Solve : ''File cannot be executed. The file ______ is infected.'' Prob

1.	Solve : ''File cannot be executed. The file ______ is infected.'' Problem?
Answer» Hello, I have been getting this error since yesterday, and I'm a bit confused on what to do. I am unable to open anything, because every time I try to do so, a pop up appears saying ''File cannot be executed. The file ______ is infected.'' I also get a lot of false antivirus alerts. Any advice to completely recover my computer would be greatly appreciated.Hello! We need to do some diagnostics to get started. 1. Please download Profiles by noahdfear. Save it to your desktop. Double-click profiles.exe and post its log when you reply 2. Download Win32kDiag by ad13 and save it to your Desktop. Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic. 3. Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url][/b] by me, and save to your Desktop. Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop. Double-click on Cheetah-Anti-Rogue.cmd to START. It will finish quickly and launch a log. Post the contents of it in your next reply. 4. In your next reply, please post the following logs for my review: Profiles log (1) Win32kDiag log (2) Cheetah log (3) Thanks! :)I downloaded all three of the files, but I could not open any because the pop up saying ''File cannot be executed. The file ______ is infected.'' appeared and closed the program. Is the anything else I can do?RKill by Grinler Link #1 Link #2 Link #3 Download Link #1. Save it to your Desktop. Double click the RKill desktop icon. *If you are using Vista please right click and run as Admin!* A black screen will briefly flash indicating a successful run. If this does not occur please delete that application and download Link #2. Continue process until the tool runs. If the tool does not run from any of the links tell me about it. This only kills the active infection, the actual infection will not be gone. Then, please try to run the tools again.Log 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3988202556-4294345629-2372359041-1003 ProfileImagePath REG_EXPAND_SZ C:\Users\Sean HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3988202556-4294345629-2372359041-1004 ProfileImagePath REG_EXPAND_SZ C:\Users\Kimmy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3988202556-4294345629-2372359041-1005 ProfileImagePath REG_EXPAND_SZ C:\Users\Mommy and Daddy ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService SystemRoot REG_SZ C:\Windows Log 3 Cheetah-Anti-Rogue v1.4.1 by DragonMaster Jay Microsoft Windows [Version 6.0.6000] Date: 21/04/2010 - Time: 18:05:18 - Arch.: x86 -- Malware removal tools check -- User has Sandboxie installed! Sandboxie Malwarebytes' Anti-Malware SUPERAntiSpyware -- Known infection -- C:\Program Files\FunWebProducts (Adw.MyWebSearch) C:\Program Files\MyWebSearch (Adw.MyWebSearch) C:\Windows\system32\f3PSSavr.scr (Adw.MyWebSearch!3M) C:\Program Files\Windows Live\Messenger\riched20.dll (Adw.MyWebSearch) Extra message: Detection only. EOF The 2nd program STOPPED because it said that it cannot access C:\Windows\Syetem32\LogFiles\WMI\RtBackup\EtwRTDiaLog.et1 I am very thankful for your help, please advise me on what to do next. Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.Here is the log ComboFix 10-04-21.01 - Sean 22/04/2010 1:41.1.2 - x86 Microsoft® Windows Vista™ Home PREMIUM 6.0.6000.0.1252.2.1033.18.1917.1152 [GMT -4:00] Running from: c:\users\Sean\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100421-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1368 [VPS 100421-1] disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: SUPERAntiSpyware disabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1731352543-3892579127-1766459742-500 c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\program files\Cheat Engine\dbk32.sys c:\program files\mjc c:\program files\racle~1 c:\program files\Sakora c:\users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\CPV.stt c:\users\Mommy and Daddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\CPV.stt c:\windows\curity~1 c:\windows\UA000106.DLL . ((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 ))))))))))))))))))))))))))))))) . 2010-04-22 05:55 . 2010-04-22 05:57--------d-----w-c:\users\Sean\AppData\Local\temp 2010-04-22 05:55 . 2010-04-22 05:55--------d-----w-c:\users\Default\AppData\Local\temp 2010-04-22 05:55 . 2010-04-22 05:55--------d-----w-c:\users\Mommy and Daddy\AppData\Local\temp 2010-04-22 05:55 . 2010-04-22 05:55--------d-----w-c:\users\Kimmy\AppData\Local\temp 2010-04-21 23:06 . 2010-04-21 23:06--------d-----w-c:\program files\Microsoft ATS 2010-04-21 12:13 . 2010-02-20 23:5424064----a-w-c:\windows\system32\nshhttp.dll 2010-04-21 12:13 . 2010-02-20 23:5131232----a-w-c:\windows\system32\httpapi.dll 2010-04-21 12:13 . 2010-02-20 21:30396800----a-w-c:\windows\system32\drivers\http.sys 2010-04-21 04:00 . 2009-10-19 14:42156672----a-w-c:\windows\system32\t2embed.dll 2010-04-21 04:00 . 2009-10-19 14:3924064----a-w-c:\windows\system32\lpk.dll 2010-04-21 04:00 . 2009-10-19 14:3772704----a-w-c:\windows\system32\fontsub.dll 2010-04-21 04:00 . 2009-10-19 14:3710240----a-w-c:\windows\system32\dciman32.dll 2010-04-21 04:00 . 2009-10-19 14:3634304----a-w-c:\windows\system32\atmlib.dll 2010-04-21 04:00 . 2009-10-19 11:45289792----a-w-c:\windows\system32\atmfd.dll 2010-04-21 04:00 . 2009-12-11 12:15306688----a-w-c:\windows\system32\drivers\srv.sys 2010-04-21 04:00 . 2009-12-11 12:1584992----a-w-c:\windows\system32\drivers\srvnet.sys 2010-04-21 03:58 . 