password.stealer

Yes, please.

After two hours combofix is still in initial scan mode and hasn't completed any stages. Suggestions?

Stop the process.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.


Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  Since those are pretty big files, you can attach them, if you wish.

We can't stop the process. It won't close, and we can't stop with task manager. Also can't restart. We'll do a forced shutdown unless you advise otherwise.

Go ahead with hard shutdown.

Here are the OTL scans

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2009/11/17 22:45:06 | 00,056,376 | ---- | M] () -- C:\Windows\System32\drivers\_AGP440.sys_.vir
[2009/11/13 14:42:38 | 00,002,225 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-K2V7U.lnk
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-K2V7U.lnk = C:\Users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\startup.exe ()
O18 - Protocol\Handler\msdaipp - No CLSID value found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OTL file attached:

Very good.
See, if Combofix will run now.

The link to the renamed combofix is no longer available, should we just download the regular combofix from before?

Try HERE

Combofix not running. Stuck in initial scan mode.

If it's for longer than 30 minutes, stop it and try Safe Mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:52 PM, on 11/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11117 bytes

ComboFix 09-11-23.02 - Michael 11/28/2009 16:23.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2518 [GMT -5:00]
Running from: c:\users\Michael\Desktop\3c786fgt5.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-K2V7U.lnk"
"c:\windows\system32\drivers\_AGP440.sys_.vir"
"c:\windows\system32\drivers\00809203.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\install.tmp
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\advdis.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\arj.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\arjpack.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avlib.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp.dt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\Avp_io32.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp_iont.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp1.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp3info.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avpgs.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avpgui.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avpmgr.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avs.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avspm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avzkrnl.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avzproxy.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avzscan.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\base64.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\base64p.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\basegui.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\avp_x.set
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\backup.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\bt.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\engine.dt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\keylogger.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\klavemu.kdl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\klavemu.kfb
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\krnldrv.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\megabase.avc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neural.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neurald.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neurale.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neuralm.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\ports.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\prt.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\repair.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\rootkit.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\scripts.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf001.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf002.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf003.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf004.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf005.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signfavp.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signfusr.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\sr.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\srdb.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\startup.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\syscheck.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\sysipu.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\tsw.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\verdicts.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bl.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\btdisk.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\btimages.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\buffer.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\cab.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\crpthlpr.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\data\BTImages.dat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\data\sfdb.dat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\deflate.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\dmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\00809203.cat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\00809203.inf
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\00809203.sys
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\drvins32.exe
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\dtreg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\explode.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\filemap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\fsdrvplg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\fssync.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\getsi.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\hashcont.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\hashmd5.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\hccmp.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\ichk2.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\inflate.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\inifile.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\is-K2V7U.cfg
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\is-K2V7U.com
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\is-K2V7U.exe
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\iwgen.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\kldirobj.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\klipc.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\l_llio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\lha.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\mailmsg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\mdmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\memmodsc.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\memscan.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\Microsoft.VC80.CRT.manifest
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\minizip.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\minst.exe
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\mkavio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msoe.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msvcm80.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msvcp80.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msvcr80.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\nfio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\ntfsstrm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\ods.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\params.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\passdmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\pdm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\pdm2rt.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prkernel.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prloader.dll

c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\procmon.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prremote.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prseqio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prutil.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\pxstub.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\qb.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\rar.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\reggrd.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\regmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\0003_Scan_Objects_eventlog.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\detected.idx
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\detected.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\eventlog.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\report.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\resip.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\scmhlpr.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\sfdb.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\avz.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\avzkrnl.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\credits.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\hints.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\iso3166-1.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\main.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\oas.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\prot.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\report.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\scan.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\service.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\settings.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\enums.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\activity.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\application.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Arrow.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\background.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\badmail.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\banner.gif
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Banner.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\battery.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\bootsect.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\collapse.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\danger24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\danger32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\dialer.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\disk.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\display.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\error.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\expand.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\floppy.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Goodmail.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\gripper.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\help.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\help16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\i16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\i24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\i32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ids.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ie.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\info.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\integrity.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\internet.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\internet16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\intranet.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav_en.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav_ru.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav2006.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav2006rus.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_bs.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_caps.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_ctrl.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_enter.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_lshift.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_normal.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_rshift.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_slash.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_space.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_tab.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\key.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kl.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\local.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\lockbutton.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\locked.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\logo.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\mail.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\mail_bad.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_off16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_off32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_on16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_on32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\memory.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_bad.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_deleted.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_good.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_new.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_question.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\navstate.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\navstate2.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\network.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\nonrecursive.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\notepad.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Notify.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\office.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ok.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ok24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ok32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\password.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\pause.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\popup_allowed.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\popup_blocked.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Privacy.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\rdisk.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\regedit.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\regicons.ico
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\run.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\settings.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\startupobj.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\stealth.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\stop.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\t_hdr.bmp
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\t_row.bmp
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\taskbar.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antihacker32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antihackerX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispam32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispamX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispy32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispyX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\datafiles.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\datafiles32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\file32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\fileX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\mail32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\mailX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\pdm32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\pdmX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\prot32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\protection.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\scan32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\scanX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\support.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\support32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\updater32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\updaterX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\web32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\webX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\title.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\trusted.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\unkobj.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\unlocked.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\visa.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\warning.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\warning24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\warning32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\wizard.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\avz.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\main.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\oas.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\prot.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\report.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\scan.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\service.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\settings.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\prot.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\skin.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\sounds\Infected.wav
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\stdcomp.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\stenum2.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\stored.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\superio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\tempfile.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\thpimpl.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\timer.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\tm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unarj.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\uniarc.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unlzx.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unreduce.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unshrink.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unstored.ppl

