Jump to content

Need Log analyzed PLEASE.


Recommended Posts

My desktop log, any advice?:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:35:18 PM, on 8/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Gamevance\gamevance32.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Safari\Safari.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll

O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-789336058-813497703-839522115-1003\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Owner')

O4 - HKUS\S-1-5-21-789336058-813497703-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner')

O4 - HKUS\S-1-5-21-789336058-813497703-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Owner')

O4 - Startup: is-U3G61.lnk = C:\Documents and Settings\Nora de'Campo\Desktop\Virus Removal Tool\is-U3G61\startup.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 10359 bytes

Link to post
Share on other sites

  • Staff

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Hello Mieke,

Thanks for the reply, I was able to download Malawarebytes already, but it would not start up at all ever. That's when I downloaded the RootRepeal, but it too won't start. I downloaded Rootpeal 3x and saved it in different locations, but it never starts! In fact my windows keeps on crashing. Finally for whatever reason Rootpeal decided to start. Now when I ask it to scan my files in "C" drive I get a prompt that say that an "unrecognized partition type 6 has occurred." Ughhhhhhh!

This is really getting unbelievable.

Any ideas?

Martin

Link to post
Share on other sites

  • Staff

Hi,

Download and run Win32kDiag:

Link to post
Share on other sites

  • Staff

Extra question..

What is this?

O4 - Startup: is-U3G61.lnk = C:\Documents and Settings\Nora de'Campo\Desktop\Virus Removal Tool\is-U3G61\startup.exe

Also, I see you have the Ask Toolbar, Gamevance Toolbar and Alot toolbar installed. Please uninstall all 3 of them since they are not recommended. Then reboot.

Also, did you purchase Spyware Doctor? If not, please uninstall it as well, because it's running in the background otherwise, using extra resources while it won't do anything then.

Link to post
Share on other sites

Extra question..

What is this?

O4 - Startup: is-U3G61.lnk = C:\Documents and Settings\Nora de'Campo\Desktop\Virus Removal Tool\is-U3G61\startup.exe

Also, I see you have the Ask Toolbar, Gamevance Toolbar and Alot toolbar installed. Please uninstall all 3 of them since they are not recommended. Then reboot.

Also, did you purchase Spyware Doctor? If not, please uninstall it as well, because it's running in the background otherwise, using extra resources while it won't do anything then.

Hello Mieke, thank you for your fast replies. I just wanted to clarify. I am in need of cleaning two computers. One laptop and one desktop. The data you just saw above is that of my desktop. Yes, I got rid of the Gamevance, Alot toolbar, and the Ask toolbar, all 3 gone from desktop. Not sure what U3G61 is, I believe that's something I downloaded from the Kaspersky site. However, on my desktop when I try to load and run malawarebytes, I get a path error message like the computer doesn't know where the program is. Even when I go right in to the containing folder and click on malawarebytes, my desktop still says unknown path. This is a new reaction, I"ve not seen discussed on the forum yet.

I will make sure and run Win32kDiag on my desktop and report the results. Thanks again!

Martin

Link to post
Share on other sites

  • Staff

Hi,

Lets do one computer at a time because it's extremely confusing for me.

Also, Go to next site:

http://www.virustotal.com/en/indexf.html

On top you'll find 'Browse'

Click the browse button and browse to next file:

C:\Documents and Settings\Nora de'Campo\Desktop\Virus Removal Tool\is-U3G61\startup.exe

Click open.

Then click the 'Send' button next to it.

This will scan the file. Please be patient.

Once scanned, copy and paste the results in your next reply.

Link to post
Share on other sites

Hi,

Lets do one computer at a time because it's extremely confusing for me.

Also, Go to next site:

http://www.virustotal.com/en/indexf.html

On top you'll find 'Browse'

Click the browse button and browse to next file:

C:\Documents and Settings\Nora de'Campo\Desktop\Virus Removal Tool\is-U3G61\startup.exe

Click open.

Then click the 'Send' button next to it.

This will scan the file. Please be patient.

Once scanned, copy and paste the results in your next reply.

OK, will focus on the DESKTOP FIRST. I will do this virustotal, as well. I am however currently running the Win32kDiag application on the desktop. Thank you and I will report back to you.

Link to post
Share on other sites

OK, will focus on the DESKTOP FIRST. I will do this virustotal, as well. I am however currently running the Win32kDiag application on the desktop. Thank you and I will report back to you.

Here are the results from the Win32Diag application txt file:

Log file is located at: C:\Documents and Settings\Nora de'Campo\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB944338-v2\KB944338-v2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB953838\KB953838

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\Hewlett-Packard\Setup Files\HP Software Update\{59D24A3B-8908-4D44-939A-EAF85F66580C}\1033.MST

Link to post
Share on other sites

  • Staff

Hi,

It looks like the log is incomplete. Anyway, do the following please..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Hi,

It looks like the log is incomplete. Anyway, do the following please..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

OK, will do this combofix as well. However, do know that the virus total was unable to locate: "C:\Documents and Settings\Nora de'Campo\Desktop\Virus Removal Tool\is-U3G61\startup.exe" Which is weird because I don't remember removing it.

Thank you, will proceed to combofix.

Link to post
Share on other sites

OK, here is the log from the Combofix and the results of what it did on my desktop. I think it's fixed yes?

ComboFix 09-08-30.04 - Nora de'Campo 08/31/2009 10:00.1.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2219 [GMT -7:00]

Running from: c:\documents and settings\Nora de'Campo\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Nora de'Campo\Application Data\alot

c:\documents and settings\Owner\Application Data\alot

c:\documents and settings\Paloma N. de'Campo\Application Data\alot

c:\documents and settings\Sebastian F de'Campo\Application Data\alot

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_9\Button_9.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Button_9\Button_9.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\configurator\configurator.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\products\products.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\products\products.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_3\images\1307_icon.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_4\images\2462_icon.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_5\images\default_1684_alot_mrkt_starpulse.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_5\images\default_1684_alot_mrkt_starpulse.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_6\images\default_1319_alot_mov_hdtrailers.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_6\images\default_1319_alot_mov_hdtrailers.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_7\images\2427_icon.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_8\images\2558_icon.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_8\images\2558_icon.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Button_9\images\2553_icon.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\toolbar.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\toolbar.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Updater\Updater.xml

c:\documents and settings\Sebastian F de'Campo\Application Data\alot\Updater\Updater.xml.backup

c:\program files\smicr\_INSTALL.exe

c:\windows\msa.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))

.

