Author Topic: Malware infection (Read 26866 times)

ToniCarman · « **on:** July 20, 2010, 05:43:57 AM »

Hi,

I have seem to pick up malware again

Your forum was a great success back a few months ago when this happened. I tried to follow the repeat steps to fix, but nothing is working as I get a "security warning" message when trying to attempt anything. I can't get online and also can't get into safe mode. The only way I can run anything is to save it to my flash drive from my laptop and transfer to my PC and even then I have to copy it to my desktop and restart and then quickly click on it before it has time to boot up and flash the virus messages.

Suspicous file(s) in my Program list.
-Antimalware Doctor
-Uniblue

I downloaded and ran CCleaner- successfully

I attempted to download Super Antispyware but it would not install before the malware security messages booted, so I was unsuccessful.

I downloaded and installed Malarebytes' but it will not run.

I didn't move onto hijack this because it specified, after you run the other programs.

Is there anyway I can continue?

Thanks in advance for your time and help with this matter!

Sneakyone · « **Reply #1 on:** July 20, 2010, 03:55:30 PM »

Hi, Welcome back to Computerhope!

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
Please post its log in your next reply.
After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=========

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

ToniCarman · « **Reply #2 on:** July 20, 2010, 04:55:20 PM »

Thanks so much for helping me with this!

Here are the log files you requested.

RKill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Toni on 07/20/2010 at 18:30:50.

Processes terminated by Rkill or while it was running:

Rkill completed on 07/20/2010 at 18:31:38.

OTL

OTL logfile created on: 7/20/2010 6:37:28 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Toni\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 101.11 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Drive D: | 227.52 Gb Total Space | 132.90 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive E: | 5.35 Gb Total Space | 3.41 Gb Free Space | 63.74% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 1.91 Gb Total Space | 0.76 Gb Free Space | 39.76% Space Free | Partition Type: FAT

Computer Name: TONI-423C633C85
Current User Name: Toni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/20 18:30:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/05/28 14:57:50 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/05/28 14:57:50 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010/05/27 06:53:56 | 000,238,928 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
PRC - [2010/05/27 06:53:53 | 000,185,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/02/04 12:18:13 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 06:15:13 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/23 02:18:52 | 000,494,064 | ---- | M] () -- C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/05/21 20:14:48 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/05/21 20:14:48 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/03/24 02:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\VxBlockServer.exe
PRC - [2009/01/28 14:26:18 | 000,014,088 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
PRC - [2009/01/28 14:26:17 | 000,189,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
PRC - [2009/01/28 14:26:17 | 000,173,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
PRC - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/24 23:10:30 | 000,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2008/05/27 02:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/12 01:30:46 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2007/10/18 14:24:46 | 001,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2007/10/18 14:24:46 | 000,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2007/10/18 14:24:44 | 000,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2007/01/31 18:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/05/15 05:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/07/20 18:30:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
MOD - [2009/01/28 14:26:18 | 000,083,208 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOEHook.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
MOD - [2008/04/13 20:12:08 | 000,183,808 | ---- | M] () -- C:\WINDOWS\anuyuvasaxoga.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/28 14:57:50 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/05/27 06:53:53 | 000,185,680 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/02/04 12:18:13 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/21 20:14:48 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/06/24 23:10:30 | 000,281,104 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2008/01/12 01:30:46 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2007/10/18 14:24:46 | 001,010,192 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2007/10/18 14:24:46 | 000,801,296 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/10/18 14:24:44 | 000,145,936 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2007/01/31 18:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/03 12:35:38 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/03 12:35:38 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2009/11/09 08:28:35 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/11/09 08:28:35 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/11/09 08:28:35 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/11/09 08:28:35 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/09/23 08:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/09/18 03:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/07/26 11:26:54 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 11:26:42 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/24 23:08:58 | 000,093,712 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2008/06/24 23:08:56 | 000,066,576 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2008/06/24 23:08:52 | 000,115,216 | ---- | M] (CA) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2008/06/24 23:08:46 | 000,045,584 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2008/06/24 23:08:42 | 000,134,648 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2008/06/24 23:08:42 | 000,088,816 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2008/06/24 23:08:36 | 000,063,504 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/07/09 21:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/17 01:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/27 04:33:54 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 04:33:50 | 000,058,368 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5.112
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{5A4D470B-C9C5-4452-AC72-95292AA9588B}: C:\Documents and Settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B} [2010/07/19 20:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/12 12:33:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/18 12:03:17 | 000,000,000 | ---D | M]