2009-08-10 13:052048----a-w-c:\windows\system32\msxml6r.dll 2010-04-21 03:57 . 2009-08-31 15:16428032----a-w-c:\windows\system32\EncDec.dll 2010-04-21 03:57 . 2009-08-31 15:21292352----a-w-c:\windows\system32\psisdecd.dll 2010-04-21 03:57 . 2009-08-31 15:171244672----a-w-c:\windows\system32\mcmde.dll 2010-04-21 03:57 . 2010-01-23 08:052048----a-w-c:\windows\system32\tzres.dll 2010-04-21 03:55 . 2010-02-18 14:22167424----a-w-c:\windows\system32\tcpipcfg.dll 2010-04-21 03:55 . 2010-02-18 14:19179712----a-w-c:\windows\system32\iphlpsvc.dll 2010-04-21 03:55 . 2010-02-18 12:05815104----a-w-c:\windows\system32\drivers\tcpip.sys 2010-04-21 03:55 . 2010-02-18 12:0425088----a-w-c:\windows\system32\drivers\tunnel.sys 2010-04-21 03:55 . 2009-08-14 17:16213592----a-w-c:\windows\system32\drivers\netio.sys 2010-04-21 03:55 . 2010-02-18 12:0422016----a-w-c:\windows\system32\netiougc.exe 2010-04-21 03:55 . 2010-02-18 12:0415360----a-w-c:\windows\system32\drivers\TUNMP.SYS 2010-04-21 03:55 . 2009-08-14 14:012031104----a-w-c:\windows\system32\win32k.sys 2010-04-21 03:53 . 2009-12-28 12:3611776----a-w-c:\windows\system32\tsbyuv.dll 2010-04-21 03:53 . 2009-12-28 12:3422528----a-w-c:\windows\system32\msyuv.dll 2010-04-21 03:53 . 2009-12-28 12:3413312----a-w-c:\windows\system32\msrle32.dll 2010-04-21 03:53 . 2009-12-28 12:3250176----a-w-c:\windows\system32\iyuv_32.dll 2010-04-21 03:53 . 2009-12-28 12:34123904----a-w-c:\windows\system32\msvfw32.dll 2010-04-21 03:53 . 2009-12-28 12:3382944----a-w-c:\windows\system32\mciavi32.dll 2010-04-21 03:53 . 2009-12-28 12:3088576----a-w-c:\windows\system32\avifil32.dll 2010-04-21 03:53 . 2009-12-28 12:3065024----a-w-c:\windows\system32\avicap32.dll 2010-04-21 03:53 . 2009-04-02 11:50604672----a-w-c:\windows\system32\WMSPDMOD.DLL 2010-04-21 03:43 . 2009-09-10 15:29311296----a-w-c:\windows\system32\unregmp2.exe 2010-04-21 03:43 . 2009-09-10 17:404096----a-w-c:\windows\system32\dxmasf.dll 2010-04-21 03:43 . 2009-09-10 17:397680----a-w-c:\windows\system32\spwmp.dll 2010-04-21 03:43 . 2009-09-10 15:298147968----a-w-c:\windows\system32\wmploc.DLL 2010-04-21 03:41 . 2009-12-23 12:45171520----a-w-c:\windows\system32\wintrust.dll 2010-04-21 03:41 . 2010-01-13 18:2397792----a-w-c:\windows\system32\cabview.dll 2010-04-20 05:10 . 2010-04-20 05:1052224----a-w-c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-04-20 05:10 . 2010-04-20 05:10117760----a-w-c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-20 05:09 . 2010-04-20 05:09--------d-----w-c:\programdata\SUPERAntiSpyware.com 2010-04-20 05:08 . 2010-04-20 05:085120----a-r-c:\users\Sean\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe 2010-04-20 05:08 . 2010-04-20 05:0865024----a-r-c:\users\Sean\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe 2010-04-20 05:08 . 2010-04-20 05:0818944----a-r-c:\users\Sean\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe 2010-04-20 05:07 . 2010-04-20 05:07--------d-----w-c:\program files\SUPERAntiSpyware 2010-04-20 05:07 . 2010-04-20 05:07--------d-----w-c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com 2010-04-20 04:55 . 2010-03-29 19:2438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-20 04:55 . 2010-04-20 04:55--------d-----w-c:\programdata\Malwarebytes 2010-04-20 04:55 . 2010-04-20 04:55--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-04-20 04:55 . 2010-03-29 19:2420824----a-w-c:\windows\system32\drivers\mbam.sys 2010-04-20 04:24 . 2010-04-20 04:2460672----a-w-c:\users\Sean\AppData\Local\syssvc.exe 2010-04-20 04:22 . 2010-04-20 22:35--------d-----w-c:\users\Sean\AppData\Local\wxkagtccy 2010-04-18 22:57 . 2010-04-18 22:57--------d-----w-c:\program files\FreeMind 2010-04-17 15:11 . 2010-04-17 15:11--------d-----w-c:\users\Sean\AppData\Roaming\XemiComputers 2010-04-17 15:11 . 2010-04-17 15:11--------d-----w-c:\program files\XemiComputers 2010-04-04 21:34 . 2010-04-04 21:3436400----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\ALWIL.dll 2010-04-04 21:34 . 2010-04-04 21:3433328----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\Microsoft Corporation.dll 2010-04-04 21:34 . 2010-04-04 21:3432304----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\MicrosoftAV.dll 2010-04-04 21:34 . 2010-04-04 21:34174592----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\64bitProxy.exe 2010-04-04 21:34 . 2010-04-04 21:34150064----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\FWManager.dll 2010-04-04 21:34 . 2010-04-04 21:3424112----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\AVManager.dll 2010-04-04 21:34 . 2010-04-04 21:34151088----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\OPSWATAVCommon.dll 2010-04-04 21:34 . 2010-04-04 21:3419120----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\libinspector.dll 2010-04-04 21:33 . 2010-04-04 21:3314512----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\libdesktop.dll 2010-04-04 21:33 . 2010-04-04 21:3347280----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\hostscan.exe 2010-04-04 21:33 . 2010-04-04 21:3329872----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe 2010-04-04 21:33 . 2010-04-04 21:33--------d-----w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco 2010-04-04 03:10 . 2010-04-04 03:10509552----a-w-c:\programdata\Google\Google Toolbar\Update\gtb563C.tmp.exe 2010-04-02 05:28 . 2010-04-02 05:28--------d-----w-c:\users\Sean\AppData\Roaming\MPEG Streamclip 2010-03-31 06:00 . 2010-03-31 06:0086016----a-w-c:\windows\system32\frapsvid.dll 2010-03-25 03:16 . 