2009-08-30 22:52 . 2009-08-30 22:52 0 ----a-w- c:\windows\nsreg.dat

2009-08-30 22:34 . 2009-08-30 22:34 -------- d-----w- c:\program files\Trend Micro

2009-08-30 22:16 . 2009-08-31 17:09 12306464 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-30 22:16 . 2009-08-30 22:16 -------- d-----w- c:\program files\Virus Removal Tool

2009-08-30 22:16 . 2008-07-08 21:54 148496 ----a-w- c:\windows\system32\drivers\34321433.sys

2009-08-30 20:53 . 2009-08-30 20:53 -------- d--h--w- c:\windows\PIF

2009-08-30 20:52 . 2009-08-30 20:52 -------- d-----w- c:\documents and settings\Nora de'Campo\Application Data\StarOffice8

2009-08-30 20:41 . 2009-08-30 20:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-08-30 20:41 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-30 20:41 . 2009-08-30 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-30 20:41 . 2009-08-30 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-30 20:41 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-30 20:13 . 2009-08-30 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate

2009-08-30 20:13 . 2009-08-30 20:13 1726976 ----a-w- c:\program files\HP Update.msi

2009-08-30 20:13 . 2009-08-30 20:13 -------- d-----w- c:\windows\Hewlett-Packard

2009-08-27 21:01 . 2009-08-27 21:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

2009-08-24 02:02 . 2009-08-24 02:02 -------- d-----w- c:\documents and settings\Sebastian F de'Campo\Local Settings\Application Data\Mozilla

2009-08-22 07:17 . 2009-08-22 07:17 -------- d-----w- c:\documents and settings\Nora de'Campo\Application Data\Apple Computer

2009-08-22 07:16 . 2009-08-22 07:16 -------- d-----w- c:\documents and settings\Nora de'Campo\Local Settings\Application Data\Mozilla

2009-08-21 05:03 . 2009-08-21 05:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2009-08-21 01:43 . 2009-08-21 01:43 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe

2009-08-21 01:39 . 2009-08-21 01:39 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache

2009-08-20 16:00 . 2009-08-20 16:00 129984 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-19 17:44 . 2009-08-19 17:44 -------- d-----w- c:\documents and settings\Paloma N. de'Campo\Local Settings\Application Data\Unity

2009-08-12 16:19 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 01:05 . 2009-08-02 01:05 -------- d-sh--w- c:\documents and settings\Nora de'Campo\IECompatCache

2009-08-02 01:03 . 2009-08-02 01:03 -------- d-sh--w- c:\documents and settings\Nora de'Campo\PrivacIE

2009-08-02 01:02 . 2009-08-02 01:02 -------- d-sh--w- c:\documents and settings\Nora de'Campo\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-31 17:06 . 2009-08-30 22:16 139784 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-31 17:04 . 2008-11-11 02:17 -------- d-----w- c:\program files\smicr

2009-08-30 22:45 . 2009-07-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-08-30 21:15 . 2009-08-30 21:15 465298 ----a-w- c:\program files\RootRepeal.rar

2009-08-30 20:50 . 2008-10-12 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-30 20:47 . 2008-10-12 22:15 -------- d-----w- c:\program files\Spyware Doctor

2009-08-30 20:32 . 2008-10-12 22:15 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys

2009-08-30 20:32 . 2008-10-12 22:15 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys

2009-08-30 20:32 . 2008-10-12 22:15 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys

2009-08-27 17:30 . 2009-07-17 17:59 -------- d-----w- c:\documents and settings\Paloma N. de'Campo\Application Data\Apple Computer

2009-08-23 16:19 . 2009-01-31 01:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-23 16:19 . 2008-09-29 19:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-23 16:19 . 2008-09-29 19:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-21 16:05 . 2009-07-17 19:11 -------- d-----w- c:\documents and settings\Sebastian F de'Campo\Application Data\Apple Computer

2009-08-21 01:51 . 2009-07-03 03:23 -------- d-----w- c:\program files\Safari

2009-08-20 16:00 . 2009-05-20 05:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2009-08-20 01:00 . 2009-07-25 01:13 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-13 10:02 . 2008-09-29 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-05 09:01 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 19:19 . 2009-04-30 19:41 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-23 17:35 . 2009-07-23 17:35 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe

2009-07-23 17:35 . 2009-07-23 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2009-07-23 15:47 . 2009-07-23 15:47 -------- d-----w- c:\documents and settings\Sebastian F de'Campo\Application Data\LEGO Company

2009-07-23 15:47 . 2009-07-23 15:47 -------- d-----w- c:\program files\LEGO Company

2009-07-22 00:51 . 2009-07-22 00:48 -------- d-----w- c:\program files\Sony Online Entertainment

2009-07-20 21:12 . 2009-07-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-07-20 21:12 . 2009-07-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-07-17 19:01 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2004-08-04 01:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:22 . 2009-05-20 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-07-03 17:09 . 2004-08-04 01:07 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-03 03:21 . 2009-07-03 03:21 -------- d-----w- c:\program files\iTunes

2009-07-03 03:21 . 2009-07-03 03:21 -------- d-----w- c:\program files\iPod

2009-07-03 03:21 . 2009-05-20 05:24 -------- d-----w- c:\program files\Common Files\Apple

2009-07-03 03:20 . 2009-07-03 03:19 -------- d-----w- c:\program files\QuickTime

2009-07-03 03:16 . 2009-07-03 03:16 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-25 08:25 . 2004-08-04 01:07 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 01:07 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 01:07 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 01:07 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 01:07 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 01:07 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 01:07 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 01:07 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 01:07 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2008-09-29 17:55 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2004-08-04 01:07 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 18:42 . 2009-05-20 05:24 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-05 18:42 . 2009-05-20 05:24 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-03 19:09 . 2004-08-04 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-11-11 02:26 . 2008-11-11 02:26 3323192 ----a-w- c:\program files\cps2000.exe

2008-11-11 02:17 . 2008-11-11 02:17 5189184 ----a-w- c:\program files\smicr.zip

2008-10-12 23:33 . 2008-10-12 23:31 326424832 ----a-w- c:\program files\HPOJProL7X00_Full_8_3.exe