[2009/01/29 11:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toni\Application Data\Mozilla\Extensions
[2010/07/17 12:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions
[2010/07/13 12:18:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/17 10:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\extensions\[email protected]
[2009/10/09 13:45:36 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Mozilla\Firefox\Profiles\r8se12d9.default\searchplugins\ask.xml
[2010/07/17 12:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 12:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/04/16 08:22:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (moigh Object) - {675B23E3-279D-4AEF-B6F7-5783DA94959C} - C:\WINDOWS\system32\hbfqp.dll ()
O2 - BHO: (adShotHlpr Object) - {6892BD80-AD3F-4F86-BF67-05DDFC491C6E} - C:\WINDOWS\system32\lbfqp.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\ybfqp.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKLM..\Run: [QOELOADER] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe (CA)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\lbfqp.dll ()
O4 - HKLM..\Run: [Swisen] C:\WINDOWS\anuyuvasaxoga.DLL ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [070700Setup.exe] C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Documents and Settings\Toni\Local Settings\temp\Gz1.exe ()
O4 - HKCU..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKCU..\Run: [Usorijaxesab] C:\WINDOWS\dimspstl.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.79,93.188.166.229
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/28 09:08:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/11 18:13:39 | 000,000,279 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{74cfcd01-91cf-11df-9f4e-0021970ed2b7}\Shell\AutoRun\command - "" = N:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{7ca8899c-552f-11de-b777-0021970ed2b7}\Shell - "" = AutoRun
O33 - MountPoints2\{7ca8899c-552f-11de-b777-0021970ed2b7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ca8899c-552f-11de-b777-0021970ed2b7}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- [2006/04/18 18:33:36 | 000,950,272 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D94459EA-8CB9-BA5A-C767-15A76912DFBE} - Vector Graphics Rendering (VML)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68693505068761088)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/20 18:36:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
[2010/07/20 07:34:08 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toni\Desktop\mbam-setup-1.46.exe
[2010/07/20 07:15:38 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Toni\Desktop\SUPERAntiSpyware.exe
[2010/07/20 07:07:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Toni\Recent
[2010/07/20 06:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/20 06:55:50 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Toni\Desktop\ccsetup233.exe
[2010/07/20 06:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 06:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\{5A4D470B-C9C5-4452-AC72-95292AA9588B}
[2010/07/19 20:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Sky-Banners
[2010/07/19 20:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Street-Ads
[2010/07/19 20:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp
[2010/07/19 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C
[2010/07/18 12:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/18 12:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\OpenCandy
[2010/07/18 12:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\OpenCandy
[2010/07/18 12:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/07/18 12:02:08 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/07/18 12:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/07/18 12:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Winamp
[2010/07/17 11:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Local Settings\Application Data\AskToolbar
[2010/07/16 16:20:01 | 000,322,352 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Toni\Desktop\utorrent.exe
[2010/07/14 09:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\Application Data\Avery
[2010/07/14 09:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2010/07/14 09:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/07/14 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/07/14 09:05:41 | 089,582,136 | ---- | C] (Avery Dennison Corporation) -- C:\Program Files\DesignPro5_5_Limited.exe
[2010/07/14 05:10:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 13:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toni\My Documents\Resumes
[2010/07/10 15:45:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/23 16:24:01 | 000,562,840 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Toni\Desktop\ChromeSetup.exe
[2 C:\Documents and Settings\Toni\Desktop\*.tmp files -> C:\Documents and Settings\Toni\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/20 18:37:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/20 18:31:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/20 18:31:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/20 18:31:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/20 18:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/20 18:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/20 18:30:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toni\Desktop\OTL.exe
[2010/07/20 18:29:08 | 000,191,655 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/20 18:28:46 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\09f7619a.job
[2010/07/20 18:28:39 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/20 18:28:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/20 18:28:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 18:28:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 18:28:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/20 18:28:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/20 15:57:42 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Toni\NTUSER.DAT
[2010/07/20 15:57:34 | 000,227,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/07/20 15:57:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/07/20 15:57:03 | 000,002,976 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/07/20 15:53:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 08:28:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Toni\ntuser.ini
[2010/07/20 08:01:04 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/20 07:31:58 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toni\Desktop\mbam-setup-1.46.exe
[2010/07/20 07:07:12 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Toni\Desktop\SUPERAntiSpyware.exe
[2010/07/20 06:57:02 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\CCleaner.lnk
[2010/07/20 06:53:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vxahaxedakokox.bin
[2010/07/20 06:48:58 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Toni\Desktop\ccsetup233.exe
[2010/07/19 20:48:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 20:42:25 | 000,767,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\sofih.sys
[2010/07/19 20:38:04 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rloqezaxijoyig.dat
[2010/07/19 20:36:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/19 20:36:17 | 000,001,174 | ---- | M] () -- C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/07/19 20:36:17 | 000,001,140 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/07/19 20:36:15 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk
[2010/07/18 12:25:40 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 12:03:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/18 12:03:56 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/07/18 12:03:27 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/18 12:03:27 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/07/17 20:58:42 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\vso_ts_preview.xml
