password.stealer

Here are the OTL scans

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2009/11/17 22:45:06 | 00,056,376 | ---- | M] () -- C:\Windows\System32\drivers\_AGP440.sys_.vir
[2009/11/13 14:42:38 | 00,002,225 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-K2V7U.lnk
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-K2V7U.lnk = C:\Users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\startup.exe ()
O18 - Protocol\Handler\msdaipp - No CLSID value found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OTL file attached:

Very good.
See, if Combofix will run now.

The link to the renamed combofix is no longer available, should we just download the regular combofix from before?

Try HERE

Combofix not running. Stuck in initial scan mode.

If it's for longer than 30 minutes, stop it and try Safe Mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:52 PM, on 11/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11117 bytes

ComboFix 09-11-23.02 - Michael 11/28/2009 16:23.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2518 [GMT -5:00]
Running from: c:\users\Michael\Desktop\3c786fgt5.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-K2V7U.lnk"
"c:\windows\system32\drivers\_AGP440.sys_.vir"
"c:\windows\system32\drivers\00809203.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\install.tmp
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\advdis.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\arj.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\arjpack.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avlib.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp.dt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\Avp_io32.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp_iont.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp1.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avp3info.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avpgs.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avpgui.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avpmgr.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avs.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avspm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avzkrnl.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avzproxy.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\avzscan.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\base64.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\base64p.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\basegui.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\avp_x.set
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\backup.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\bt.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\engine.dt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\keylogger.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\klavemu.kdl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\klavemu.kfb
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\krnldrv.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\megabase.avc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neural.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neurald.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neurale.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\neuralm.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\ports.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\prt.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\repair.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\rootkit.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\scripts.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf001.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf002.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf003.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf004.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signf005.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signfavp.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\signfusr.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\sr.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\srdb.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\startup.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\syscheck.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\sysipu.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\tsw.avz
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bases\verdicts.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\bl.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\btdisk.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\btimages.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\buffer.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\cab.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\crpthlpr.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\data\BTImages.dat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\data\sfdb.dat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\deflate.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\dmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\00809203.cat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\00809203.inf
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\00809203.sys
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\drivers\drvins32.exe
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\dtreg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\explode.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\filemap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\fsdrvplg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\fssync.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\getsi.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\hashcont.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\hashmd5.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\hccmp.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\ichk2.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\inflate.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\inifile.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\is-K2V7U.cfg
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\is-K2V7U.com
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\is-K2V7U.exe
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\iwgen.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\kldirobj.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\klipc.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\l_llio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\lha.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\mailmsg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\mdmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\memmodsc.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\memscan.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\Microsoft.VC80.CRT.manifest
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\minizip.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\minst.exe
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\mkavio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msoe.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msvcm80.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msvcp80.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\msvcr80.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\nfio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\ntfsstrm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\ods.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\params.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\passdmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\pdm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\pdm2rt.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prkernel.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prloader.dll

c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\procmon.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prremote.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prseqio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\prutil.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\pxstub.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\qb.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\rar.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\reggrd.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\regmap.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\0003_Scan_Objects_eventlog.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\detected.idx
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\detected.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\eventlog.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\report\report.rpt
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\resip.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\scmhlpr.dll
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\sfdb.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\avz.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\avzkrnl.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\credits.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\hints.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\iso3166-1.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\main.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\oas.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\prot.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\report.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\scan.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\service.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\en\settings.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\enums.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\activity.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\application.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Arrow.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\background.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\badmail.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\banner.gif
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Banner.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\battery.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\bootsect.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\collapse.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\danger24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\danger32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\dialer.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\disk.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\display.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\error.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\expand.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\floppy.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Goodmail.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\gripper.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\help.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\help16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\i16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\i24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\i32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ids.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ie.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\info.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\integrity.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\internet.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\internet16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\intranet.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav_en.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav_ru.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav2006.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kav2006rus.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_bs.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_caps.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_ctrl.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_enter.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_lshift.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_normal.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_rshift.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_slash.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_space.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kbdbtn_tab.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\key.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\kl.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\local.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\lockbutton.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\locked.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\logo.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\mail.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\mail_bad.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_off16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_off32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_on16.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\main_on32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\memory.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_bad.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_deleted.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_good.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_new.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\msg_question.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\navstate.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\navstate2.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\network.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\nonrecursive.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\notepad.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Notify.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\office.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ok.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ok24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\ok32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\password.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\pause.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\popup_allowed.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\popup_blocked.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\Privacy.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\rdisk.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\regedit.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\regicons.ico
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\run.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\settings.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\startupobj.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\stealth.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\stop.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\t_hdr.bmp
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\t_row.bmp
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\taskbar.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antihacker32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antihackerX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispam32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispamX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispy32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\antispyX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\datafiles.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\datafiles32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\file32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\fileX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\mail32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\mailX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\pdm32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\pdmX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\prot32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\protection.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\scan32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\scanX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\support.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\support32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\updater32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\updaterX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\web32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\tasks\webX.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\title.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\trusted.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\unkobj.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\unlocked.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\visa.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\warning.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\warning24.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\warning32.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\images\wizard.png
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\avz.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\main.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\oas.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\prot.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\report.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\scan.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\service.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\layout\settings.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\prot.loc
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\skin.ini
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\skin\sounds\Infected.wav
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\stdcomp.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\stenum2.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\stored.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\superio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\tempfile.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\thpimpl.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\timer.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\tm.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unarj.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\uniarc.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unlzx.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unreduce.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unshrink.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\unstored.ppl

