Help With Alureon-K Rootkit

[neoraido]

Hello,

I have a PC that is running Windows Vista that is infected with a Alureon-K rootkit on it that I have been unable to remove. I would appreciate any help you can give.

DDS

---------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by user at 23:45:52 on 2012-03-16

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1806 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

Notify: igfxcui - igfxdev.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-16 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-16 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-16 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-16 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-16 44768]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-16 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-16 20464]

R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-23 1245064]

S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-23 180272]

.

=============== Created Last 30 ================

.

2012-03-16 17:23:17 -------- d-----w- c:\users\user\appdata\local\temp

2012-03-16 17:22:31 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-16 15:15:41 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2012-03-16 15:15:33 -------- d-----w- c:\programdata\Malwarebytes

2012-03-16 15:15:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 15:15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-16 14:21:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-16 13:47:51 98816 ----a-w- c:\windows\sed.exe

2012-03-16 13:47:51 518144 ----a-w- c:\windows\SWREG.exe

2012-03-16 13:47:51 256000 ----a-w- c:\windows\PEV.exe

2012-03-16 13:47:51 208896 ----a-w- c:\windows\MBR.exe

2012-03-16 07:54:10 80896 ----a-w- c:\windows\system32\MSNP.ax

2012-03-16 07:54:10 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-03-16 07:54:03 293376 ----a-w- c:\windows\system32\psisdecd.dll

2012-03-16 07:54:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2012-03-16 07:43:02 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2012-03-16 07:24:08 97800 ----a-w- c:\windows\system32\infocardapi.dll

2012-03-16 07:24:06 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2012-03-16 07:24:03 622080 ----a-w- c:\windows\system32\icardagt.exe

2012-03-16 07:24:03 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2012-03-16 07:24:02 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-03-16 07:24:02 11264 ----a-w- c:\windows\system32\icardres.dll

2012-03-16 07:23:57 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2012-03-16 07:23:49 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2012-03-16 07:15:53 96760 ----a-w- c:\windows\system32\dfshim.dll

2012-03-16 07:15:47 282112 ----a-w- c:\windows\system32\mscoree.dll

2012-03-16 07:15:46 41984 ----a-w- c:\windows\system32\netfxperf.dll

2012-03-16 07:15:28 158720 ----a-w- c:\windows\system32\mscorier.dll

2012-03-16 07:15:18 83968 ----a-w- c:\windows\system32\mscories.dll

2012-03-16 07:11:28 24064 ----a-w- c:\windows\system32\nshhttp.dll

2012-03-16 07:11:22 411136 ----a-w- c:\windows\system32\drivers\http.sys

2012-03-16 07:11:21 31232 ----a-w- c:\windows\system32\httpapi.dll

2012-03-16 07:07:25 -------- d-----w- c:\program files\MSXML 4.0

2012-03-16 06:52:28 67072 ----a-w- c:\windows\system32\asycfilt.dll

2012-03-16 06:52:26 71680 ----a-w- c:\windows\system32\atl.dll

2012-03-16 06:52:19 1399296 ----a-w- c:\windows\system32\msxml6.dll

2012-03-16 06:52:15 501760 ----a-w- c:\windows\system32\usp10.dll

2012-03-16 06:52:13 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2012-03-16 06:52:13 515584 ----a-w- c:\program files\windows mail\wab.exe

2012-03-16 06:52:12 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2012-03-16 06:52:03 72704 ----a-w- c:\windows\system32\fontsub.dll

2012-03-16 06:52:03 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-03-16 06:52:03 292864 ----a-w- c:\windows\system32\atmfd.dll

2012-03-16 06:52:03 10240 ----a-w- c:\windows\system32\dciman32.dll

2012-03-16 06:52:00 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2012-03-16 06:51:55 409600 ----a-w- c:\windows\system32\odbc32.dll

2012-03-16 06:51:54 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-03-16 06:51:54 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll

2012-03-16 06:51:53 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll

2012-03-16 06:51:53 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2012-03-16 06:51:53 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2012-03-16 06:51:48 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2012-03-16 06:48:56 1136640 ----a-w- c:\windows\system32\mfc42.dll

2012-03-16 06:47:55 160256 ----a-w- c:\windows\system32\wkssvc.dll

2012-03-16 06:47:47 1315840 ----a-w- c:\windows\system32\ole32.dll

2012-03-16 06:47:46 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2012-03-16 06:47:39 296960 ----a-w- c:\windows\system32\gdi32.dll