c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\vmarea.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\wdiskio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\winreg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\xorio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\zcompare.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Log.bat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Scan.bat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Script.bat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Start.lnk
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\unins000.dat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\unins000.exe
c:\windows\system32\drivers\00809203.sys
c:\windows\system32\wbem\Performance\WmiApRpl_new.h

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 21:31 . 2009-11-28 21:55 -------- d-----w- c:\users\Michael\AppData\Local\temp
2009-11-28 21:31 . 2009-11-28 21:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-28 21:31 . 2009-11-28 21:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-28 21:31 . 2009-11-28 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-28 21:21 . 2009-11-28 21:21 49152 d-----w- C:\32788R22FWJFW
2009-11-25 04:34 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:09 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:09 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 00:28 . 2009-11-23 00:28 -------- d-----w- C:\_OTL
2009-11-17 16:51 . 2009-11-17 16:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 04:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 04:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 04:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 04:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 04:05 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 04:05 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 04:05 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-15 22:35 . 2009-11-15 22:35 574 ----a-w- C:\cleanup.bat
2009-11-15 22:35 . 2009-11-15 22:35 135168 ----a-w- C:\zip.exe
2009-11-15 05:15 . 2009-11-15 05:15 -------- d-----w- c:\program files\WOT
2009-11-13 02:23 . 2009-11-18 03:50 437846048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-11 02:49 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 02:49 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 23:29 . 2009-11-05 23:29 -------- d-----w- c:\users\Michael\DoctorWeb
2009-11-04 01:38 . 2009-11-04 01:38 -------- d-----w- c:\program files\iPod
2009-11-04 01:27 . 2009-11-04 01:27 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 03:58 . 2009-11-02 03:58 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 00:53 . 2008-07-02 04:09 4096 d-----w- c:\programdata\Google Updater
2009-11-27 02:47 . 2009-07-03 17:57 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-11-24 22:01 . 2009-02-15 16:17 42237 ----a-w- c:\programdata\nvModes.dat
2009-11-21 18:32 . 2009-09-13 04:50 34 ----a-w- c:\windows\system32\BD5250DN.DAT
2009-11-18 03:50 . 2009-11-13 02:23 5133128 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-17 16:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 16:46 . 2009-11-17 16:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 16:45 . 2009-11-17 16:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-15 01:00 . 2008-07-29 14:47 4096 d-----w- c:\users\Michael\AppData\Roaming\DNA
2009-11-14 16:56 . 2008-03-10 18:04 -------- d-----w- c:\programdata\Viewpoint
2009-11-11 03:50 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 03:38 . 2008-03-10 18:37 8192 d-----w- c:\programdata\Microsoft Help
2009-11-04 01:40 . 2009-09-23 00:06 4096 d-----w- c:\program files\iTunes
2009-11-04 01:38 . 2009-06-14 00:14 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 00:31 . 2008-07-28 18:39 1356 ----a-w- c:\users\Michael\AppData\Local\d3d9caps.dat
2009-11-03 01:42 . 2009-10-02 22:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 23:26 . 2009-04-27 02:29 117760 ----a-w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-29 21:45 . 2008-07-09 02:13 4096 d-----w- c:\program files\SpywareBlaster
2009-10-29 19:04 . 2009-07-03 17:57 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-29 19:04 . 2009-07-03 17:57 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-29 19:04 . 2009-07-03 17:57 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 19:04 . 2009-07-03 17:57 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-29 19:04 . 2009-07-03 17:57 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 19:04 . 2009-07-03 17:57 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-17 23:42 . 2009-10-17 23:42 4096 d-----w- c:\program files\Photo Viewer
2009-10-13 19:56 . 2009-09-03 01:06 1541416 ----a-w- c:\programdata\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 19:41 . 2009-10-13 19:41 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2009-10-13 19:40 . 2009-06-15 22:07 77344 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-11 20:50 . 2009-10-11 18:36 -------- d-----w- c:\users\Michael\AppData\Roaming\U3
2009-10-11 16:42 . 2008-07-02 01:14 77344 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-05 22:04 . 2009-10-05 22:04 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3998.tmp.exe
2009-10-05 00:59 . 2009-10-05 00:58 4096 d-----w- c:\program files\Audacity
2009-10-05 00:52 . 2009-10-05 00:52 -------- d-----w- c:\programdata\AIM
2009-10-05 00:52 . 2009-10-05 00:52 8192 d-----w- c:\program files\AIM
2009-10-05 00:52 . 2009-10-05 00:52 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-03 19:53 . 2009-07-01 22:34 16384 d-----w- c:\program files\Diablo II
2009-10-01 01:02 . 2009-11-17 04:07 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 04:07 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 04:07 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 04:07 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 04:07 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 04:07 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 04:07 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 04:07 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 04:07 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 04:07 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 04:07 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 04:07 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 04:07 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 04:07 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 04:07 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 17:44 . 2009-07-31 21:21 4045528 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-26 21:47 . 2009-09-26 21:47 54 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2009-09-26 21:47 . 2009-09-26 21:47 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2009-09-25 02:10 . 2009-11-17 04:08 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 04:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 04:08 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 04:08 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 04:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 04:08 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 04:08 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 04:08 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 04:08 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 04:08 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 04:08 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 04:08 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 04:08 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 04:08 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 04:08 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 04:08 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 04:08 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 04:08 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 04:08 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 04:08 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 04:08 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 04:08 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 04:08 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 04:08 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 04:08 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 04:08 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 04:08 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-15 23:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 23:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 20:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-27 20:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-10-15 23:06 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\3c786fgt5\CF670.cfxxe" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-10 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-27 271600]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-08-11 1512688]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-08-11 636144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-11-11 333040]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe" [2009-08-11 14064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 19:46 79368 ----a-w- c:\windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):5f,f5,eb,ff,18,3e,ca,01