c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\vmarea.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\wdiskio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\winreg.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\xorio.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\is-K2V7U\zcompare.ppl
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Log.bat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Scan.bat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Script.bat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\Start.lnk
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\unins000.dat
c:\users\Michael\Documents\Michael's Folder =)\Virus Removal Tool\unins000.exe
c:\windows\system32\drivers\00809203.sys
c:\windows\system32\wbem\Performance\WmiApRpl_new.h

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 21:31 . 2009-11-28 21:55 -------- d-----w- c:\users\Michael\AppData\Local\temp
2009-11-28 21:31 . 2009-11-28 21:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-28 21:31 . 2009-11-28 21:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-28 21:31 . 2009-11-28 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-28 21:21 . 2009-11-28 21:21 49152 d-----w- C:\32788R22FWJFW
2009-11-25 04:34 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 22:09 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 22:09 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 00:28 . 2009-11-23 00:28 -------- d-----w- C:\_OTL
2009-11-17 16:51 . 2009-11-17 16:51 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 04:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 04:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 04:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 04:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 04:05 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 04:05 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-17 04:05 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-15 22:35 . 2009-11-15 22:35 574 ----a-w- C:\cleanup.bat
2009-11-15 22:35 . 2009-11-15 22:35 135168 ----a-w- C:\zip.exe
2009-11-15 05:15 . 2009-11-15 05:15 -------- d-----w- c:\program files\WOT
2009-11-13 02:23 . 2009-11-18 03:50 437846048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-11 02:49 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 02:49 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 23:29 . 2009-11-05 23:29 -------- d-----w- c:\users\Michael\DoctorWeb
2009-11-04 01:38 . 2009-11-04 01:38 -------- d-----w- c:\program files\iPod
2009-11-04 01:27 . 2009-11-04 01:27 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 03:58 . 2009-11-02 03:58 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 00:53 . 2008-07-02 04:09 4096 d-----w- c:\programdata\Google Updater
2009-11-27 02:47 . 2009-07-03 17:57 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-11-24 22:01 . 2009-02-15 16:17 42237 ----a-w- c:\programdata\nvModes.dat
2009-11-21 18:32 . 2009-09-13 04:50 34 ----a-w- c:\windows\system32\BD5250DN.DAT
2009-11-18 03:50 . 2009-11-13 02:23 5133128 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-17 16:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 16:46 . 2009-11-17 16:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 16:45 . 2009-11-17 16:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-15 01:00 . 2008-07-29 14:47 4096 d-----w- c:\users\Michael\AppData\Roaming\DNA
2009-11-14 16:56 . 2008-03-10 18:04 -------- d-----w- c:\programdata\Viewpoint
2009-11-11 03:50 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 03:38 . 2008-03-10 18:37 8192 d-----w- c:\programdata\Microsoft Help
2009-11-04 01:40 . 2009-09-23 00:06 4096 d-----w- c:\program files\iTunes
2009-11-04 01:38 . 2009-06-14 00:14 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 00:31 . 2008-07-28 18:39 1356 ----a-w- c:\users\Michael\AppData\Local\d3d9caps.dat
2009-11-03 01:42 . 2009-10-02 22:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 23:26 . 2009-04-27 02:29 117760 ----a-w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-29 21:45 . 2008-07-09 02:13 4096 d-----w- c:\program files\SpywareBlaster
2009-10-29 19:04 . 2009-07-03 17:57 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-29 19:04 . 2009-07-03 17:57 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-29 19:04 . 2009-07-03 17:57 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 19:04 . 2009-07-03 17:57 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-29 19:04 . 2009-07-03 17:57 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 19:04 . 2009-07-03 17:57 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-17 23:42 . 2009-10-17 23:42 4096 d-----w- c:\program files\Photo Viewer
2009-10-13 19:56 . 2009-09-03 01:06 1541416 ----a-w- c:\programdata\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 19:41 . 2009-10-13 19:41 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2009-10-13 19:40 . 2009-06-15 22:07 77344 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-11 20:50 . 2009-10-11 18:36 -------- d-----w- c:\users\Michael\AppData\Roaming\U3
2009-10-11 16:42 . 2008-07-02 01:14 77344 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-05 22:04 . 2009-10-05 22:04 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3998.tmp.exe
2009-10-05 00:59 . 2009-10-05 00:58 4096 d-----w- c:\program files\Audacity
2009-10-05 00:52 . 2009-10-05 00:52 -------- d-----w- c:\programdata\AIM
2009-10-05 00:52 . 2009-10-05 00:52 8192 d-----w- c:\program files\AIM
2009-10-05 00:52 . 2009-10-05 00:52 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-03 19:53 . 2009-07-01 22:34 16384 d-----w- c:\program files\Diablo II
2009-10-01 01:02 . 2009-11-17 04:07 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 04:07 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 04:07 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 04:07 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 04:07 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 04:07 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 04:07 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 04:07 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 04:07 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 04:07 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 04:07 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 04:07 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 04:07 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 04:07 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 04:07 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 17:44 . 2009-07-31 21:21 4045528 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-26 21:47 . 2009-09-26 21:47 54 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2009-09-26 21:47 . 2009-09-26 21:47 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2009-09-25 02:10 . 2009-11-17 04:08 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 04:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 04:08 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 04:08 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 04:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 04:08 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 04:08 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 04:08 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 04:08 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 04:08 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 04:08 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 04:08 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 04:08 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 04:08 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 04:08 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 04:08 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 04:08 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 04:08 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 04:08 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 04:08 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 04:08 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 04:08 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 04:08 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 04:08 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 04:08 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 04:08 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 04:08 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-15 23:06 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 23:08 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 20:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-27 20:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-04 11:41 . 2009-10-15 23:06 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\3c786fgt5\CF670.cfxxe" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-10 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-27 271600]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-08-11 1512688]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-08-11 636144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-11-11 333040]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe" [2009-08-11 14064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 19:46 79368 ----a-w- c:\windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):5f,f5,eb,ff,18,3e,ca,01