2008-10-12 22:10 . 2008-10-12 22:10 1109392 ----a-w- c:\program files\Google_Updater.exe

2008-10-12 22:06 . 2008-10-12 22:06 1990640 ----a-w- c:\program files\GoogleDesktopSetup.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-12 30192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-19 77824]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

c:\documents and settings\Nora de'Campo\Start Menu\Programs\Startup\

is-U3G61.lnk - c:\program files\Virus Removal Tool\is-U3G61\startup.exe [2009-8-30 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-23 16:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk

backup=c:\windows\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\WINDOWS\\system32\\dllhost.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/29/2008 12:58 PM 335240]

R1 is-U3G61drv;is-U3G61drv;c:\windows\system32\drivers\34321433.sys [8/30/2009 3:16 PM 148496]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 6:01 PM 297752]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [9/29/2008 11:07 AM 964352]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/12/2008 3:06 PM 30192]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/12/2008 3:15 PM 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Nora de'Campo\Application Data\Mozilla\Firefox\Profiles\lv2k6fjq.default\

FF - plugin: c:\progra~1\SONYON~1\npsoe.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-31 10:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(588)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(2220)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\iTunes\iTunes.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileSync.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\gconsync.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncUIHandler.exe

.

**************************************************************************

.

Completion time: 2009-08-31 10:12 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-31 17:12

Pre-Run: 329,243,471,872 bytes free

Post-Run: 331,019,915,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

385 --- E O F --- 2009-08-30 20:09

Link to post
Share on other sites

  • Staff

Hi,

Please do the following...

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

Suspect::[8]

c:\windows\system32\drivers\34321433.sys

c:\program files\Virus Removal Tool\is-U3G61\startup.exe

Dirlook::

c:\program files\Virus Removal Tool

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again.

Then, please visit this site:

http://www.bleepingcomputer.com/submit-malware.php?channel=8

Where it says: "Browse to the file you want to submit", use the Browse button to navigate to the following file: C:\Qoobox\Quarantine\[8]-Submit_date_time.zip (date_time will be replaced with the date and time when this file was created)

Then click the "Send File" button below in order to upload it.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

OK, here are the results of the CFScript load into ComboFix, text:

ComboFix 09-08-30.04 - Nora de'Campo 08/31/2009 10:34.2.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2235 [GMT -7:00]

Running from: c:\documents and settings\Nora de'Campo\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Nora de'Campo\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\windows\system32\drivers\34321433.sys

.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))

.

2009-08-30 22:52 . 2009-08-30 22:52 0 ----a-w- c:\windows\nsreg.dat

2009-08-30 22:34 . 2009-08-30 22:34 -------- d-----w- c:\program files\Trend Micro

2009-08-30 22:16 . 2009-08-31 17:38 14776352 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-30 22:16 . 2009-08-30 22:16 -------- d-----w- c:\program files\Virus Removal Tool

2009-08-30 22:16 . 2008-07-08 21:54 148496 ----a-w- c:\windows\system32\drivers\34321433.sys

2009-08-30 20:53 . 2009-08-30 20:53 -------- d--h--w- c:\windows\PIF

2009-08-30 20:52 . 2009-08-30 20:52 -------- d-----w- c:\documents and settings\Nora de'Campo\Application Data\StarOffice8

2009-08-30 20:41 . 2009-08-30 20:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-08-30 20:41 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-30 20:41 . 2009-08-30 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-30 20:41 . 2009-08-30 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-30 20:41 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-30 20:13 . 2009-08-30 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate

2009-08-30 20:13 . 2009-08-30 20:13 1726976 ----a-w- c:\program files\HP Update.msi

2009-08-30 20:13 . 2009-08-30 20:13 -------- d-----w- c:\windows\Hewlett-Packard

2009-08-27 21:01 . 2009-08-27 21:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

2009-08-24 02:02 . 2009-08-24 02:02 -------- d-----w- c:\documents and settings\Sebastian F de'Campo\Local Settings\Application Data\Mozilla

2009-08-22 07:17 . 2009-08-22 07:17 -------- d-----w- c:\documents and settings\Nora de'Campo\Application Data\Apple Computer

2009-08-22 07:16 . 2009-08-22 07:16 -------- d-----w- c:\documents and settings\Nora de'Campo\Local Settings\Application Data\Mozilla

2009-08-21 05:03 . 2009-08-21 05:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2009-08-21 01:43 . 2009-08-21 01:43 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe

2009-08-21 01:39 . 2009-08-21 01:39 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache

2009-08-20 16:00 . 2009-08-20 16:00 129984 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-19 17:44 . 2009-08-19 17:44 -------- d-----w- c:\documents and settings\Paloma N. de'Campo\Local Settings\Application Data\Unity

2009-08-12 16:19 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-02 01:05 . 2009-08-02 01:05 -------- d-sh--w- c:\documents and settings\Nora de'Campo\IECompatCache

2009-08-02 01:03 . 2009-08-02 01:03 -------- d-sh--w- c:\documents and settings\Nora de'Campo\PrivacIE

2009-08-02 01:02 . 2009-08-02 01:02 -------- d-sh--w- c:\documents and settings\Nora de'Campo\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-31 17:06 . 2009-08-30 22:16 139784 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-31 17:04 . 2008-11-11 02:17 -------- d-----w- c:\program files\smicr

2009-08-30 22:45 . 2009-07-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-08-30 21:15 . 2009-08-30 21:15 465298 ----a-w- c:\program files\RootRepeal.rar

2009-08-30 20:50 . 2008-10-12 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-30 20:47 . 2008-10-12 22:15 -------- d-----w- c:\program files\Spyware Doctor

2009-08-30 20:32 . 2008-10-12 22:15 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys

2009-08-30 20:32 . 2008-10-12 22:15 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys

2009-08-30 20:32 . 2008-10-12 22:15 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys

2009-08-27 17:30 . 2009-07-17 17:59 -------- d-----w- c:\documents and settings\Paloma N. de'Campo\Application Data\Apple Computer

2009-08-23 16:19 . 2009-01-31 01:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-23 16:19 . 2008-09-29 19:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-23 16:19 . 2008-09-29 19:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-21 16:05 . 2009-07-17 19:11 -------- d-----w- c:\documents and settings\Sebastian F de'Campo\Application Data\Apple Computer