R0 KmxFw;KmxFw;c:\windows\System32\drivers\KmxFw.sys [6/25/2009 1:10 PM 107512]
R1 KmxAgent;KmxAgent;c:\windows\System32\drivers\KmxAgent.sys [6/25/2009 1:10 PM 73720]
R1 KmxFile;KmxFile;c:\windows\System32\drivers\KmxFile.sys [6/25/2009 1:10 PM 55288]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\System32\drivers\KmxFilter.sys [6/25/2009 1:10 PM 58360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 1:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 72944]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [7/3/2009 12:57 PM 128240]
R2 KmxCF;KmxCF;c:\windows\System32\drivers\KmxCF.sys [6/25/2009 1:10 PM 150520]
R2 KmxSbx;KmxSbx;c:\windows\System32\drivers\KmxSbx.sys [7/30/2008 11:38 AM 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [6/25/2009 1:10 PM 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/25/2009 1:10 PM 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/25/2009 1:10 PM 207352]
R3 KmxCfg;KmxCfg;c:\windows\System32\drivers\KmxCfg.sys [6/25/2009 1:10 PM 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [7/1/2008 8:24 PM 222448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-02 23:57]

2008-10-31 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-10 18:58]

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{3F89A1C6-1F5B-459A-A88C-0E52B8137DE7}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 16:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2887668443-1976344967-1242083675-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,b7,6b,f2,01,fe,c5,6e,b5,0a,b5,43,18,38,29,db,bd,d9,5c,0d,74,
69,e8,77,ca,f1,7a,53,4d,6f,2b,e4,0a,5c,cf,a3,2a,e4,e0,e3,47,e4,70,c1,65,1d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(5536)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-11-28 17:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 22:06
ComboFix2.txt 2009-11-18 04:05
ComboFix3.txt 2009-11-16 03:58
ComboFix4.txt 2009-11-03 03:30

Pre-Run: 54,443,626,496 bytes free
Post-Run: 51,086,393,344 bytes free

- - End Of File - - B5A708E3AA882B0D3AEE95BCE0E6F56B

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow https://discussions.virtualdr.com/im.../2010/11/6.jpg at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Post fresh HijackThis log as well.

Last time we ran DrWebCure it appeared to be on course for about a 12 hour scan. After about 5 hours it crashed. Would running in safe mode help? Or is there an alternative?