R0 KmxFw;KmxFw;c:\windows\System32\drivers\KmxFw.sys [6/25/2009 1:10 PM 107512]
R1 KmxAgent;KmxAgent;c:\windows\System32\drivers\KmxAgent.sys [6/25/2009 1:10 PM 73720]
R1 KmxFile;KmxFile;c:\windows\System32\drivers\KmxFile.sys [6/25/2009 1:10 PM 55288]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\System32\drivers\KmxFilter.sys [6/25/2009 1:10 PM 58360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 1:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 72944]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [7/3/2009 12:57 PM 128240]
R2 KmxCF;KmxCF;c:\windows\System32\drivers\KmxCF.sys [6/25/2009 1:10 PM 150520]
R2 KmxSbx;KmxSbx;c:\windows\System32\drivers\KmxSbx.sys [7/30/2008 11:38 AM 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [6/25/2009 1:10 PM 875000]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/25/2009 1:10 PM 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/25/2009 1:10 PM 207352]
R3 KmxCfg;KmxCfg;c:\windows\System32\drivers\KmxCfg.sys [6/25/2009 1:10 PM 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [7/1/2008 8:24 PM 222448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-02 23:57]

2008-10-31 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-10 18:58]

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{3F89A1C6-1F5B-459A-A88C-0E52B8137DE7}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 16:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2887668443-1976344967-1242083675-1000\Software\SecuROM\License information*]
"datasecu"=hex:20,b7,6b,f2,01,fe,c5,6e,b5,0a,b5,43,18,38,29,db,bd,d9,5c,0d,74,
69,e8,77,ca,f1,7a,53,4d,6f,2b,e4,0a,5c,cf,a3,2a,e4,e0,e3,47,e4,70,c1,65,1d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(5536)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-11-28 17:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-28 22:06
ComboFix2.txt 2009-11-18 04:05
ComboFix3.txt 2009-11-16 03:58
ComboFix4.txt 2009-11-03 03:30

Pre-Run: 54,443,626,496 bytes free
Post-Run: 51,086,393,344 bytes free

- - End Of File - - B5A708E3AA882B0D3AEE95BCE0E6F56B

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow https://discussions.virtualdr.com/im.../2010/11/6.jpg at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


Post fresh HijackThis log as well.

Last time we ran DrWebCure it appeared to be on course for about a 12 hour scan. After about 5 hours it crashed. Would running in safe mode help? Or is there an alternative?