2010-03-25 03:1648788----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\uninstallOctazen.exe 2010-03-25 02:34 . 2010-03-25 02:34--------d-----w-c:\users\Mommy and Daddy\AppData\Local\Smilebox 2010-03-25 02:34 . 2010-03-25 03:16--------d-----w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox 2010-03-25 02:34 . 2010-03-25 02:3459313----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\uninstall.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-22 05:58 . 2009-11-16 03:55--------d-----w-c:\program files\Common Files\Akamai 2010-04-22 05:54 . 2009-12-17 22:04--------d-----w-c:\program files\Cheat Engine 2010-04-22 04:55 . 2009-04-29 02:29--------d-----w-c:\programdata\Google Updater 2010-04-22 03:48 . 2008-12-06 22:13--------d-----w-c:\users\Sean\AppData\Roaming\gtk-2.0 2010-04-21 22:58 . 2008-03-21 21:56--------d-----w-c:\program files\OGPlanet 2010-04-21 21:50 . 2008-03-22 09:21114936----a-w-c:\users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-21 21:44 . 2009-11-15 22:43--------d-----w-c:\program files\Microsoft Silverlight 2010-04-21 13:00 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2010-04-21 12:58 . 2007-09-02 11:39--------d-----w-c:\programdata\Microsoft Help 2010-04-21 12:29 . 2007-09-02 11:41--------d-----w-c:\program files\Microsoft Works 2010-04-21 12:18 . 2007-09-02 11:46--------d-----w-c:\program files\Microsoft SQL Server 2010-04-20 05:06 . 2008-11-28 02:17--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2010-04-18 21:28 . 2008-04-12 21:33--------d-----w-c:\users\Sean\AppData\Roaming\LimeWire 2010-04-17 15:07 . 2008-04-28 00:13--------d-----w-c:\program files\Google 2010-04-16 21:54 . 2009-09-20 23:51--------d-----w-c:\users\Sean\AppData\Roaming\IObit 2010-04-09 22:57 . 2008-10-04 15:51--------d-----w-c:\users\Kimmy\AppData\Roaming\LimeWire 2010-04-05 18:10 . 2009-08-22 23:43--------d-----w-c:\program files\Counter-Strike Source 2010-04-05 15:14 . 2009-09-06 20:29--------d-----w-c:\program files\IObit 2010-04-02 18:35 . 2008-10-01 01:53--------d-----w-c:\users\Sean\AppData\Roaming\Publish Providers 2010-03-09 19:15 . 2010-02-17 21:05287368----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxTray.exe 2010-03-09 16:50 . 2010-04-21 03:5552736----a-w-c:\windows\AppPatch\iebrshim.dll 2010-02-24 14:16 . 2009-10-03 06:29181632------w-c:\windows\system32\MpSigStub.exe 2010-02-24 06:48 . 2008-06-13 01:10--------d-----w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire 2010-02-24 03:00 . 2010-02-24 03:0020480----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll 2010-02-24 03:00 . 2010-02-24 03:0018944----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll 2010-02-24 03:00 . 2010-02-24 03:0017408----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll 2010-02-24 03:00 . 2010-02-24 03:008192----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll 2010-02-24 03:00 . 2010-02-24 03:0020480----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll 2010-02-23 20:46 . 2010-03-11 14:37419040----a-w-c:\windows\system32\WMInstallMgrUninst.exe 2010-02-23 20:46 . 2010-03-11 14:3762688----a-w-c:\windows\system32\WMWebLauncherUninst.exe 2010-02-23 20:46 . 2010-03-11 14:37255200----a-w-c:\windows\system32\SystemObserver.dll 2010-02-23 20:46 . 2010-03-11 14:3754496----a-w-c:\windows\system32\GetInfoLauncher.exe 2010-02-23 13:14 . 2010-04-21 03:58211968----a-w-c:\windows\system32\drivers\mrxsmb10.sys 2010-02-23 13:14 . 2010-04-21 03:5858368----a-w-c:\windows\system32\drivers\mrxsmb20.sys 2010-02-23 13:14 . 2010-04-21 03:58102400----a-w-c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 23:47 . 2010-02-19 23:473604480----a-w-c:\windows\system32\GPhotos.scr 2010-02-18 14:54 . 2010-04-21 03:583502480----a-w-c:\windows\system32\ntkrnlpa.exe 2010-02-18 14:54 . 2010-04-21 03:583468168----a-w-c:\windows\system32\ntoskrnl.exe 2010-02-17 21:05 . 2010-02-18 00:50397960----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxStarter.exe 2010-02-17 21:05 . 2010-02-18 00:10168584----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll 2010-02-17 21:05 . 2010-02-17 21:05217736----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxDvd.exe 2010-02-17 20:50 . 2010-02-17 20:501602184----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxClient.exe 2010-02-17 20:10 . 2010-02-17 20:10344712----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll 2010-02-17 20:10 . 2010-02-17 20:10135816----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxUpdater.exe 2010-02-11 03:16 . 2010-02-11 03:1641872----a-w-c:\windows\system32\xfcodec.dll 2010-01-30 17:41 . 2010-01-30 17:41282624----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll 2010-01-30 17:41 . 2010-01-30 17:41200704----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll 2010-01-30 17:41 . 2010-01-30 17:4115872----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll 2010-01-30 17:41 . 2010-01-30 17:41110592----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll 2010-01-30 17:41 . 2010-01-30 17:4119968----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll 2010-01-30 17:41 . 2010-01-30 17:41225280----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll 2010-01-30 17:41 . 2010-01-30 17:4120992----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll 2010-01-30 17:41 . 2010-01-30 17:4120480----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll 2010-01-30 17:41 . 2010-01-30 17:4118944----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll 2010-01-30 17:41 . 