2009-08-21 01:51 . 2009-07-03 03:23 -------- d-----w- c:\program files\Safari

2009-08-20 16:00 . 2009-05-20 05:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2009-08-20 01:00 . 2009-07-25 01:13 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-13 10:02 . 2008-09-29 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-05 09:01 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 19:19 . 2009-04-30 19:41 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-23 17:35 . 2009-07-23 17:35 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe

2009-07-23 17:35 . 2009-07-23 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

2009-07-23 15:47 . 2009-07-23 15:47 -------- d-----w- c:\documents and settings\Sebastian F de'Campo\Application Data\LEGO Company

2009-07-23 15:47 . 2009-07-23 15:47 -------- d-----w- c:\program files\LEGO Company

2009-07-22 00:51 . 2009-07-22 00:48 -------- d-----w- c:\program files\Sony Online Entertainment

2009-07-20 21:12 . 2009-07-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-07-20 21:12 . 2009-07-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-07-17 19:01 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2004-08-04 01:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:22 . 2009-05-20 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-07-03 17:09 . 2004-08-04 01:07 915456 ------w- c:\windows\system32\wininet.dll

2009-07-03 03:21 . 2009-07-03 03:21 -------- d-----w- c:\program files\iTunes

2009-07-03 03:21 . 2009-07-03 03:21 -------- d-----w- c:\program files\iPod

2009-07-03 03:21 . 2009-05-20 05:24 -------- d-----w- c:\program files\Common Files\Apple

2009-07-03 03:20 . 2009-07-03 03:19 -------- d-----w- c:\program files\QuickTime

2009-07-03 03:16 . 2009-07-03 03:16 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-25 08:25 . 2004-08-04 01:07 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 01:07 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 01:07 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 01:07 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 01:07 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 01:07 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 01:07 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 01:07 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 01:07 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2008-09-29 17:55 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2004-08-04 01:07 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 18:42 . 2009-05-20 05:24 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-05 18:42 . 2009-05-20 05:24 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-03 19:09 . 2004-08-04 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-11-11 02:26 . 2008-11-11 02:26 3323192 ----a-w- c:\program files\cps2000.exe

2008-11-11 02:17 . 2008-11-11 02:17 5189184 ----a-w- c:\program files\smicr.zip

2008-10-12 23:33 . 2008-10-12 23:31 326424832 ----a-w- c:\program files\HPOJProL7X00_Full_8_3.exe

2008-10-12 22:10 . 2008-10-12 22:10 1109392 ----a-w- c:\program files\Google_Updater.exe

2008-10-12 22:06 . 2008-10-12 22:06 1990640 ----a-w- c:\program files\GoogleDesktopSetup.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\program files\Virus Removal Tool ----

2009-08-30 22:19 . 2009-08-30 22:19 1129 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\data\BTImages.dat

2009-08-30 22:17 . 2009-08-30 22:19 724957 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\report\0003_Scan_Objects_eventlog.rpt

2009-08-30 22:17 . 2009-08-30 22:19 84 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\data\sfdb.dat

2009-08-30 22:16 . 2009-08-30 22:17 80 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\report\detected.idx

2009-08-30 22:16 . 2009-08-30 22:17 80 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\report\detected.rpt

2009-08-30 22:16 . 2009-08-30 22:19 7016 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\report\report.rpt

2009-08-30 22:16 . 2009-08-30 22:16 132 ----a-w- c:\program files\Virus Removal Tool\Log.bat

2009-08-30 22:16 . 2009-08-30 22:16 588 ----a-w- c:\program files\Virus Removal Tool\Script.bat

2009-08-30 22:16 . 2009-08-30 22:16 126 ----a-w- c:\program files\Virus Removal Tool\Scan.bat

2009-08-30 22:16 . 2009-08-30 22:16 1910 ----a-w- c:\program files\Virus Removal Tool\Start.lnk

2009-08-30 22:16 . 2009-08-31 07:34 1590 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\sysipu.avz

2009-08-30 22:16 . 2009-08-31 07:34 4570 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\tsw.avz

2009-08-30 22:16 . 2008-10-14 21:41 4184 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\verdicts.ini

2009-08-30 22:16 . 2009-08-31 07:34 5805 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\sr.avz

2009-08-30 22:16 . 2009-08-31 07:34 7701 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\srdb.avz

2009-08-30 22:16 . 2008-03-25 21:42 7664 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\startup.ini

2009-08-30 22:16 . 2009-08-31 07:34 24179 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\syscheck.avz

2009-08-30 22:16 . 2009-08-31 07:34 32523 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signf004.avz

2009-08-30 22:16 . 2009-08-31 07:34 26384 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signf005.avz

2009-08-30 22:16 . 2008-11-12 21:34 1707 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signfavp.avz

2009-08-30 22:16 . 2009-08-31 07:34 35668 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signfusr.avz

2009-08-30 22:16 . 2009-08-31 07:34 50699 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signf002.avz

2009-08-30 22:16 . 2009-08-31 07:34 39105 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signf003.avz

2009-08-30 22:16 . 2009-08-31 07:34 4060 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\ports.avz

2009-08-30 22:16 . 2009-08-31 07:34 2041 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\prt.avz

2009-08-30 22:16 . 2009-08-31 07:34 6907 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\repair.avz

2009-08-30 22:16 . 2009-08-31 07:34 2345 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\rootkit.avz

2009-08-30 22:16 . 2009-08-31 07:34 1005 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\scripts.avz

2009-08-30 22:16 . 2009-08-31 07:34 162533 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\signf001.avz

2009-08-30 22:16 . 2009-08-31 07:34 7499 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\neural.avz

2009-08-30 22:16 . 2009-08-31 07:34 335 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\neurald.avz

2009-08-30 22:16 . 2009-08-31 07:34 804 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\neurale.avz

2009-08-30 22:16 . 2009-08-31 07:34 3748 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\neuralm.avz

2009-08-30 22:16 . 2009-08-31 07:33 37139520 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\megabase.avc

2009-08-30 22:16 . 2008-08-12 22:03 61804 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\klavemu.kfb

2009-08-30 22:16 . 2009-08-31 07:34 14849 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\krnldrv.avz

2009-08-30 22:16 . 2009-08-31 07:34 836 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\backup.avz

2009-08-30 22:16 . 2009-08-31 07:34 2193 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\bt.avz