2012-03-16 06:47:31 126464 ----a-w- c:\windows\system32\spoolsv.exe

2012-03-16 06:47:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll

2012-03-16 06:47:27 38912 ----a-w- c:\windows\system32\xolehlp.dll

2012-03-16 06:47:21 1257472 ----a-w- c:\windows\system32\msxml3.dll

2012-03-16 06:47:15 157184 ----a-w- c:\windows\system32\t2embed.dll

2012-03-16 06:47:05 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2012-03-16 06:47:03 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2012-03-16 06:46:51 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2012-03-16 06:46:47 269312 ----a-w- c:\windows\system32\es.dll

2012-03-16 06:46:43 1169408 ----a-w- c:\windows\system32\sdclt.exe

2012-03-16 06:46:35 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2012-03-16 06:46:32 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2012-03-16 06:46:29 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-03-16 06:46:28 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-03-16 06:46:08 714240 ----a-w- c:\windows\system32\timedate.cpl

2012-03-16 06:45:55 430080 ----a-w- c:\windows\system32\vbscript.dll

2012-03-16 06:45:47 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2012-03-16 06:45:31 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-03-16 06:45:07 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dfb61f07-218b-4339-b0ff-4cf41a39024b}\mpengine.dll

2012-03-16 06:44:59 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-03-16 06:44:30 636928 ----a-w- c:\windows\system32\localspl.dll

2012-03-16 06:44:21 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2012-03-16 06:44:18 954752 ----a-w- c:\windows\system32\mfc40.dll

2012-03-16 06:44:17 954288 ----a-w- c:\windows\system32\mfc40u.dll

2012-03-16 06:44:10 36352 ----a-w- c:\windows\system32\rtutils.dll

2012-03-16 06:44:01 2927104 ----a-w- c:\windows\explorer.exe

2012-03-16 06:43:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2012-03-16 06:43:49 1695744 ----a-w- c:\windows\system32\gameux.dll

2012-03-16 06:43:46 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2012-03-16 06:43:41 171520 ----a-w- c:\windows\system32\wintrust.dll

2012-03-16 06:43:34 499712 ----a-w- c:\windows\system32\kerberos.dll

2012-03-16 06:43:33 175104 ----a-w- c:\windows\system32\wdigest.dll

2012-03-16 06:43:32 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2012-03-16 06:43:31 72704 ----a-w- c:\windows\system32\secur32.dll

2012-03-16 06:43:31 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-03-16 06:43:30 9728 ----a-w- c:\windows\system32\lsass.exe

2012-03-16 06:42:51 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2012-03-16 06:42:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll

2012-03-16 06:42:24 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll

2012-03-16 06:38:58 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2012-03-16 06:37:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2012-03-16 06:37:43 43520 ----a-w- c:\windows\system32\msdxm.tlb

2012-03-16 06:37:43 18432 ----a-w- c:\windows\system32\amcompat.tlb

2012-03-16 06:36:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2012-03-16 06:36:20 511488 ----a-w- c:\windows\system32\RMActivate.exe

2012-03-16 06:36:19 472576 ----a-w- c:\windows\system32\secproc_isv.dll

2012-03-16 06:36:19 472064 ----a-w- c:\windows\system32\secproc.dll

2012-03-16 06:36:19 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2012-03-16 06:36:19 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2012-03-16 06:36:17 329216 ----a-w- c:\windows\system32\msdrm.dll

2012-03-16 06:36:17 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2012-03-16 06:36:17 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

2012-03-16 06:35:40 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-16 06:35:34 135168 ----a-w- c:\windows\system32\wshom.ocx

2012-03-16 06:35:33 90112 ----a-w- c:\windows\system32\wshext.dll

2012-03-16 06:35:33 155648 ----a-w- c:\windows\system32\wscript.exe

2012-03-16 06:35:33 135168 ----a-w- c:\windows\system32\cscript.exe

2012-03-16 06:35:32 180224 ----a-w- c:\windows\system32\scrobj.dll

2012-03-16 06:35:32 172032 ----a-w- c:\windows\system32\scrrun.dll

2012-03-16 06:34:30 1645568 ----a-w- c:\windows\system32\connect.dll

2012-03-16 06:34:22 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2012-03-16 06:34:22 94720 ----a-w- c:\windows\system32\logagent.exe

2012-03-16 06:34:17 2067456 ----a-w- c:\windows\system32\mstscax.dll

2012-03-16 06:34:16 677888 ----a-w- c:\windows\system32\mstsc.exe

2012-03-16 06:34:10 49152 ----a-w- c:\windows\system32\csrsrv.dll

2012-03-16 06:34:10 375808 ----a-w- c:\windows\system32\winsrv.dll

2012-03-16 06:34:08 61440 ----a-w- c:\windows\system32\msasn1.dll

2012-03-16 06:34:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2012-03-16 06:31:21 -------- d-----w- c:\users\user\appdata\local\Hewlett-Packard