2010-01-30 17:4117408----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll 2010-01-30 17:41 . 2010-01-30 17:418192----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll 2010-01-30 17:41 . 2010-01-30 17:4120480----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll 2010-01-25 12:58 . 2010-04-21 03:54473088----a-w-c:\windows\system32\secproc_isv.dll 2010-01-25 12:58 . 2010-04-21 03:54154624----a-w-c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:58 . 2010-04-21 03:54154112----a-w-c:\windows\system32\secproc_ssp.dll 2010-01-25 12:58 . 2010-04-21 03:54472576----a-w-c:\windows\system32\secproc.dll 2010-01-25 12:56 . 2010-04-21 03:54312320----a-w-c:\windows\system32\msdrm.dll 2010-01-25 08:36 . 2010-04-21 03:54435712----a-w-c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:36 . 2010-04-21 03:54515584----a-w-c:\windows\system32\RMActivate.exe 2010-01-25 08:36 . 2010-04-21 03:54431104----a-w-c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:35 . 2010-04-21 03:54523776----a-w-c:\windows\system32\RMActivate_isv.exe . ------- Sigcheck ------- [-] 2009-03-30 . 74B6336C7ACC815483C2399BDD53EFCC . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 21:24325000----a-w-c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-29 133104] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-17 2920632] "cdloader"="c:\users\Sean\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-10 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-23 1006264] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] c:\users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Mises … jour planifi‚es.lnk - c:\program files\Quicken\bagent.exe [2003-4-18 53248] M‚mento Quicken.lnk - c:\program files\Quicken\billmind.exe [2003-4-18 36864] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R2 gupdate1c9c8726becfc2b;Google Update Service (gupdate1c9c8726becfc2b);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 133104] R2 mrtRate;mrtRate; R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-15 2804788] R3 XDva189;XDva189;c:\windows\system32\XDva189.sys R3 XDva193;XDva193;c:\windows\system32\XDva193.sys R3 XDva202;XDva202;c:\windows\system32\XDva202.sys R3 XDva309;XDva309;c:\windows\system32\XDva309.sys S1 aswSP;avast! Self Protection; S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] AkamaiREG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder 2010-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-10 02:29] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 02:30] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 02:30] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3988202556-4294345629-2372359041-1003Core.job - c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-07-11 23:46] 2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3988202556-4294345629-2372359041-1003UA.job - c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-07-11 23:46] 2010-04-22 c:\windows\Tasks\User_Feed_Synchronization-{D3E6FF0B-1889-4DA0-85D0-4DB5C614576B}.job - c:\windows\system32\msfeedssync.exe [2010-04-21 11:31] . . ------- Supplementary Scan ------- . mStart PAGE = hxxp://www.shoptoshiba.ca/welcome uInternet Settings,ProxyOverride = uInternet Settings,PROXYSERVER = http=127.0.0.1:5555 DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab DPF: {BD68328E-1222-4A62-BA16-E6F42CA49A64} - hxxp://gf.wemade.com/comsso/active/WMInstallMgr.cab FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\yq7b81t9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1265259818&rver=6.0.5285.0℘=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= FF - component: c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\yq7b81t9.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Sean\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\Sean\Program Files\DNA\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS REMOVED - - - - AddRemove-Fraps - c:\users\Sean\Desktop\Fraps\uninstall.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-22 01:57 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\TMP0000006CE42FA671EAFB0412 524288 bytes executable scan completed successfully hidden files: 1 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-04-22 02:02:22 ComboFix-quarantined-files.txt 2010-04-22 06:02 Pre-Run: 45,322,604,544 bytes free Post-Run: 47,394,820,096 bytes free - - End Of File - - 73F15F2102F69EBC06AE56A8CCC8FBE8 Please download Malwarebytes Anti-Malware from Malwarebytes.org. Alternate link: BleepingComputer.com. (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the application. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!) Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer. Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Copy and paste the entire report in your next reply. ================== GMER Note about this tool: This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes. This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know. No matter what is in the log, please post all the information/contents of the log. Please download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. Caution These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click NO In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked*. Now click the Scan button. Once the scan is complete, you may receive another notice about rootkit activity.* Click OK. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt" Save it where you can easily find it, such as your desktop. Post the contents of GMER.txt in your next reply.