[2010/07/16 18:46:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/16 16:20:13 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/16 16:20:13 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/16 16:19:59 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Toni\Desktop\utorrent.exe
[2010/07/16 00:06:20 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hbfqp.dll
[2010/07/16 00:06:04 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\lbfqp.dll
[2010/07/15 11:39:37 | 000,395,984 | ---- | M] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/14 12:27:03 | 004,429,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/14 09:07:20 | 089,582,136 | ---- | M] (Avery Dennison Corporation) -- C:\Program Files\DesignPro5_5_Limited.exe
[2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\ybfqp.exe
[2010/07/11 09:50:16 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/11 08:39:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 17:17:37 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Adobe PNG Format CS5 Prefs
[2010/07/09 12:38:18 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Toni\My Documents\~$ni Carman Resume_Sept 2009.doc
[2010/07/08 10:52:49 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 10:52:48 | 000,551,782 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 10:52:48 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/04 11:53:29 | 000,002,108 | ---- | M] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\rx_audio.Cache
[2010/07/02 09:52:35 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.lnk
[2010/07/01 18:01:59 | 000,120,197 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\mug template.pdf
[2010/06/29 09:11:54 | 000,204,348 | ---- | M] () -- C:\Documents and Settings\Toni\Desktop\tonisigbyruby.png
[2010/06/23 16:23:53 | 000,562,840 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Toni\Desktop\ChromeSetup.exe
[2010/06/23 11:24:23 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Toni at 10 24 AM.job
[2 C:\Documents and Settings\Toni\Desktop\*.tmp files -> C:\Documents and Settings\Toni\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/20 07:16:04 | 000,002,976 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/07/20 06:57:02 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\CCleaner.lnk
[2010/07/19 20:38:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vxahaxedakokox.bin
[2010/07/19 20:38:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rloqezaxijoyig.dat
[2010/07/19 20:36:18 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/19 20:36:17 | 000,001,174 | ---- | C] () -- C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/07/19 20:36:17 | 000,001,140 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/07/19 20:36:10 | 000,001,162 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk
[2010/07/19 20:36:04 | 000,767,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\sofih.sys
[2010/07/19 20:36:00 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/19 20:35:51 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\09f7619a.job
[2010/07/18 12:03:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/18 12:03:56 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2010/07/18 12:03:27 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/18 12:03:27 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/07/16 16:20:13 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/16 16:20:13 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/16 00:06:20 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hbfqp.dll
[2010/07/16 00:06:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lbfqp.dll
[2010/07/14 09:10:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/13 20:43:22 | 000,040,581 | ---- | C] () -- C:\WINDOWS\System32\ybfqp.exe
[2010/07/12 11:35:59 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/10 13:58:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/10 13:58:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/10 13:58:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/09 12:38:18 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Toni\My Documents\~$ni Carman Resume_Sept 2009.doc
[2010/07/05 17:20:44 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Adobe PNG Format CS5 Prefs
[2010/07/04 11:53:14 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Toni\Local Settings\Application Data\rx_audio.Cache
[2010/07/02 09:52:35 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.lnk
[2010/07/01 18:01:58 | 000,120,197 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\mug template.pdf
[2010/06/29 09:11:54 | 000,204,348 | ---- | C] () -- C:\Documents and Settings\Toni\Desktop\tonisigbyruby.png
[2009/06/04 09:35:32 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/02/17 15:39:44 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/30 01:46:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/28 14:22:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/02/04 22:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 14:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 14:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 14:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/15 20:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2006/10/31 02:35:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/31 02:35:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/31 02:35:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/31 02:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/31 02:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/31 02:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\anuyuvasaxoga.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/04 13:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/28 00:52:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/28 00:52:35 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/28 00:52:35 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/07/20 18:28:10 | 000,085,815 | ---- | M] () -- C:\aaw7boot.log
[2009/01/28 09:08:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/28 09:04:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/16 08:09:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/01/28 14:24:17 | 000,036,412 | ---- | M] () -- C:\caavsetupLog.txt
[2010/05/29 08:15:39 | 000,478,789 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/04/16 08:27:08 | 000,023,340 | ---- | M] () -- C:\ComboFix.txt
[2009/01/28 09:08:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/13 19:07:44 | 000,024,152 | ---- | M] () -- C:\debug.log
[2009/01/28 09:08:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/10 14:19:48 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/01/28 09:08:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/28 11:00:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/20 18:28:11 | 2011,607,040 | -HS- | M] () -- C:\pagefile.sys
[2010/07/20 18:31:38 | 000,000,317 | ---- | M] () -- C:\rkill.log
[2009/12/17 23:22:46 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2010/07/19 20:36:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %PROGRAMFILES%\*. >
[2010/07/10 13:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/16 15:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/01/30 12:45:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/17 10:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/07/14 09:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2009/06/10 15:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/03/15 21:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\BookSmart
[2009/01/28 14:24:22 | 000,00