2012-03-16 05:53:33 -------- d-----w- c:\programdata\LightScribe

2012-03-16 05:51:39 310784 ----a-w- c:\windows\system32\unregmp2.exe

2012-03-16 05:51:39 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

2012-03-16 05:51:36 7680 ----a-w- c:\windows\system32\spwmp.dll

2012-03-16 05:51:36 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2012-03-16 05:51:35 4096 ----a-w- c:\windows\system32\msdxm.ocx

2012-03-16 05:51:35 4096 ----a-w- c:\windows\system32\dxmasf.dll

2012-03-16 05:51:35 107520 ----a-w- c:\program files\windows media player\wmpshare.exe

2012-03-16 05:51:35 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe

2012-03-16 05:51:33 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2012-03-16 05:51:11 276992 ----a-w- c:\windows\system32\schannel.dll

2012-03-16 05:50:22 98304 ----a-w- c:\windows\system32\cabview.dll

2012-03-16 05:46:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-16 05:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-16 05:44:44 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-16 05:44:43 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-03-16 05:44:03 41184 ----a-w- c:\windows\avastSS.scr

2012-03-16 05:43:36 -------- d-----w- c:\programdata\AVAST Software

2012-03-16 05:43:36 -------- d-----w- c:\program files\AVAST Software

2012-03-16 05:40:21 2421760 ----a-w- c:\windows\system32\wucltux.dll

2012-03-16 05:40:11 87552 ----a-w- c:\windows\system32\wudriver.dll

2012-03-16 05:40:06 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-03-16 05:40:06 171608 ----a-w- c:\windows\system32\wuwebv.dll

2012-03-16 04:24:25 -------- d-----w- c:\users\user\appdata\roaming\Symantec

2012-03-16 04:24:21 -------- d-----w- c:\users\user\appdata\local\QuickPlay

2012-03-16 04:20:55 -------- d-----w- c:\programdata\Electronic Arts

2012-03-16 04:20:51 -------- d-----w- c:\users\user\appdata\local\Downloaded Installations

2012-03-16 04:16:00 -------- d-----w- c:\users\user\appdata\local\VirtualStore

2012-03-16 04:08:07 -------- d-sh--we C:\Documents and Settings

.

==================== Find3M ====================

.

.

============= FINISH: 23:46:32.17 ===============

Attach.txt

--------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/23/2008 5:31:27 AM

System Uptime: 3/16/2012 11:08:03 PM (0 hours ago)

.

Motherboard: Wistron | | 30CD

Processor: Intel® Core2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 186.112 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.784 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP7: 3/16/2012 12:21:54 AM - First_User_Boot

RP8: 3/16/2012 1:39:58 AM - Windows Update

RP9: 3/16/2012 1:43:25 AM - avast! Free Antivirus Setup

RP10: 3/16/2012 2:43:45 AM - Windows Update

RP11: 3/16/2012 3:00:33 AM - Windows Update

RP12: 3/16/2012 10:22:05 AM - Windows Update

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player ActiveX

Adobe Reader 8.1.0

Adobe Shockwave Player

AIM 6

AppCore

avast! Free Antivirus

Cards_Calendar_OrderGift_DoMorePlugout

ccCommon

Compatibility Pack for the 2007 Office system

Component Framework

Conexant HD Audio

CyberLink YouCam

DVD Suite

EA Link

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 E1

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Smart Web Printing

HP Total Care Advisor

HP Update

HP User Guides 0090

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

Intel® Graphics Media Accelerator Driver

Java 6 Update 2

LabelPrint

LightScribe System Software 1.10.13.1

LiveUpdate (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.1.1000

Marvell Miniport Driver

Microsoft .NET Framework 3.5 SP1

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

NetWaiting

Norton AntiVirus

Norton AntiVirus Help

Norton Confidential Core

Norton Internet Security

Norton Internet Security (Symantec Corporation)

Norton Protection Center

Power2Go

PowerDirector

PSSWCORE

QuickPlay SlingPlayer 0.4.6

Recuva

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

Slingbox Flash Tour

SlingPlayer

SPBBC 32bit

Spybot - Search & Destroy

Symantec Real Time Storage Protection Component

SymNet

The Sims™ Life Stories

Touch Pad Driver

Update for Office 2007 (KB934528)

VideoToolkit01

Viewpoint Media Player

WeatherBug Gadget

.

==== Event Viewer Messages From Past Week ========

.

3/16/2012 2:29:10 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state

3/16/2012 1:40:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state

.

==== End Of File ===========================

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[neoraido]

Hello and thank you very much for getting back to me. I am very sorry that it has taken so long for me to reply, but I must have screwed up the "e-mail me" setting or something.

Unfortunately, this weekend is going to be very hectic for me, but I will run the additional scan and post it as soon as I can. Thank you for your patience and assistance.

[LDTate]

OK

[LDTate]

You still with me?

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!