2009-08-30 22:16 . 2005-08-30 22:47 12023 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\engine.dt

2009-08-30 22:16 . 2009-08-31 07:34 506 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\keylogger.avz

2009-08-30 22:16 . 2008-03-21 23:57 635904 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\klavemu.kdl

2009-08-30 22:16 . 2007-06-13 22:33 78 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bases\avp_x.set

2009-08-30 22:16 . 2008-11-12 21:25 29946 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\service.loc

2009-08-30 22:16 . 2008-11-12 21:25 9696 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\settings.loc

2009-08-30 22:16 . 2008-11-12 21:25 3874 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\iso3166-1.loc

2009-08-30 22:16 . 2008-11-12 21:25 23149 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\main.loc

2009-08-30 22:16 . 2008-11-12 21:25 4067 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\oas.loc

2009-08-30 22:16 . 2008-11-12 21:25 17210 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\prot.loc

2009-08-30 22:16 . 2008-11-12 21:25 12032 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\report.loc

2009-08-30 22:16 . 2008-11-12 21:25 16784 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\scan.loc

2009-08-30 22:16 . 2008-11-12 21:25 2969 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\avz.loc

2009-08-30 22:16 . 2008-11-12 21:25 65455 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\avzkrnl.loc

2009-08-30 22:16 . 2008-11-12 21:25 9424 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\credits.loc

2009-08-30 22:16 . 2008-11-12 21:25 36754 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\en\hints.loc

2009-08-30 22:16 . 2008-11-12 21:25 9996 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\sounds\Infected.wav

2009-08-30 22:16 . 2008-11-12 21:25 22736 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\settings.ini

2009-08-30 22:16 . 2008-11-12 21:25 23959 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\main.ini

2009-08-30 22:16 . 2008-11-12 21:25 7907 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\oas.ini

2009-08-30 22:16 . 2008-11-12 21:25 26243 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\prot.ini

2009-08-30 22:16 . 2008-11-12 21:25 13961 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\report.ini

2009-08-30 22:16 . 2008-11-12 21:25 16316 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\scan.ini

2009-08-30 22:16 . 2008-11-12 21:25 54308 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\service.ini

2009-08-30 22:16 . 2008-11-12 21:25 1897 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\updater32.png

2009-08-30 22:16 . 2008-11-12 21:25 6383 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\updaterX.png

2009-08-30 22:16 . 2008-11-12 21:25 3044 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\web32.png

2009-08-30 22:16 . 2008-11-12 21:25 7365 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\webX.png

2009-08-30 22:16 . 2008-11-12 21:25 2447 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\layout\avz.ini

2009-08-30 22:16 . 2008-11-12 21:25 7370 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\support.png

2009-08-30 22:16 . 2008-11-12 21:25 2990 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\support32.png

2009-08-30 22:16 . 2008-11-12 21:25 2519 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\scan32.png

2009-08-30 22:16 . 2008-11-12 21:25 206447 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\scanX.png

2009-08-30 22:16 . 2008-11-12 21:25 5954 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\protection.png

2009-08-30 22:16 . 2008-11-12 21:25 2209 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\file32.png

2009-08-30 22:16 . 2008-11-12 21:25 6983 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\fileX.png

2009-08-30 22:16 . 2008-11-12 21:25 2542 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\mail32.png

2009-08-30 22:16 . 2008-11-12 21:25 6982 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\mailX.png

2009-08-30 22:16 . 2008-11-12 21:25 2795 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\pdm32.png

2009-08-30 22:16 . 2008-11-12 21:25 6665 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\pdmX.png

2009-08-30 22:16 . 2008-11-12 21:25 2490 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\prot32.png

2009-08-30 22:16 . 2008-11-12 21:25 6314 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\antispamX.png

2009-08-30 22:16 . 2008-11-12 21:25 1899 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\antispy32.png

2009-08-30 22:16 . 2008-11-12 21:25 7705 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\antispyX.png

2009-08-30 22:16 . 2008-11-12 21:25 5155 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\datafiles.png

2009-08-30 22:16 . 2008-11-12 21:25 2044 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\datafiles32.png

2009-08-30 22:16 . 2008-11-12 21:25 2461 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\antispam32.png

2009-08-30 22:16 . 2008-11-12 21:25 3103 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\antihacker32.png

2009-08-30 22:16 . 2008-11-12 21:25 9724 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\tasks\antihackerX.png

2009-08-30 22:16 . 2008-11-12 21:25 2864 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\unlocked.png

2009-08-30 22:16 . 2008-11-12 21:25 4577 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\visa.png

2009-08-30 22:16 . 2008-11-12 21:25 3392 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\warning.png

2009-08-30 22:16 . 2008-11-12 21:25 4177 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\warning24.png

2009-08-30 22:16 . 2008-11-12 21:25 5101 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\warning32.png

2009-08-30 22:16 . 2008-11-12 21:25 2944 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\wizard.png

2009-08-30 22:16 . 2008-11-12 21:25 2626 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\stop.png

2009-08-30 22:16 . 2008-11-12 21:25 7727 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\taskbar.png

2009-08-30 22:16 . 2008-11-12 21:25 13073 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\title.png

2009-08-30 22:16 . 2008-11-12 21:25 3217 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\trusted.png

2009-08-30 22:16 . 2008-11-12 21:25 32990 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\t_hdr.bmp

2009-08-30 22:16 . 2008-11-12 21:25 32990 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\t_row.bmp

2009-08-30 22:16 . 2008-11-12 21:25 3083 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\unkobj.png

2009-08-30 22:16 . 2008-11-12 21:25 2365 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\Privacy.png

2009-08-30 22:16 . 2008-11-12 21:25 5796 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\rdisk.png

2009-08-30 22:16 . 2008-11-12 21:25 4462 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\regedit.png

2009-08-30 22:16 . 2008-11-12 21:25 958 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\regicons.ico

2009-08-30 22:16 . 2008-11-12 21:25 3428 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\run.png

2009-08-30 22:16 . 2008-11-12 21:25 1880 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\settings.png

2009-08-30 22:16 . 2008-11-12 21:25 3605 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\startupobj.png

2009-08-30 22:16 . 2008-11-12 21:25 3100 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\stealth.png

2009-08-30 22:16 . 2008-11-12 21:25 1936 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\Notify.png