Solve : ''File cannot be executed. The file ______ is infected.'' Problem?

Answer»

Hello,

I have been getting this error since yesterday, and I'm a bit confused on what to do. I am unable to open anything, because every time I try to do so, a pop up appears saying ''File cannot be executed. The file ______ is infected.'' I also get a lot of false antivirus alerts.

Any advice to completely recover my computer would be greatly appreciated.Hello! We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

Save it to your desktop.
Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url][/b] by me, and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to START.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

Profiles log (1)
Win32kDiag log (2)
Cheetah log (3)

Thanks! :)I downloaded all three of the files, but I could not open any because the pop up saying ''File cannot be executed. The file ______ is infected.'' appeared and closed the program. Is the anything else I can do?RKill by Grinler
Link #1
Link #2
Link #3

Download Link #1.
Save it to your Desktop.
Double click the RKill desktop icon.
If you are using Vista please right click and run as Admin!
A black screen will briefly flash indicating a successful run.
If this does not occur please delete that application and download Link #2.
Continue process until the tool runs.
If the tool does not run from any of the links tell me about it.

This only kills the active infection, the actual infection will not be gone.

Then, please try to run the tools again.Log 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3988202556-4294345629-2372359041-1003
ProfileImagePath REG_EXPAND_SZ C:\Users\Sean

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3988202556-4294345629-2372359041-1004
ProfileImagePath REG_EXPAND_SZ C:\Users\Kimmy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3988202556-4294345629-2372359041-1005
ProfileImagePath REG_EXPAND_SZ C:\Users\Mommy and Daddy

ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
SystemRoot REG_SZ C:\Windows

Log 3

Cheetah-Anti-Rogue v1.4.1
by DragonMaster Jay

Microsoft Windows [Version 6.0.6000]
Date: 21/04/2010 - Time: 18:05:18 - Arch.: x86

-- Malware removal tools check --
User has Sandboxie installed!
Sandboxie
Malwarebytes' Anti-Malware
SUPERAntiSpyware

-- Known infection --

C:\Program Files\FunWebProducts (Adw.MyWebSearch)
C:\Program Files\MyWebSearch (Adw.MyWebSearch)
C:\Windows\system32\f3PSSavr.scr (Adw.MyWebSearch!3M)
C:\Program Files\Windows Live\Messenger\riched20.dll (Adw.MyWebSearch)

Extra message: Detection only.

EOF

The 2nd program STOPPED because it said that it cannot access C:\Windows\Syetem32\LogFiles\WMI\RtBackup\EtwRTDiaLog.et1

I am very thankful for your help, please advise me on what to do next.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Here is the log