Download, and install AVP Tool.
After installation, leave all settings as they're, and simply click on Scan button.
When scan is done, and any objects are found, click on Neutralize all button.
Next, click Reports... button, then Save to file....
Save the file to know location as report.txt.
Open report.txt in Notepad, copy all content, and post it in your next reply.

Post fresh HijackThis log as well.

There was no neutralize all button when the scan was done, and there was no reports... button, but there was a report button, but it didn't give any log or "save as" choice.

Give me fresh HJT log, please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:13 AM, on 11/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: setup_9.0.0.722_29.11.2009_05-21[1].lnk = C:\Users\Michael\Desktop\Virus Removal Tool\setup_9.0.0.722_29.11.2009_05-21[1]\startup.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11491 bytes

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================================

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

===========================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O4 - Startup: setup_9.0.0.722_29.11.2009_05-21[1].lnk = C:\Users\Michael\Desktop\Virus Removal Tool\setup_9.0.0.722_29.11.2009_05-21[1]\startup.exe


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
- O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

We got an error message saying that the startup:setup O4 entry was not deleted. Any suggestions?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:28 PM, on 11/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: setup_9.0.0.722_29.11.2009_05-21[1].lnk = C:\Users\Michael\Desktop\Virus Removal Tool\setup_9.0.0.722_29.11.2009_05-21[1]\startup.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11065 bytes

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  Since those are pretty big files, you can attach them, if you wish.

The Extras log did not open.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_29.11.2009_05-21[1].lnk = C:\Users\Michael\Desktop\Virus Removal Tool\setup_9.0.0.722_29.11.2009_05-21[1]\startup.exe ()

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Files are attached.

Good :)
O4 entry is gone.

Open Windows Explorer and delete this folder (if present):
- C:\Users\Michael\Desktop\Virus Removal Tool


When done....


Your computer is clean https://discussions.virtualdr.com/

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

Sorry to say, that Malware Bytes is still showing the same results as when we started this process. Thanks for all of your help though.

This laptop also gets a lot of "not responding" messages every few minutes in most windows/programs. Do you think this is related or do you have any specific suggestions for that.

Please, post Malwarebytes log.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/13/2009 7:40:22 PM
mbam-log-2009-12-13 (19-40-16).txt

Scan type: Quick Scan
Objects scanned: 100726
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 65

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Config\6to4nt.dll (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\firewall.exe (Backdoor.Bot) -> No action taken.
C:\Windows\system32\Config\htco.exe (Backdoor.Bot) -> No action taken.
C:\Windows\system32\Config\msch24.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\mswinsck.ocx (Backdoor.Bot) -> No action taken.
C:\Windows\system32\Config\RealtekAC.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\sam10.log (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\sysrun.exe (Password.Stealer) -> No action taken.
C:\Windows\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\updater.exe (Backdoor.Bot) -> No action taken.
C:\Windows\system32\Config\Win.exe (IM.Worm) -> No action taken.
C:\Windows\repair\1sass.exe (Backdoor.Agent) -> No action taken.
C:\Windows\repair\kasutio (Rootkit.Rustock) -> No action taken.
C:\Windows\repair\loprt.cmd (Worm.AutoRun) -> No action taken.
C:\Windows\repair\Mirror.exe (Worm.AutoRun) -> No action taken.
C:\Windows\repair\sql.exe (Trojan.Agent) -> No action taken.
C:\Windows\repair\whw.exe (Trojan.Agent) -> No action taken.
C:\Windows\repair\IExp1orer.exe (Trojan.Agent) -> No action taken.
C:\Windows\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\Windows\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Please, do not post any logs saying "No action taken".
I need a log from after the action was taken.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/13/2009 9:47:31 PM
mbam-log-2009-12-13 (21-47-31).txt

Scan type: Quick Scan
Objects scanned: 100384
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 65

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot.
C:\Windows\system32\Config\Win.exe (IM.Worm) -> Delete on reboot.
C:\Windows\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot.
C:\Windows\repair\kasutio (Rootkit.Rustock) -> Delete on reboot.
C:\Windows\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot.
C:\Windows\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot.
C:\Windows\repair\sql.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\repair\whw.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\repair\IExp1orer.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\Windows\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Please, post MBAM log from after reboot.

When the scan ran after the reboot, it found no malicious items. Thanks so much for all of your help in getting rid of them. Here is the log.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/18/2009 9:14:41 PM
mbam-log-2009-12-18 (21-14-41).txt

Scan type: Quick Scan
Objects scanned: 100192
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Very good :)
Happy surfing :)