2009-08-30 22:16 . 2008-11-12 21:25 2336 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\office.png

2009-08-30 22:16 . 2008-11-12 21:25 3443 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\ok.png

2009-08-30 22:16 . 2008-11-12 21:25 4208 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\ok24.png

2009-08-30 22:16 . 2008-11-12 21:25 4861 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\ok32.png

2009-08-30 22:16 . 2008-11-12 21:25 2244 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\password.png

2009-08-30 22:16 . 2008-11-12 21:25 2857 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\pause.png

2009-08-30 22:16 . 2008-11-12 21:25 2927 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\popup_allowed.png

2009-08-30 22:16 . 2008-11-12 21:25 2907 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\popup_blocked.png

2009-08-30 22:16 . 2008-11-12 21:25 3113 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\msg_bad.png

2009-08-30 22:16 . 2008-11-12 21:25 2992 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\msg_deleted.png

2009-08-30 22:16 . 2008-11-12 21:25 3076 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\msg_good.png

2009-08-30 22:16 . 2008-11-12 21:25 2995 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\msg_new.png

2009-08-30 22:16 . 2008-11-12 21:25 3022 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\msg_question.png

2009-08-30 22:16 . 2008-11-12 21:25 3078 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\navstate.png

2009-08-30 22:16 . 2008-11-12 21:25 1287 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\navstate2.png

2009-08-30 22:16 . 2008-11-12 21:25 3322 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\network.png

2009-08-30 22:16 . 2008-11-12 21:25 2859 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\nonrecursive.png

2009-08-30 22:16 . 2008-11-12 21:25 628 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\notepad.png

2009-08-30 22:16 . 2008-11-12 21:25 2863 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\locked.png

2009-08-30 22:16 . 2008-11-12 21:25 4913 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\logo.png

2009-08-30 22:16 . 2008-11-12 21:25 3076 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\mail.png

2009-08-30 22:16 . 2008-11-12 21:25 3177 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\mail_bad.png

2009-08-30 22:16 . 2008-11-12 21:25 2927 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\main_off16.png

2009-08-30 22:16 . 2008-11-12 21:25 3010 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\main_off32.png

2009-08-30 22:16 . 2008-11-12 21:25 2909 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\main_on16.png

2009-08-30 22:16 . 2008-11-12 21:25 2987 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\main_on32.png

2009-08-30 22:16 . 2008-11-12 21:25 3117 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\memory.png

2009-08-30 22:16 . 2008-11-12 21:25 2881 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_normal.png

2009-08-30 22:16 . 2008-11-12 21:25 2903 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_rshift.png

2009-08-30 22:16 . 2008-11-12 21:25 2891 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_slash.png

2009-08-30 22:16 . 2008-11-12 21:25 2926 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_space.png

2009-08-30 22:16 . 2008-11-12 21:25 2889 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_tab.png

2009-08-30 22:16 . 2008-11-12 21:25 3122 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\key.png

2009-08-30 22:16 . 2008-11-12 21:25 2530 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kl.png

2009-08-30 22:16 . 2008-11-12 21:25 3206 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\local.png

2009-08-30 22:16 . 2008-11-12 21:25 2892 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\lockbutton.png

2009-08-30 22:16 . 2008-11-12 21:25 6962 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kav2006.png

2009-08-30 22:16 . 2008-11-12 21:25 10011 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kav2006rus.png

2009-08-30 22:16 . 2008-11-12 21:25 4771 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kav_en.png

2009-08-30 22:16 . 2008-11-12 21:25 4749 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kav_ru.png

2009-08-30 22:16 . 2008-11-12 21:25 2963 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_bs.png

2009-08-30 22:16 . 2008-11-12 21:25 2892 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_caps.png

2009-08-30 22:16 . 2008-11-12 21:25 2885 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_ctrl.png

2009-08-30 22:16 . 2008-11-12 21:25 2892 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_enter.png

2009-08-30 22:16 . 2008-11-12 21:25 2891 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\kbdbtn_lshift.png

2009-08-30 22:16 . 2008-11-12 21:25 2272 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\i32.png

2009-08-30 22:16 . 2008-11-12 21:25 2919 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\ids.png

2009-08-30 22:16 . 2008-11-12 21:25 2834 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\ie.png

2009-08-30 22:16 . 2008-11-12 21:25 3448 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\info.png

2009-08-30 22:16 . 2008-11-12 21:25 2617 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\integrity.png

2009-08-30 22:16 . 2008-11-12 21:25 3339 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\internet.png

2009-08-30 22:16 . 2008-11-12 21:25 3643 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\internet16.png

2009-08-30 22:16 . 2008-11-12 21:25 1636 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\intranet.png

2009-08-30 22:16 . 2008-11-12 21:25 3389 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\error.png

2009-08-30 22:16 . 2008-11-12 21:25 966 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\expand.png

2009-08-30 22:16 . 2008-11-12 21:25 3307 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\floppy.png

2009-08-30 22:16 . 2008-11-12 21:25 3026 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\Goodmail.png

2009-08-30 22:16 . 2008-11-12 21:25 2876 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\gripper.png

2009-08-30 22:16 . 2008-11-12 21:25 1861 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\help.png

2009-08-30 22:16 . 2008-11-12 21:25 1205 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\help16.png

2009-08-30 22:16 . 2008-11-12 21:25 1165 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\i16.png

2009-08-30 22:16 . 2008-11-12 21:25 4357 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\i24.png

2009-08-30 22:16 . 2008-11-12 21:25 1646 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\battery.png

2009-08-30 22:16 . 2008-11-12 21:25 3442 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\bootsect.png

2009-08-30 22:16 . 2008-11-12 21:25 1027 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\collapse.png

2009-08-30 22:16 . 2008-11-12 21:25 4068 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\danger24.png

2009-08-30 22:16 . 2008-11-12 21:25 4660 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\danger32.png

2009-08-30 22:16 . 2008-11-12 21:25 2980 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\dialer.png

2009-08-30 22:16 . 2008-11-12 21:25 1024 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\disk.png

2009-08-30 22:16 . 2008-11-12 21:25 2646 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\display.png

2009-08-30 22:16 . 2008-11-12 21:25 2976 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\badmail.png

2009-08-30 22:16 . 2008-11-12 21:25 1325 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\banner.gif

2009-08-30 22:16 . 2008-11-12 21:25 2303 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\Banner.png