ComboFix 10-04-21.01 - Sean 22/04/2010 1:41.1.2 - x86
Microsoft® Windows Vista™ Home PREMIUM 6.0.6000.0.1252.2.1033.18.1917.1152 [GMT -4:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100421-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100421-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1731352543-3892579127-1766459742-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Cheat Engine\dbk32.sys
c:\program files\mjc
c:\program files\racle~1
c:\program files\Sakora
c:\users\Kimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\CPV.stt
c:\users\Mommy and Daddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\CPV.stt
c:\windows\curity~1
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 05:55 . 2010-04-22 05:57--------d-----w-c:\users\Sean\AppData\Local\temp
2010-04-22 05:55 . 2010-04-22 05:55--------d-----w-c:\users\Default\AppData\Local\temp
2010-04-22 05:55 . 2010-04-22 05:55--------d-----w-c:\users\Mommy and Daddy\AppData\Local\temp
2010-04-22 05:55 . 2010-04-22 05:55--------d-----w-c:\users\Kimmy\AppData\Local\temp
2010-04-21 23:06 . 2010-04-21 23:06--------d-----w-c:\program files\Microsoft ATS
2010-04-21 12:13 . 2010-02-20 23:5424064----a-w-c:\windows\system32\nshhttp.dll
2010-04-21 12:13 . 2010-02-20 23:5131232----a-w-c:\windows\system32\httpapi.dll
2010-04-21 12:13 . 2010-02-20 21:30396800----a-w-c:\windows\system32\drivers\http.sys
2010-04-21 04:00 . 2009-10-19 14:42156672----a-w-c:\windows\system32\t2embed.dll
2010-04-21 04:00 . 2009-10-19 14:3924064----a-w-c:\windows\system32\lpk.dll
2010-04-21 04:00 . 2009-10-19 14:3772704----a-w-c:\windows\system32\fontsub.dll
2010-04-21 04:00 . 2009-10-19 14:3710240----a-w-c:\windows\system32\dciman32.dll
2010-04-21 04:00 . 2009-10-19 14:3634304----a-w-c:\windows\system32\atmlib.dll
2010-04-21 04:00 . 2009-10-19 11:45289792----a-w-c:\windows\system32\atmfd.dll
2010-04-21 04:00 . 2009-12-11 12:15306688----a-w-c:\windows\system32\drivers\srv.sys
2010-04-21 04:00 . 2009-12-11 12:1584992----a-w-c:\windows\system32\drivers\srvnet.sys
2010-04-21 03:58 . 2009-08-10 13:052048----a-w-c:\windows\system32\msxml6r.dll
2010-04-21 03:57 . 2009-08-31 15:16428032----a-w-c:\windows\system32\EncDec.dll
2010-04-21 03:57 . 2009-08-31 15:21292352----a-w-c:\windows\system32\psisdecd.dll
2010-04-21 03:57 . 2009-08-31 15:171244672----a-w-c:\windows\system32\mcmde.dll
2010-04-21 03:57 . 2010-01-23 08:052048----a-w-c:\windows\system32\tzres.dll
2010-04-21 03:55 . 2010-02-18 14:22167424----a-w-c:\windows\system32\tcpipcfg.dll
2010-04-21 03:55 . 2010-02-18 14:19179712----a-w-c:\windows\system32\iphlpsvc.dll
2010-04-21 03:55 . 2010-02-18 12:05815104----a-w-c:\windows\system32\drivers\tcpip.sys
2010-04-21 03:55 . 2010-02-18 12:0425088----a-w-c:\windows\system32\drivers\tunnel.sys
2010-04-21 03:55 . 2009-08-14 17:16213592----a-w-c:\windows\system32\drivers\netio.sys
2010-04-21 03:55 . 2010-02-18 12:0422016----a-w-c:\windows\system32\netiougc.exe
2010-04-21 03:55 . 2010-02-18 12:0415360----a-w-c:\windows\system32\drivers\TUNMP.SYS
2010-04-21 03:55 . 2009-08-14 14:012031104----a-w-c:\windows\system32\win32k.sys
2010-04-21 03:53 . 2009-12-28 12:3611776----a-w-c:\windows\system32\tsbyuv.dll
2010-04-21 03:53 . 2009-12-28 12:3422528----a-w-c:\windows\system32\msyuv.dll
2010-04-21 03:53 . 2009-12-28 12:3413312----a-w-c:\windows\system32\msrle32.dll
2010-04-21 03:53 . 2009-12-28 12:3250176----a-w-c:\windows\system32\iyuv_32.dll
2010-04-21 03:53 . 2009-12-28 12:34123904----a-w-c:\windows\system32\msvfw32.dll
2010-04-21 03:53 . 2009-12-28 12:3382944----a-w-c:\windows\system32\mciavi32.dll
2010-04-21 03:53 . 2009-12-28 12:3088576----a-w-c:\windows\system32\avifil32.dll
2010-04-21 03:53 . 2009-12-28 12:3065024----a-w-c:\windows\system32\avicap32.dll
2010-04-21 03:53 . 2009-04-02 11:50604672----a-w-c:\windows\system32\WMSPDMOD.DLL
2010-04-21 03:43 . 2009-09-10 15:29311296----a-w-c:\windows\system32\unregmp2.exe
2010-04-21 03:43 . 2009-09-10 17:404096----a-w-c:\windows\system32\dxmasf.dll
2010-04-21 03:43 . 2009-09-10 17:397680----a-w-c:\windows\system32\spwmp.dll
2010-04-21 03:43 . 2009-09-10 15:298147968----a-w-c:\windows\system32\wmploc.DLL
2010-04-21 03:41 . 2009-12-23 12:45171520----a-w-c:\windows\system32\wintrust.dll
2010-04-21 03:41 . 2010-01-13 18:2397792----a-w-c:\windows\system32\cabview.dll
2010-04-20 05:10 . 2010-04-20 05:1052224----a-w-c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-20 05:10 . 2010-04-20 05:10117760----a-w-c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-20 05:09 . 2010-04-20 05:09--------d-----w-c:\programdata\SUPERAntiSpyware.com
2010-04-20 05:08 . 2010-04-20 05:085120----a-r-c:\users\Sean\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-04-20 05:08 . 2010-04-20 05:0865024----a-r-c:\users\Sean\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-04-20 05:08 . 2010-04-20 05:0818944----a-r-c:\users\Sean\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-04-20 05:07 . 2010-04-20 05:07--------d-----w-c:\program files\SUPERAntiSpyware
2010-04-20 05:07 . 2010-04-20 05:07--------d-----w-c:\users\Sean\AppData\Roaming\SUPERAntiSpyware.com
2010-04-20 04:55 . 2010-03-29 19:2438224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 04:55 . 2010-04-20 04:55--------d-----w-c:\programdata\Malwarebytes
2010-04-20 04:55 . 2010-04-20 04:55--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-04-20 04:55 . 2010-03-29 19:2420824----a-w-c:\windows\system32\drivers\mbam.sys
2010-04-20 04:24 . 2010-04-20 04:2460672----a-w-c:\users\Sean\AppData\Local\syssvc.exe
2010-04-20 04:22 . 2010-04-20 22:35--------d-----w-c:\users\Sean\AppData\Local\wxkagtccy
2010-04-18 22:57 . 2010-04-18 22:57--------d-----w-c:\program files\FreeMind
2010-04-17 15:11 . 2010-04-17 15:11--------d-----w-c:\users\Sean\AppData\Roaming\XemiComputers
2010-04-17 15:11 . 2010-04-17 15:11--------d-----w-c:\program files\XemiComputers
2010-04-04 21:34 . 2010-04-04 21:3436400----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\ALWIL.dll
2010-04-04 21:34 . 2010-04-04 21:3433328----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\Microsoft Corporation.dll
2010-04-04 21:34 . 2010-04-04 21:3432304----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\MicrosoftAV.dll
2010-04-04 21:34 . 2010-04-04 21:34174592----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\64bitProxy.exe
2010-04-04 21:34 . 2010-04-04 21:34150064----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\FWManager.dll
2010-04-04 21:34 . 2010-04-04 21:3424112----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\AVManager.dll
2010-04-04 21:34 . 2010-04-04 21:34151088----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\OPSWATAVCommon.dll
2010-04-04 21:34 . 2010-04-04 21:3419120----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\libinspector.dll
2010-04-04 21:33 . 2010-04-04 21:3314512----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\libdesktop.dll
2010-04-04 21:33 . 2010-04-04 21:3347280----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco HostScan\bin\hostscan.exe
