roaming\AVG8
c:\users\Lil Big Pimpin'\AppData\Roaming\Comodo
c:\users\Lil Big Pimpin'\AppData\Roaming\wklnhst.dat
c:\windows\system32\trz708E.tmp
c:\windows\system32\trzE5EB.tmp
c:\windows\system32\trzFB3F.tmp
c:\windows\Tasks\AWC Startup.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IS360service

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 21:24 . 2010-01-31 21:27 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Local\temp
2010-01-31 21:24 . 2010-01-31 21:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-28 23:23 . 2010-01-28 23:23 -------- d-----w- C:\9c6fg5k7276249
2010-01-28 23:20 . 2010-01-28 23:20 -------- d-----w- C:\9c6fg5k7305609
2010-01-28 23:06 . 2010-01-28 23:06 -------- d-----w- C:\9c6fg5k7292759
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- C:\9c6fg5k7
2010-01-27 10:26 . 2010-01-27 10:26 -------- d-----w- c:\program files\Trend Micro
2010-01-27 08:59 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-27 08:59 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-27 08:59 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-27 08:59 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-27 08:59 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-27 08:59 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-27 08:59 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-27 08:59 . 2010-01-27 08:59 -------- d-----w- c:\programdata\Alwil Software
2010-01-27 08:59 . 2010-01-27 08:59 -------- d-----w- c:\program files\Alwil Software
2010-01-23 07:57 . 2010-01-23 07:57 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-23 05:14 . 2010-01-23 05:25 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-01-13 12:53 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:53 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-08 09:30 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 09:30 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 05:01 . 2010-01-23 04:29 -------- d-----w- c:\program files\a-squared Free
2010-01-08 04:54 . 2010-01-08 09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 13:33 . 2010-01-07 13:33 -------- d-----w- c:\programdata\IObit
2010-01-07 13:13 . 2010-01-07 13:13 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-07 03:57 . 2010-01-07 03:57 -------- d-----w- c:\windows\Sun
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Malwarebytes
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\programdata\Malwarebytes
2010-01-02 05:37 . 2010-01-03 05:00 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\DivX
2010-01-02 05:29 . 2010-01-02 05:29 -------- d-----w- c:\program files\DivX
2010-01-02 05:29 . 2010-01-02 05:29 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 21:18 . 2008-11-29 07:34 -------- d-----w- c:\program files\PeerGuardian2
2010-01-29 20:47 . 2008-11-15 14:57 -------- d-----w- c:\programdata\Roxio
2010-01-14 16:12 . 2009-10-03 11:38 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 12:37 . 2008-10-25 16:06 -------- d-----w- c:\program files\Yahoo!
2010-01-02 06:38 . 2010-01-22 13:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 13:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 05:29 . 2008-10-27 19:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-02 04:57 . 2010-01-22 13:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 19:50 . 2008-10-25 23:04 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Yahoo!
2009-12-28 19:49 . 2008-10-25 23:03 -------- d-----w- c:\programdata\Yahoo!
2009-12-28 19:42 . 2009-02-23 14:48 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-28 17:04 . 2008-11-29 07:23 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\BitTorrent
2009-12-11 06:45 . 2008-11-25 12:44 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\dvdcss
2009-12-10 10:13 . 2008-10-25 16:11 -------- d-----w- c:\program files\Defraggler
2009-12-07 01:22 . 2009-12-07 01:15 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-12-07 01:18 . 2009-12-07 00:49 -------- d-----w- c:\program files\Riven
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 03:41 . 2009-10-24 03:01 127872 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\uninstall.exe
2009-11-12 03:41 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-11-10 19:39 . 2009-12-28 19:49 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-11-09 13:22 . 2009-12-12 03:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 03:24 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 03:24 411136 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-29_20.41.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-01-31 21:28 74488 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-02-16 19:26 . 2010-01-28 02:02 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-16 19:26 . 2010-01-31 18:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-16 19:26 . 2010-01-31 18:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-16 19:26 . 2010-01-28 02:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-16 19:26 . 2010-01-31 18:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-16 19:26 . 2010-01-28 02:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-16 19:43 . 2010-01-31 21:28 8572 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088743581-1989512576-2673226946-1000_UserData.bin
- 2010-01-29 20:34 . 2010-01-29 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-31 21:26 . 2010-01-31 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-29 20:34 . 2010-01-29 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-31 21:26 . 2010-01-31 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-25 22:52 . 2010-01-31 18:38 304120 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:47 . 2009-11-12 03:17 271432 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2010-01-31 21:26 271432 c:\windows\System32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-02-23 14:47 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-19 2743104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-19 20:47 342848 ----a-w- c:\users\Lil Big Pimpin'\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-02-23 14:47 2807296 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpamon]
2007-12-07 10:17 16040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpmon.exe]
2007-12-07 10:17 656040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2008-11-24 19:43 460216 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103471.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2009-12-07 01:15 1435240 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [1/27/2010 3:59 AM 162640]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [1/23/2010 12:14 AM 1858144]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [1/8/2010 12:01 AM 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [1/27/2010 3:59 AM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [1/27/2010 3:59 AM 51792]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdpserv.exe [12/1/2007 2:16 AM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2009 8:58 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 01:58]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 01:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
FF - ProfilePath - c:\users\Lil Big Pimpin'\AppData\Roaming\Mozilla\Firefox\Profiles\jkyse0tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Lil Big Pimpin'\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SmartRAM - c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe
AddRemove-IObit Security 360_is1 - c:\program files\IObit\IObit Security 360\unins000.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\A-SQUARED ANTI-MALWARE\a2wizard.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Completion time: 2010-01-31 16:30:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 21:30
ComboFix2.txt 2010-01-29 20:43

Pre-Run: 156,774,584,320 bytes free
Post-Run: 156,338,757,632 bytes free

- - End Of File - - 0DEDB966986265BEFF354E734327A415

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

===============================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

sas

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/04/2010 at 08:54 PM

Application Version : 4.33.1000

Core Rules Database Version : 4558
Trace Rules Database Version: 2370

Scan type : Complete Scan
Total Scan Time : 00:47:00

Memory items scanned : 272
Memory threats detected : 0
Registry items scanned : 5535
Registry threats detected : 5
File items scanned : 92065
File threats detected : 0

Trojan.Agent/Gen-Alureon
HKU\.DEFAULT\Software\h8srt
HKU\S-1-5-19\Software\h8srt
HKU\S-1-5-20\Software\h8srt
HKU\S-1-5-21-3088743581-1989512576-2673226946-1000\Software\h8srt
HKU\S-1-5-18\Software\h8srt

it works now thanx

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/4/2010 10:01:02 PM
mbam-log-2010-02-04 (22-01-02).txt

Scan type: Quick Scan
Objects scanned: 94717
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:38 PM, on 2/4/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\supercool\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\dapieloader.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\Windows\system32\lxdpcoms.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5534 bytes

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

thanx bunch you guys and girls

yall are awesome her computer is fixed but i couldnt get that to run but have been very buisy and have been keeping close tabs on her computer and antivirus and malware programs are working again thanks a bunch!!!!

If you want to make sure, no malware will come back from the grave, I suggest, we finish, what we started.
Otherwise, you may be back here soon :)