2009-08-30 22:16 . 2008-11-12 21:25 3482 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\prot.loc

2009-08-30 22:16 . 2008-11-12 21:25 2237 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\activity.png

2009-08-30 22:16 . 2008-11-12 21:25 3771 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\application.png

2009-08-30 22:16 . 2008-11-12 21:25 4160 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\Arrow.png

2009-08-30 22:16 . 2008-11-12 21:25 130764 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\images\background.png

2009-08-30 22:16 . 2007-05-20 05:31 25088 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\winreg.ppl

2009-08-30 22:16 . 2008-11-12 21:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\xorio.ppl

2009-08-30 22:16 . 2007-05-20 05:32 5120 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\zcompare.ppl

2009-08-30 22:16 . 2008-11-12 21:25 76475 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\enums.loc

2009-08-30 22:16 . 2008-11-12 21:25 9180 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\skin\skin.ini

2009-08-30 22:16 . 2007-05-20 05:32 9216 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\unarj.ppl

2009-08-30 22:16 . 2007-05-20 05:32 15872 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\uniarc.ppl

2009-08-30 22:16 . 2007-05-20 05:32 10240 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\unlzx.ppl

2009-08-30 22:16 . 2007-05-20 05:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\unreduce.ppl

2009-08-30 22:16 . 2007-05-20 05:32 6144 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\unshrink.ppl

2009-08-30 22:16 . 2007-05-20 05:32 6144 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\unstored.ppl

2009-08-30 22:16 . 2007-05-20 05:32 11264 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\vmarea.ppl

2009-08-30 22:16 . 2007-05-20 05:32 35840 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\wdiskio.ppl

2009-08-30 22:16 . 2007-05-20 05:31 6144 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\superio.ppl

2009-08-30 22:16 . 2007-05-20 05:31 9728 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\tempfile.ppl

2009-08-30 22:16 . 2007-05-20 05:31 19968 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\thpimpl.ppl

2009-08-30 22:16 . 2007-05-20 05:31 12288 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\timer.ppl

2009-08-30 22:16 . 2007-05-20 05:31 139264 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\tm.ppl

2009-08-30 22:16 . 2007-05-20 05:31 5120 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\stdcomp.ppl

2009-08-30 22:16 . 2008-11-12 21:33 114688 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\stenum2.ppl

2009-08-30 22:16 . 2007-05-20 05:32 5632 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\stored.ppl

2009-08-30 22:16 . 2007-05-20 05:32 86016 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\reggrd.ppl

2009-08-30 22:16 . 2007-05-20 05:32 10752 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\regmap.ppl

2009-08-30 22:16 . 2007-05-20 05:31 18432 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\report.ppl

2009-08-30 22:16 . 2007-05-20 05:31 22016 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\resip.ppl

2009-08-30 22:16 . 2007-05-20 05:31 30720 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\sfdb.ppl

2009-08-30 22:16 . 2007-05-20 05:32 16896 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\prutil.ppl

2009-08-30 22:16 . 2007-05-20 05:31 23040 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\pxstub.ppl

2009-08-30 22:16 . 2007-05-20 05:31 40960 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\qb.ppl

2009-08-30 22:16 . 2007-05-20 05:32 98304 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\rar.ppl

2009-08-30 22:16 . 2008-11-12 21:32 65536 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\procmon.ppl

2009-08-30 22:16 . 2007-05-20 05:31 10240 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\prseqio.ppl

2009-08-30 22:16 . 2007-05-20 05:32 222208 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\pdm2rt.ppl

2009-08-30 22:16 . 2007-05-20 05:31 147456 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\prkernel.ppl

2009-08-30 22:16 . 2007-05-20 05:31 9216 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\passdmap.ppl

2009-08-30 22:16 . 2007-05-20 05:31 331776 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\pdm.ppl

2009-08-30 22:16 . 2008-11-12 21:29 450560 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\params.ppl

2009-08-30 22:16 . 2007-05-20 05:31 86016 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\nfio.ppl

2009-08-30 22:16 . 2007-05-20 05:33 16384 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\ntfsstrm.ppl

2009-08-30 22:16 . 2008-11-12 21:33 102400 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\ods.ppl

2009-08-30 22:16 . 2007-05-20 05:33 6656 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\mdmap.ppl

2009-08-30 22:16 . 2008-11-12 21:33 23552 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\memmodsc.ppl

2009-08-30 22:16 . 2008-11-12 21:33 17920 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\memscan.ppl

2009-08-30 22:16 . 2007-05-20 05:32 18944 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\minizip.ppl

2009-08-30 22:16 . 2007-05-20 05:33 27648 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\mkavio.ppl

2009-08-30 22:16 . 2007-05-20 05:33 69632 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\msoe.ppl

2009-08-30 22:16 . 2007-05-20 05:33 12800 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\ichk2.ppl

2009-08-30 22:16 . 2007-05-20 05:30 18432 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\inflate.ppl

2009-08-30 22:16 . 2007-05-20 05:34 15360 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\inifile.ppl

2009-08-30 22:16 . 2007-05-20 05:31 10240 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\iwgen.ppl

2009-08-30 22:16 . 2007-05-20 05:32 25088 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\lha.ppl

2009-08-30 22:16 . 2007-05-20 05:34 8192 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\l_llio.ppl

2009-08-30 22:16 . 2007-05-20 05:33 26624 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\mailmsg.ppl

2009-08-30 22:16 . 2007-05-20 05:32 49664 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\dtreg.ppl

2009-08-30 22:16 . 2007-05-20 05:34 9728 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\explode.ppl

2009-08-30 22:16 . 2007-05-20 05:32 13312 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\filemap.ppl

2009-08-30 22:16 . 2007-05-20 05:34 18944 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\fsdrvplg.ppl

2009-08-30 22:16 . 2007-05-20 05:34 5632 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\hashcont.ppl

2009-08-30 22:16 . 2007-05-20 05:33 8192 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\hashmd5.ppl

2009-08-30 22:16 . 2007-05-20 05:33 5120 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\hccmp.ppl

2009-08-30 22:16 . 2007-05-20 05:32 15872 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\btdisk.ppl

2009-08-30 22:16 . 2007-05-20 05:32 14848 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\btimages.ppl

2009-08-30 22:16 . 2007-05-20 05:32 5632 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\buffer.ppl