Sneakyone · « **Reply #3 on:** July 20, 2010, 08:51:54 PM »

Hi,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
MOD - [2008/04/13 20:12:08 | 000,183,808 | ---- | M] () -- C:\WINDOWS\anuyuvasaxoga.dll
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\ybfqp.exe ()
O4 - HKLM..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKLM..\Run: [sta] C:\WINDOWS\System32\lbfqp.dll ()
O4 - HKLM..\Run: [Swisen] C:\WINDOWS\anuyuvasaxoga.DLL ()
O4 - HKCU..\Run: [070700Setup.exe] C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Documents and Settings\Toni\Local Settings\temp\Gz1.exe ()
O4 - HKCU..\Run: [pijippxx] C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe ()
O4 - HKCU..\Run: [Usorijaxesab] C:\WINDOWS\dimspstl.DLL (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe (MS)

:Files
C:\WINDOWS\anuyuvasaxoga.dll
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp
C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C
C:\WINDOWS\tasks\09f7619a.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\WINDOWS\Vxahaxedakokox.bin
C:\WINDOWS\System32\drivers\sofih.sys
C:\WINDOWS\Rloqezaxijoyig.dat
C:\zrpt.xml
C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk
C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk
C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\System32\hbfqp.dll
C:\WINDOWS\System32\lbfqp.dll
C:\WINDOWS\System32\ybfqp.exe
C:\WINDOWS\lsrslt.ini

:commands
[emptytemp]
[resethosts]
[reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Note: If this fix becomes unresponsive please move on to ComboFix.

=========

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

ToniCarman · « **Reply #4 on:** July 21, 2010, 08:50:24 AM »

I had to restart the computer before applying fix because it was frozen - not sure exactly why- but I couldn't do anything. After reboot the malware was back (like you stated it would be) I reran rkill and then applied fix.

rkill log - run 2

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Toni on 07/21/2010 at 7:13:07.

Processes terminated by Rkill or while it was running:

C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe
C:\Documents and Settings\Toni\Local Settings\temp\3.tmp\nircmdc.rkexe

Rkill completed on 07/21/2010 at 7:13:37.

Rkill completed on 07/21/2010 at 7:14:29.

Then I ran the fix-

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\system32\ybfqp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pijippxx deleted successfully.
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
C:\WINDOWS\system32\lbfqp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Swisen deleted successfully.
C:\WINDOWS\anuyuvasaxoga.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\070700Setup.exe deleted successfully.
C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JDK5SWFMZY deleted successfully.
C:\Documents and Settings\Toni\Local Settings\temp\Gz1.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pijippxx deleted successfully.
File C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp\lnfbhrdtssd.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Usorijaxesab deleted successfully.
C:\WINDOWS\dimspstl.dll moved successfully.
C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk moved successfully.
File C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C\070700Setup.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\anuyuvasaxoga.dll not found.
C:\Documents and Settings\Toni\Local Settings\Application Data\myqfrgihp folder moved successfully.
C:\Documents and Settings\Toni\Application Data\9E069E6359222CF83AE721545AEBCE3C folder moved successfully.
C:\WINDOWS\tasks\09f7619a.job moved successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\WINDOWS\Vxahaxedakokox.bin moved successfully.
C:\WINDOWS\System32\drivers\sofih.sys moved successfully.
C:\WINDOWS\Rloqezaxijoyig.dat moved successfully.
C:\zrpt.xml moved successfully.
File\Folder C:\Documents and Settings\Toni\Start Menu\Programs\Startup\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Toni\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
C:\Documents and Settings\Toni\Desktop\Antimalware Doctor.lnk moved successfully.
C:\Documents and Settings\Toni\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\WINDOWS\System32\hbfqp.dll moved successfully.
File\Folder C:\WINDOWS\System32\lbfqp.dll not found.
File\Folder C:\WINDOWS\System32\ybfqp.exe not found.
C:\WINDOWS\lsrslt.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 20 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8304367 bytes
->Flash cache emptied: 948 bytes

User: Toni
->Temp folder emptied: 12656977 bytes
->Temporary Internet Files folder emptied: 180430 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35557849 bytes
->Google Chrome cache emptied: 412120234 bytes
->Flash cache emptied: 3279 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 198375 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40721346 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5479344 bytes

Total Files Cleaned = 492.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07212010_071812

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I have been attempting to run combo fix for the last 3 hours. The blue Auto scan box is displayed stating " Scanning for infected files... This typically doesn't take more then 10 minutes. However, scan times for badly infected machines can easily double."

Should it take this long? I will continue the scan, but wanted to post an update just in case there is something else I should do.

Sneakyone · « **Reply #5 on:** July 21, 2010, 11:12:03 AM »

Hi,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.

Once the scan is complete, you may receive another notice about rootkit activity.

Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

ToniCarman · « **Reply #6 on:** July 21, 2010, 05:02:25 PM »

I ran GMER and it scanned forever.. upon clicking OK- no log was displayed.

There was something that popped up on the screen- Just-In-Time Bugging (I tried to capture a screenshot to show you but the computer froze up) This showed up before when running a previous scan but it still let me continue. I wasn't sure what to select for this, so I left it alone. Microsoft Recovery Console was within the message box.

After the computer froze I reset the computer and redid the GMER scan. An error message was displayed that the scan couldn't continue to select OK or Cancel. I selected OK.

I tried to do it again, but nothing was displayed upon selecting the GMER.exe icon.

Not sure how to proceed.

Sneakyone · « **Reply #7 on:** July 21, 2010, 05:30:05 PM »

Hi,

To disable CD Emulation programs using DeFogger please perform these steps:

Please download DeFogger to your desktop.
Once downloaded, double-click on the DeFogger icon to start the tool.
The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
When it prompts you whether or not you want to continue, please click on the Yes button to continue
When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

=================

Now, please try running ComboFix again, please tell me how this process goes.

ToniCarman · « **Reply #8 on:** July 21, 2010, 06:20:28 PM »

Did the DeFogger successfully. Re ran Combo Fix and it went through all begining prompts and we are at the same screen (for 20 mins and no change)- "Scanning for infected files...this typically doesn't take more then 10 mins. However, scan times for badly infected machines may easily double". Last time it did the for 5 hours and no change.

Sneakyone · « **Reply #9 on:** July 21, 2010, 06:28:16 PM »

Hmm, odd.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL C
Open a Notepad and press CTRL V
Post the output back here.

ToniCarman · « **Reply #10 on:** July 21, 2010, 06:41:27 PM »

Bootkit Remover Output:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive1
MD5: 35c61e6d485a3163078db7b3aca68eea
\\.\E: -> \\.\PhysicalDrive1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
232 GB \\.\PhysicalDrive1 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Press any key to quit...

Sneakyone · « **Reply #11 on:** July 21, 2010, 06:45:16 PM »

Hi,

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive1
EXIT

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

ToniCarman · « **Reply #12 on:** July 21, 2010, 06:53:24 PM »

Begins running and a messages is displayed to reboot.

I rebooted. Opened fine. Any next steps?

Sneakyone · « **Reply #13 on:** July 21, 2010, 07:34:32 PM »

Hi,

Please run it again as you did the first time, so I can make sure it is gone?

ToniCarman · « **Reply #14 on:** July 21, 2010, 07:50:29 PM »

reran:

Bootkit Remover cersion 1.0.0.1
<c> 2009 eSage Lab
www.esagelab.com

Restoring book code at \\.\Phiscaldrive1...
OK

Press any key to quit...

Computer Hope Forum

News:

Author Topic: Malware infection (Read 26866 times)

ToniCarman

Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection

Sneakyone

Re: Malware infection

ToniCarman

Re: Malware infection