2010-04-04 21:33 . 2010-04-04 21:3329872----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe
2010-04-04 21:33 . 2010-04-04 21:33--------d-----w-c:\users\Mommy and Daddy\AppData\Roaming\Cisco
2010-04-04 03:10 . 2010-04-04 03:10509552----a-w-c:\programdata\Google\Google Toolbar\Update\gtb563C.tmp.exe
2010-04-02 05:28 . 2010-04-02 05:28--------d-----w-c:\users\Sean\AppData\Roaming\MPEG Streamclip
2010-03-31 06:00 . 2010-03-31 06:0086016----a-w-c:\windows\system32\frapsvid.dll
2010-03-25 03:16 . 2010-03-25 03:1648788----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\uninstallOctazen.exe
2010-03-25 02:34 . 2010-03-25 02:34--------d-----w-c:\users\Mommy and Daddy\AppData\Local\Smilebox
2010-03-25 02:34 . 2010-03-25 03:16--------d-----w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox
2010-03-25 02:34 . 2010-03-25 02:3459313----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 05:58 . 2009-11-16 03:55--------d-----w-c:\program files\Common Files\Akamai
2010-04-22 05:54 . 2009-12-17 22:04--------d-----w-c:\program files\Cheat Engine
2010-04-22 04:55 . 2009-04-29 02:29--------d-----w-c:\programdata\Google Updater
2010-04-22 03:48 . 2008-12-06 22:13--------d-----w-c:\users\Sean\AppData\Roaming\gtk-2.0
2010-04-21 22:58 . 2008-03-21 21:56--------d-----w-c:\program files\OGPlanet
2010-04-21 21:50 . 2008-03-22 09:21114936----a-w-c:\users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-21 21:44 . 2009-11-15 22:43--------d-----w-c:\program files\Microsoft Silverlight
2010-04-21 13:00 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail
2010-04-21 12:58 . 2007-09-02 11:39--------d-----w-c:\programdata\Microsoft Help
2010-04-21 12:29 . 2007-09-02 11:41--------d-----w-c:\program files\Microsoft Works
2010-04-21 12:18 . 2007-09-02 11:46--------d-----w-c:\program files\Microsoft SQL Server
2010-04-20 05:06 . 2008-11-28 02:17--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2010-04-18 21:28 . 2008-04-12 21:33--------d-----w-c:\users\Sean\AppData\Roaming\LimeWire
2010-04-17 15:07 . 2008-04-28 00:13--------d-----w-c:\program files\Google
2010-04-16 21:54 . 2009-09-20 23:51--------d-----w-c:\users\Sean\AppData\Roaming\IObit
2010-04-09 22:57 . 2008-10-04 15:51--------d-----w-c:\users\Kimmy\AppData\Roaming\LimeWire
2010-04-05 18:10 . 2009-08-22 23:43--------d-----w-c:\program files\Counter-Strike Source
2010-04-05 15:14 . 2009-09-06 20:29--------d-----w-c:\program files\IObit
2010-04-02 18:35 . 2008-10-01 01:53--------d-----w-c:\users\Sean\AppData\Roaming\Publish Providers
2010-03-09 19:15 . 2010-02-17 21:05287368----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxTray.exe
2010-03-09 16:50 . 2010-04-21 03:5552736----a-w-c:\windows\AppPatch\iebrshim.dll
2010-02-24 14:16 . 2009-10-03 06:29181632------w-c:\windows\system32\MpSigStub.exe
2010-02-24 06:48 . 2008-06-13 01:10--------d-----w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire
2010-02-24 03:00 . 2010-02-24 03:0020480----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-02-24 03:00 . 2010-02-24 03:0018944----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-02-24 03:00 . 2010-02-24 03:0017408----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2010-02-24 03:00 . 2010-02-24 03:008192----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-02-24 03:00 . 2010-02-24 03:0020480----a-w-c:\users\Mommy and Daddy\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-02-23 20:46 . 2010-03-11 14:37419040----a-w-c:\windows\system32\WMInstallMgrUninst.exe
2010-02-23 20:46 . 2010-03-11 14:3762688----a-w-c:\windows\system32\WMWebLauncherUninst.exe
2010-02-23 20:46 . 2010-03-11 14:37255200----a-w-c:\windows\system32\SystemObserver.dll
2010-02-23 20:46 . 2010-03-11 14:3754496----a-w-c:\windows\system32\GetInfoLauncher.exe
2010-02-23 13:14 . 2010-04-21 03:58211968----a-w-c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 13:14 . 2010-04-21 03:5858368----a-w-c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 13:14 . 2010-04-21 03:58102400----a-w-c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:473604480----a-w-c:\windows\system32\GPhotos.scr
2010-02-18 14:54 . 2010-04-21 03:583502480----a-w-c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:54 . 2010-04-21 03:583468168----a-w-c:\windows\system32\ntoskrnl.exe
2010-02-17 21:05 . 2010-02-18 00:50397960----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxStarter.exe
2010-02-17 21:05 . 2010-02-18 00:10168584----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2010-02-17 21:05 . 2010-02-17 21:05217736----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxDvd.exe
2010-02-17 20:50 . 2010-02-17 20:501602184----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxClient.exe
2010-02-17 20:10 . 2010-02-17 20:10344712----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2010-02-17 20:10 . 2010-02-17 20:10135816----a-w-c:\users\Mommy and Daddy\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2010-02-11 03:16 . 2010-02-11 03:1641872----a-w-c:\windows\system32\xfcodec.dll
2010-01-30 17:41 . 2010-01-30 17:41282624----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
2010-01-30 17:41 . 2010-01-30 17:41200704----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
2010-01-30 17:41 . 2010-01-30 17:4115872----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
2010-01-30 17:41 . 2010-01-30 17:41110592----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
2010-01-30 17:41 . 2010-01-30 17:4119968----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
2010-01-30 17:41 . 2010-01-30 17:41225280----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
2010-01-30 17:41 . 2010-01-30 17:4120992----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
2010-01-30 17:41 . 2010-01-30 17:4120480----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-01-30 17:41 . 2010-01-30 17:4118944----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-01-30 17:41 . 2010-01-30 17:4117408----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2010-01-30 17:41 . 2010-01-30 17:418192----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-01-30 17:41 . 2010-01-30 17:4120480----a-w-c:\users\Sean\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-01-25 12:58 . 2010-04-21 03:54473088----a-w-c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-04-21 03:54154624----a-w-c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-04-21 03:54154112----a-w-c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-04-21 03:54472576----a-w-c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-04-21 03:54312320----a-w-c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-04-21 03:54435712----a-w-c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-04-21 03:54515584----a-w-c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-04-21 03:54431104----a-w-c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-04-21 03:54523776----a-w-c:\windows\system32\RMActivate_isv.exe
.