2009-08-30 22:16 . 2007-05-20 05:32 15872 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\cab.ppl

2009-08-30 22:16 . 2007-05-20 05:30 31232 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\crpthlpr.ppl

2009-08-30 22:16 . 2007-05-20 05:32 17408 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\deflate.ppl

2009-08-30 22:16 . 2007-05-20 05:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\dmap.ppl

2009-08-30 22:16 . 2008-11-12 21:32 196608 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\bl.ppl

2009-08-30 22:16 . 2007-05-20 05:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\base64p.ppl

2009-08-30 22:16 . 2008-11-12 21:30 733184 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\basegui.ppl

2009-08-30 22:16 . 2007-05-20 05:32 159808 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avs.ppl

2009-08-30 22:16 . 2007-05-20 05:31 19456 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avspm.ppl

2009-08-30 22:16 . 2007-05-20 05:32 6656 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\base64.ppl

2009-08-30 22:16 . 2007-05-20 05:32 40448 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avpmgr.ppl

2009-08-30 22:16 . 2007-05-20 05:32 16896 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avp3info.ppl

2009-08-30 22:16 . 2007-05-20 05:32 98304 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avpgs.ppl

2009-08-30 22:16 . 2008-11-12 21:32 802816 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avpgui.ppl

2009-08-30 22:16 . 2007-05-20 05:32 12288 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\arjpack.ppl

2009-08-30 22:16 . 2007-05-20 05:32 11776 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avlib.ppl

2009-08-30 22:16 . 2008-11-12 21:29 135168 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avp1.ppl

2009-08-30 22:16 . 2007-05-20 05:32 17408 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\arj.ppl

2009-08-30 22:16 . 2008-11-12 21:32 71168 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\advdis.ppl

2009-08-30 22:16 . 2008-11-12 21:32 13824 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avzproxy.ppl

2009-08-30 22:16 . 2008-11-12 21:29 65536 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avzscan.ppl

2009-08-30 22:16 . 2007-05-20 05:37 22544 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\scmhlpr.dll

2009-08-30 22:16 . 2008-11-12 21:32 94208 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\prremote.dll

2009-08-30 22:16 . 2007-05-20 05:37 284176 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\prloader.dll

2009-08-30 22:16 . 2008-11-12 21:27 9216 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\kldirobj.dll

2009-08-30 22:16 . 2008-11-12 21:27 28160 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\klipc.dll

2009-08-30 22:16 . 2007-05-20 05:37 12304 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\Avp_io32.dll

2009-08-30 22:16 . 2007-05-20 05:37 15888 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avp_iont.dll

2009-08-30 22:16 . 2008-11-12 21:29 28672 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\fssync.dll

2009-08-30 22:16 . 2007-05-20 05:37 108048 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\getsi.dll

2009-08-30 22:16 . 2008-11-12 21:33 2014720 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avzkrnl.dll

2009-08-30 22:16 . 2008-11-12 21:33 65536 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\startup.exe

2009-08-30 22:16 . 2008-11-12 21:32 217088 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\is-U3G61.exe

2009-08-30 22:16 . 2007-05-20 05:34 12800 ----a-w- c:\program files\Virus Removal Tool\install.tmp

2009-08-30 22:16 . 2009-08-30 22:19 13465 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\avp.dt

2009-08-30 22:16 . 2007-05-20 05:34 12800 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\is-U3G61.com

2009-08-30 22:16 . 2008-11-12 21:24 18 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\is-U3G61.cfg

2009-08-30 22:16 . 2008-07-08 21:54 148496 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\drivers\34321433.sys

2009-08-30 22:16 . 2007-02-21 02:46 6144 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\drivers\drvins32.exe

2009-08-30 22:16 . 2008-07-08 21:54 7575 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\drivers\34321433.cat

2009-08-30 22:16 . 2009-08-30 22:16 3580 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\drivers\34321433.inf

2009-08-30 22:16 . 2008-11-12 21:27 11264 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\minst.exe

2009-08-30 22:16 . 2007-05-20 05:25 626688 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\msvcr80.dll

2009-08-30 22:16 . 2007-05-20 05:25 548864 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\msvcp80.dll

2009-08-30 22:16 . 2007-05-20 05:25 522 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\Microsoft.VC80.CRT.manifest

2009-08-30 22:16 . 2007-05-20 05:25 479232 ----a-w- c:\program files\Virus Removal Tool\is-U3G61\msvcm80.dll

2009-08-30 22:16 . 2009-08-30 22:16 51007 ----a-w- c:\program files\Virus Removal Tool\unins000.dat

2009-08-30 22:16 . 2009-08-30 22:16 682266 ----a-w- c:\program files\Virus Removal Tool\unins000.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-12 30192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-19 77824]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

c:\documents and settings\Nora de'Campo\Start Menu\Programs\Startup\

is-U3G61.lnk - c:\program files\Virus Removal Tool\is-U3G61\startup.exe [2009-8-30 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-23 16:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk

backup=c:\windows\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\WINDOWS\\system32\\dllhost.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/29/2008 12:58 PM 335240]

R1 is-U3G61drv;is-U3G61drv;c:\windows\system32\drivers\34321433.sys [8/30/2009 3:16 PM 148496]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 6:01 PM 297752]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [9/29/2008 11:07 AM 964352]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/12/2008 3:06 PM 30192]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/12/2008 3:15 PM 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Nora de'Campo\Application Data\Mozilla\Firefox\Profiles\lv2k6fjq.default\

FF - plugin: c:\progra~1\SONYON~1\npsoe.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-31 10:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\NORADE~1\LOCALS~1\Temp\Perflib_Perfdata_850.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1208)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(212)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-08-31 10:39

ComboFix-quarantined-files.txt 2009-08-31 17:39

ComboFix2.txt 2009-08-31 17:12

Pre-Run: 331,055,996,928 bytes free

Post-Run: 331,024,367,616 bytes free

573 --- E O F --- 2009-08-30 20:09

Upload was successful

Link to post
Share on other sites

  • Staff

Hi,

This Virus Removal Tool looks indeed to be a part of Kaspersky. The driver you submitted is also signed by Kaspersky lab.

Anyway, this pc looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then, please download and run Combofix on the other computer as well :angry:

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Good stuff, will check out this stuff immediately! Best to you Mieke! BTW, are you in Belgium or in Chicago?

TAke care!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.