------- Sigcheck -------

[-] 2009-03-30 . 74B6336C7ACC815483C2399BDD53EFCC . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24325000----a-w-c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-17 2920632]
"cdloader"="c:\users\Sean\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-23 1006264]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\users\Kimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mises … jour planifi‚es.lnk - c:\program files\Quicken\bagent.exe [2003-4-18 53248]
M‚mento Quicken.lnk - c:\program files\Quicken\billmind.exe [2003-4-18 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate1c9c8726becfc2b;Google Update Service (gupdate1c9c8726becfc2b);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 133104]
R2 mrtRate;mrtRate;

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-15 2804788]
R3 XDva189;XDva189;c:\windows\system32\XDva189.sys

R3 XDva193;XDva193;c:\windows\system32\XDva193.sys

R3 XDva202;XDva202;c:\windows\system32\XDva202.sys

R3 XDva309;XDva309;c:\windows\system32\XDva309.sys

S1 aswSP;avast! Self Protection;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-10 02:29]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 02:30]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 02:30]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3988202556-4294345629-2372359041-1003Core.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-07-11 23:46]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3988202556-4294345629-2372359041-1003UA.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-07-11 23:46]

2010-04-22 c:\windows\Tasks\User_Feed_Synchronization-{D3E6FF0B-1889-4DA0-85D0-4DB5C614576B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-21 11:31]
.
.
------- Supplementary Scan -------
.
mStart PAGE = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride =
uInternet Settings,PROXYSERVER = http=127.0.0.1:5555
DPF: {87A638DE-396F-40FD-A2F8-01B56072F553} - hxxp://download.gemfighter.com/launcher/gemx2.cab
DPF: {BD68328E-1222-4A62-BA16-E6F42CA49A64} - hxxp://gf.wemade.com/comsso/active/WMInstallMgr.cab
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\yq7b81t9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1265259818&rver=6.0.5285.0℘=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\yq7b81t9.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sean\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Sean\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Fraps - c:\users\Sean\Desktop\Fraps\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 01:57
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000006CE42FA671EAFB0412 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-22 02:02:22
ComboFix-quarantined-files.txt 2010-04-22 06:02

Pre-Run: 45,322,604,544 bytes free
Post-Run: 47,394,820,096 bytes free

- - End Of File - - 73F15F2102F69EBC06AE56A8CCC8FBE8 Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

==================

GMER

Note about this tool:

This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
No matter what is in the log, please post all the information/contents of the log.

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.

Once the scan is complete, you may receive another notice about rootkit activity.

Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Solve : ''File cannot be executed. The file ______ is infected.'' Problem?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment