I'm another victim of winblue

i got online yaaaaayyyyy and i tried deleting it but it didn't work installing thing right now

wow i have another problem the box is too big for me to click the accept button and i can't shrink it

Just try hitting enter, the option should already be on "Accept"

notpad did not show up only a list of stuff on the scan

Last edited by mscandidrop on 3rd June 2009, 9:53 pm; edited 1 time in total

Nope, did you get the main window?

it says trend mico hijackthis... at the top
then a box with a list of things inside with check boxes next to them and scan button at the bottom and fix checked button beside it

i can't even open notepad or word in safemode

help?

i can't get notepad to open but i'll try to copy what the list says

No need to.
Try opening the txt file using Wordpad.

hkcu\software\microsoft\internet explorer\main search default page url= www.google.com
BHO:(noname)-{02478D38-c3F9-4efb-9B51-7695EcA05670}- (NO FILE)
BHO: Adobe PDF ReaderLink Helper- {06849E9F-c8D7-4D59-B87D-784B7D6BE0B3} - c:\PROGRAM FILES\ADOBE\AcROBATE...
BHO:IEVkbdBHO-{59273AB4-E7D3-40F9-A1A8-6FA9ccA1862c}-c: PROGRAM FILES\KASPERSKY LAB....

I DONT KNOW HOW TO WHEN I cLIK ON WORD PAD IT DOESN'T OPEN

Hello.
Is there an O20 in Hijack This that says blocker.dll?

sorry had my caps on i'm not sure

i found it i also found one that says winblue on it too

there is one called mskdectorex and another called kernalfaultcheck do i need to check else?

ok i got it now
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:41 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tempo-setup2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imvu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061021
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm088YYUS
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moove.com
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 9042 bytes

did i do it right?

...

so.......... what now

Please do not keep Bumping your topic as you are not the only one that needs help,

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKCU\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe
  O8 - Extra context menu item: &Search - ?p=ZJxdm088YYUS
  O15 - Trusted Zone: *.moove.com
  O20 - AppInit_DLLs: blocker.dll
  O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-06-03.01 - Candi Drop 06/03/2009 20:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.144 [GMT -4:00]
Running from: c:\documents and settings\Candi Drop\My Documents\My Videos\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\101zt9ief5830.ocx
c:\windows\105659roz1d4.ocx
c:\windows\1058spzmbot6359.ocx
c:\windows\10875zackto9l7765.exe
c:\windows\10z85hackt5o989.dll
c:\windows\1126459t-a-virus5z.cpl
c:\windows\1145thzeat26998.bin
c:\windows\115159cktool680z.ocx
c:\windows\1206zwo9m555.cpl
c:\windows\12170zpy5d09.cpl
c:\windows\122459orm52z.cpl
c:\windows\12479not5a-zirus635.bin
c:\windows\1274295oj43z.dll
c:\windows\12775viru941z.cpl
c:\windows\12968ha9k5zol173.dll
c:\windows\129ca5dware15z0.exe
c:\windows\131329zrus995.cpl
c:\windows\13273s95z5a.exe
c:\windows\13289hackto5lz2c.ocx
c:\windows\13439vi9uz3595.cpl
c:\windows\13566h5cktoo91acz.bin
c:\windows\13577spzmbo9255.dll
c:\windows\13596not-5-virus4e6z.cpl
c:\windows\138zthr9at9523.dll
c:\windows\14189virusz9d5.ocx
c:\windows\14235not-az5iru9712.ocx
c:\windows\142zv9r5s587.ocx
c:\windows\14320vi59z496.exe
c:\windows\143z7not5a-viru95b8.ocx
c:\windows\14417hackto9524z.cpl
c:\windows\14595pa9bot39z.exe
c:\windows\14598virzs359.exe
c:\windows\14902ha9ktzol58.ocx
c:\windows\1510hackt9ol6adz.bin
c:\windows\151719pyz5e.dll

c:\windows\151719pyz5e.dll
c:\windows\15290virusz5e.ocx
c:\windows\155bbaczdoor50569.bin
c:\windows\155zsparse2992.bin
c:\windows\15639hzc9tool5e9.bin
c:\windows\157z0s5amb9t21e.dll
c:\windows\15f8ad5wzre978.bin
c:\windows\15z8addware693.dll
c:\windows\16256not5a-virus9z8.cpl
c:\windows\16a0downloade9255z.bin
c:\windows\16bzthief26159.dll
c:\windows\17193zo5-a-9irus1b5.ocx
c:\windows\1720spy9a5e303z.bin
c:\windows\175zvir1279.bin
c:\windows\17673hazkt9ol185.exe
c:\windows\17802hackt5oz9f5.bin
c:\windows\1802spyzare2598.dll
c:\windows\1829s5eal1z14.ocx
c:\windows\1859backzoor1054.dll
c:\windows\185z6wo9m678.ocx
c:\windows\18862not-azvirus2f95.dll
c:\windows\1887n9t-a-5irzs70b.cpl
c:\windows\189025zy3be.dll
c:\windows\189959py5bz.ocx
c:\windows\18z49viru539a.bin
c:\windows\190299ackzool2c5.dll
c:\windows\191145orz9cb.ocx
c:\windows\19215zpambot3df.ocx
c:\windows\19415vizus6cc.ocx
c:\windows\198z05pambot19f.bin
c:\windows\1997downzoader5695.dll
c:\windows\19dzth5eat20845.bin
c:\windows\19f35ir1z92.bin
c:\windows\19f9addwa5z2573.dll
c:\windows\19z83hackt5ol169.bin
c:\windows\1a56zte9l1125.ocx
c:\windows\1ac4ba9kdoor235z.ocx
c:\windows\1b509pzrs51822.cpl
c:\windows\1d399parse85z.exe
c:\windows\1e90backdo9r5z21.bin
c:\windows\1z586spy25c9.ocx
c:\windows\1zd8spa9se1756.dll
c:\windows\205fbackdooz26899.dll
c:\windows\21829hackto5l1z4.bin
c:\windows\21954not5a-virus45z.exe
c:\windows\21z1t9ief575.exe
c:\windows\21z61sp5mbot697.dll
c:\windows\227359za5bot6f1.dll
c:\windows\23388hack5oo94dz.ocx
c:\windows\23391spambz54a9.dll
c:\windows\235015or91z5.ocx
c:\windows\2361z9ot-a-virus595.bin
c:\windows\23885viz9s1e3.ocx
c:\windows\239szarse885.bin
c:\windows\241zs5y933.exe
c:\windows\2424ste9l25z9.dll
c:\windows\24575vzrus6b69.dll
c:\windows\24854zp5mbot99.bin
c:\windows\24959spambot2zd9.cpl
c:\windows\2495tro97z2.exe
c:\windows\24z745iru930e.dll
c:\windows\2525d5wnlz9der452.bin
c:\windows\252fthrzat195.exe
c:\windows\25385vi9zs45c5.exe
c:\windows\253z9hief3185.bin
c:\windows\25557v9r5s6za.exe
c:\windows\25727zi9us1a5.bin
c:\windows\25891sza59ot1b7.ocx
c:\windows\25c2spa9ze2798.bin
c:\windows\26459troj5z.bin
c:\windows\265649pa5botz9.dll
c:\windows\265775pamboz2e9.exe
c:\windows\265vi93176z.cpl
c:\windows\26841zir9s7a45.bin
c:\windows\26902notza-viru592a.exe
c:\windows\27215worm39z.ocx
c:\windows\272379o5m466z.cpl
c:\windows\27245hazktool949.cpl
c:\windows\27556not9a-zirus6df.exe
c:\windows\2791znot-a-vi5us72f.cpl
c:\windows\27fzown95ader1912.ocx
c:\windows\28457hackt9oz756.cpl
c:\windows\2845z9roj5615.exe
c:\windows\28c8d9wzload5r2580.bin
c:\windows\29045h5cktzol1019.cpl
c:\windows\29557worm6ze.exe
c:\windows\29589zpy44d.ocx
c:\windows\29671spy675z.dll
c:\windows\2980ztro5522.bin
c:\windows\299565r9jza7.cpl
c:\windows\29b8ad5ware1z089.dll
c:\windows\29czt9ief3259.exe
c:\windows\29f3dzwnloa9er9125.ocx
c:\windows\29z06vir9s7f35.exe
c:\windows\29z1v5r580.exe
c:\windows\2z40n5t9a-virus414.ocx
c:\windows\2z540vi9us14e.dll
c:\windows\2z671w9rm56c.exe
c:\windows\2z6asparse2395.exe
c:\windows\2z9115orm384.bin
c:\windows\2z995spambot70f.dll
c:\windows\3009virzs56b9.exe
c:\windows\3032ad5war9z401.dll
c:\windows\30549ir2337z.ocx
c:\windows\308529orz315.exe
c:\windows\3155ha9ktool2z5.exe
c:\windows\318445zambot3b99.dll
c:\windows\3275zs9y5d5.dll
c:\windows\3326ha5ktool5z9.bin
c:\windows\340295zeat10341.exe
c:\windows\3412th9eaz67295.bin
c:\windows\3452add9arez014.dll
c:\windows\3456sz9mbot35.exe
c:\windows\352faddware199z.bin
c:\windows\35a8spyzar93226.bin
c:\windows\365dsparsz1529.dll
c:\windows\3695hackt9zl28a.ocx
c:\windows\37529ir92z.exe
c:\windows\3842h9cktoo57z8.bin
c:\windows\38zabackdoo95183.dll
c:\windows\3953virzs946.bin
c:\windows\39575a9kdooz1664.cpl
c:\windows\39585tzoj659.ocx
c:\windows\3992spyzare2519.ocx
c:\windows\39d95ackdoor1759z.ocx
c:\windows\39f5thizf2971.dll
c:\windows\39fe9p5zare178.dll
c:\windows\3a55s9ezl509.cpl
c:\windows\3b6cba9kdoor17z35.bin
c:\windows\3e409parsez525.ocx
c:\windows\3f25back9ozr2350.exe
c:\windows\3f9eaddz5re1450.cpl
c:\windows\3fz5addware5119.ocx
c:\windows\3z35spywa9e595.cpl
c:\windows\3z574w9rm2e5.bin
c:\windows\406bbackdzor19985.dll
c:\windows\411cthz9f2258.ocx
c:\windows\42055a9ktool7d9z.cpl
c:\windows\42z7ad9ware2157.dll
c:\windows\43best9zl19105.bin
c:\windows\4558spzmbo972c5.exe

c:\windows\4574zpy69f9.cpl
c:\windows\4712z5ambot907.exe
c:\windows\4759s5arse2658z.ocx
c:\windows\4a2ethr9zt15832.cpl
c:\windows\4c69tzie52979.bin
c:\windows\4cds5ea92z06.bin
c:\windows\4d4zt5rea915733.dll
c:\windows\4e05iz915.exe
c:\windows\4e53downlozder53599.cpl
c:\windows\4e73zddw9re935.dll
c:\windows\4efzbac5door1914.dll
c:\windows\4ezfspar952366.bin
c:\windows\4f53tz5ef1929.ocx
c:\windows\4f7ebackdz9r1459.bin
c:\windows\4z3aa59ware1367.dll
c:\windows\4zbdownload5r957.ocx
c:\windows\501e9dd5zre1539.cpl
c:\windows\5085v5ruz349.bin
c:\windows\515z7spy6a9.ocx
c:\windows\51c9zir852.bin
c:\windows\51z7t9reat192685.exe
c:\windows\52756viru95z3.dll
c:\windows\52z9thie51981.exe
c:\windows\530z5i988.bin
c:\windows\5340down9oade52968z.dll
c:\windows\5388no5-a-vzrus2d9.exe
c:\windows\542cthi9z5315.dll
c:\windows\5449wo9m3az.ocx
c:\windows\5454thie9z69.dll
c:\windows\54908spz4ea.bin
c:\windows\54bc9ddzare1871.ocx
c:\windows\5555z5y6799.cpl
c:\windows\55e2sp9rsz3597.bin
c:\windows\55zfaddware1519.bin
c:\windows\5674a9dw5rz2245.exe
c:\windows\5681wo5z359.dll
c:\windows\56e9spzrse2959.exe
c:\windows\572dtzi9f3086.dll
c:\windows\57703worm39z.exe
c:\windows\579dth9efz955.bin
c:\windows\5859add9arz1514.exe
c:\windows\58919teaz2095.dll
c:\windows\5901st5zl1686.cpl
c:\windows\59267t9oj5c6z.ocx
c:\windows\592bthreat5z54.dll
c:\windows\5933wor5350z.bin
c:\windows\595ad5wzloader652.dll
c:\windows\59859te5l2478z.dll
c:\windows\59939ot-a-zir5sce.ocx
c:\windows\59z9troj280.cpl
c:\windows\5a56tz5ef931.ocx
c:\windows\5a9aazdware2137.dll
c:\windows\5abasza9se29635.exe
c:\windows\5c1dz5r27139.ocx
c:\windows\5cdcthrzat9899.exe
c:\windows\5d9fstealz98.bin
c:\windows\5ddaspywarz4159.exe
c:\windows\5ea5backdo5rz6689.cpl
c:\windows\5f3e95ywaze923.dll
c:\windows\5ff2ad59zre1132.cpl
c:\windows\5z56w9rm146.bin
c:\windows\5z6thief159.dll
c:\windows\5z75thief31479.bin
c:\windows\5z90t5ief2241.exe
c:\windows\5zafaddw9re1820.cpl
c:\windows\5zcet59ef631.ocx
c:\windows\6025spywar9z903.cpl
c:\windows\611notza-9irus575.exe
c:\windows\626fthrezt582109.ocx
c:\windows\63a59zdware2539.cpl
c:\windows\6505back9oor1z78.cpl
c:\windows\65z0thief31049.bin
c:\windows\66999d5waze680.dll
c:\windows\6785szyware9623.exe
c:\windows\67d5sp9rsez085.ocx
c:\windows\683z9a5kdoor201.cpl
c:\windows\6915steal965z.exe
c:\windows\6941ad9waze2159.bin
c:\windows\695ztroj9c3.bin
c:\windows\6962th5ef272z.cpl
c:\windows\696s5y234z.dll
c:\windows\6a0b5tez93158.bin
c:\windows\6a50spyw9ze3003.exe
c:\windows\6aafthzeat958935.ocx
c:\windows\6czthief20259.exe
c:\windows\6dbzthrea952458.bin
c:\windows\6e15threaz92500.exe
c:\windows\6f29a9dwarz525.dll
c:\windows\6z24tro919c5.ocx
c:\windows\70035zr1893.dll
c:\windows\70389hie52076z.exe
c:\windows\7069viruz9855.exe
c:\windows\712f5par9z1186.dll
c:\windows\7195sz9ware173.exe
c:\windows\71aca95warz2864.cpl
c:\windows\71d9threat5z09.exe
c:\windows\7243zpyware15659.bin
c:\windows\7255no5-a-virus5ze9.bin
c:\windows\7255t9oz225.exe
c:\windows\738zt5re9t10057.ocx
c:\windows\740d59eal51z.dll
c:\windows\7476s5zware9600.dll
c:\windows\7520tzo93f6.ocx
c:\windows\75vir19z.exe
c:\windows\760ebackdozr915.bin
c:\windows\7895z5915c.cpl
c:\windows\7936vir1295z.bin
c:\windows\7bb39h5ef1578z.cpl
c:\windows\7bbcba9kzoo52764.exe
c:\windows\7d575ownzoader25969.dll
c:\windows\7db5dzwnlo5der729.cpl
c:\windows\7dcza9dwar5606.bin
c:\windows\7dezste5l8489.ocx
c:\windows\7z03steal3519.bin
c:\windows\7z95spambot157.ocx
c:\windows\8528hacktoo59z.dll
c:\windows\85449ot-a-zirus485.dll
c:\windows\8575spazb9t75.exe
c:\windows\8795vzr9s58.bin
c:\windows\8z49not-a-virus656.bin
c:\windows\90ezaddw5re1578.ocx
c:\windows\9100stzal2965.bin
c:\windows\9175sparse2972z.dll
c:\windows\9258spy78az.cpl
c:\windows\9268not-a-v9rus55bz.exe
c:\windows\926z8viru5200.bin
c:\windows\93491spy54z.dll
c:\windows\940backdoz5669.dll
c:\windows\949zhack9ool6705.cpl

c:\windows\951bazk95or2802.exe
c:\windows\955z6spy2335.bin
c:\windows\95706spy16z.exe
c:\windows\9649not-a-viru951fz.bin
c:\windows\96559wormz0b.bin
c:\windows\96bzparse27945.dll
c:\windows\982vi59s7z3.bin
c:\windows\98czthreat275355.exe
c:\windows\9a2z5ir1319.cpl
c:\windows\9adth5eaz5059.bin
c:\windows\9b25thzeat24564.dll
c:\windows\9b3cspar5e2z85.dll
c:\windows\9d1stezl5549.exe
c:\windows\9d20spar5e10z7.cpl
c:\windows\9ezi51103.bin
c:\windows\9z60downl5ader190.bin
c:\windows\9zc6vir5795.exe
c:\windows\a61down5o9dzr1937.bin
c:\windows\bd0thief2z519.exe
c:\windows\bz7sp9rse59.dll
c:\windows\dzfad5ware28799.exe
c:\windows\e375hief19z9.cpl
c:\windows\e85backdozr997.bin
c:\windows\f41spyw9re256z.ocx
c:\windows\f925teal1z77.exe
c:\windows\fa9st5az2122.bin
c:\windows\IE4 Error Log.txt
c:\windows\system32\10249wzrm4d65.dll
c:\windows\system32\1039zhief519.ocx
c:\windows\system32\11464spambz539b.cpl
c:\windows\system32\115255pambot2z9.cpl
c:\windows\system32\11585troz309.cpl
c:\windows\system32\115spzm9ot7af5.exe
c:\windows\system32\11652spambot695z.dll
c:\windows\system32\11693spy5za.cpl
c:\windows\system32\11811s5z9d4.cpl
c:\windows\system32\120zth5e92550.dll
c:\windows\system32\1239z5pambot58.bin
c:\windows\system32\1265tr9z699.bin
c:\windows\system32\1327tro9z05.bin
c:\windows\system32\13497szamb5966f.exe
c:\windows\system32\13909spam5zt31b.exe
c:\windows\system32\13a5baczdoor2999.exe
c:\windows\system32\14406hackt5z9174.exe
c:\windows\system32\1451backdoor29z9.bin
c:\windows\system32\14598s5ambzt95.exe
c:\windows\system32\146z0hack5oo9399.bin
c:\windows\system32\14f6bz95door649.ocx
c:\windows\system32\1509hackzoole59.ocx
c:\windows\system32\15495not5azvirus19a.cpl
c:\windows\system32\15574worm9zb.bin
c:\windows\system32\15594zroj9ea.bin
c:\windows\system32\15951tzoj6f5.dll
c:\windows\system32\15976wzr57b1.dll
c:\windows\system32\15a2thz9at21507.bin
c:\windows\system32\15z859orm95.bin
c:\windows\system32\15z8t9reat16335.cpl
c:\windows\system32\16575trz950c.dll
c:\windows\system32\1687sp9mbztee5.dll
c:\windows\system32\16995not-5-zirus793.dll
c:\windows\system32\175529zrm46d.dll
c:\windows\system32\17f5addza9e5673.exe
c:\windows\system32\17f85pyw9ze2729.bin
c:\windows\system32\17z23not-95virus7c3.cpl
c:\windows\system32\180759pambot359z.bin
c:\windows\system32\188z1h5cktool2df9.dll
c:\windows\system32\18999trojz5.bin
c:\windows\system32\18zds59rse276.dll
c:\windows\system32\19033spzm5ot4c9.dll
c:\windows\system32\19033zirus4185.exe
c:\windows\system32\19056vzru9604.cpl
c:\windows\system32\19098z9rus1e85.exe
c:\windows\system32\19385zorm3c59.bin
c:\windows\system32\19398spambo9325z.bin
c:\windows\system32\19553vi5us5za.dll
c:\windows\system32\1959zvirus391.exe
c:\windows\system32\19839zorm556.bin
c:\windows\system32\19845no5-a-v9rus61z.ocx
c:\windows\system32\1990addw5re6z3.ocx
c:\windows\system32\1995spzmbot6f5.bin
c:\windows\system32\199z8spy57.bin
c:\windows\system32\19c2d9wnlzad5r2192.ocx
c:\windows\system32\1c47z5eal9659.exe
c:\windows\system32\1d1ezpyware20569.ocx
c:\windows\system32\1z102spy5559.ocx
c:\windows\system32\1z114vir9s70f5.exe
c:\windows\system32\1za9s5e9l2725.bin
c:\windows\system32\20296hack9oolz5.dll
c:\windows\system32\20449vir5s7cz.cpl
c:\windows\system32\20456zot-a-vi5u97e1.exe
c:\windows\system32\20512trzj913.cpl
c:\windows\system32\209935rojzd9.dll
c:\windows\system32\209z1spamb9t258.dll
c:\windows\system32\21542spzmbo9460.exe
c:\windows\system32\219cthre5t2606z.exe
c:\windows\system32\21c7s9y5are2548z.ocx
c:\windows\system32\22883s5ambot13z9.dll
c:\windows\system32\23256hackzool9b8.bin
c:\windows\system32\2352zhackt59l7c4.cpl
c:\windows\system32\23837zack5o9l779.exe
c:\windows\system32\23978not-5-vizu9138.exe
c:\windows\system32\239bspz5se31839.cpl
c:\windows\system32\2519hac5tzol69d.ocx
c:\windows\system32\25252w9rm35z.ocx
c:\windows\system32\2529szeal1171.dll
c:\windows\system32\25323z9oj5a9.bin
c:\windows\system32\253z5worm9d.dll
c:\windows\system32\255239orm5az.exe
c:\windows\system32\25587sp9mzot775.exe
c:\windows\system32\255athzef27945.bin
c:\windows\system32\25688s5ambo97c4z.ocx
c:\windows\system32\25732tzo9791.cpl
c:\windows\system32\2576zhack59ol7d3.ocx
c:\windows\system32\2590659t-a-virus5z4.dll
c:\windows\system32\2592th5zf66.exe
c:\windows\system32\25963hack5z9l5bc.bin
c:\windows\system32\259d9teal25z8.dll
c:\windows\system32\259dthief972z.bin
c:\windows\system32\25a0spyzare931.exe
c:\windows\system32\26059zp559.exe
c:\windows\system32\26872spy935z.exe
c:\windows\system32\26902spamboz159.dll
c:\windows\system32\26930tro5290z.bin
c:\windows\system32\26azdwa5e23969.cpl
c:\windows\system32\26bsp9warez53.cpl
c:\windows\system32\26d5thief597z.dll
c:\windows\system32\26z9vir3581.bin
c:\windows\system32\2719addwzre29015.dll
c:\windows\system32\275e5tezl1190.exe
c:\windows\system32\2799stzal5095.exe
c:\windows\system32\27c1bzckd5or9196.ocx
c:\windows\system32\27e4sz5rse9250.cpl
c:\windows\system32\2813995y5zc.cpl
c:\windows\system32\2830spzr5e7729.dll
c:\windows\system32\28395spz749.cpl
c:\windows\system32\286z595y25c.bin
c:\windows\system32\28813hzck59ol1db.bin
c:\windows\system32\289009zambot526.cpl
c:\windows\system32\28956not-a-viruz5b9.dll
c:\windows\system32\29098not-a-vir5z77b.cpl
c:\windows\system32\292th9eat52947z.bin
c:\windows\system32\29376ha9ktozl356.exe
c:\windows\system32\294735py2f2z.dll
c:\windows\system32\2955spzware1977.exe
c:\windows\system32\295zdownloader79.bin
c:\windows\system32\298zspy5ar91242.ocx
c:\windows\system32\2a585dd9are3116z.ocx
c:\windows\system32\2aes9ars53z72.dll
c:\windows\system32\2af85ac9dooz1981.dll
c:\windows\system32\2d79th5ef20z9.dll
c:\windows\system32\2e50addwaze5029.cpl
c:\windows\system32\2z045ir890.bin
c:\windows\system32\2z088spamb5t980.cpl
c:\windows\system32\2z4th95at15381.exe
c:\windows\system32\2z8775ot-a-9irus5e6.ocx
c:\windows\system32\30169v9zus3c65.dll
c:\windows\system32\30594v5rus73z.bin
c:\windows\system32\30794s5ambot51z9.cpl
c:\windows\system32\31594t9oj7e5z.ocx
c:\windows\system32\31627z9ambot4dd5.dll
c:\windows\system32\31644v5rzs692.ocx
c:\windows\system32\32299trz5533.cpl
c:\windows\system32\329115irus5z1.dll
c:\windows\system32\3294sz9ware1650.exe
c:\windows\system32\34c8z5reat210689.cpl
c:\windows\system32\351zhackto9l578.ocx
c:\windows\system32\35409spy42z.dll
c:\windows\system32\355a5tealz6559.cpl
c:\windows\system32\35930zirus407.cpl
c:\windows\system32\3595thrzat155515.ocx
c:\windows\system32\35dfsparze9924.bin
c:\windows\system32\35zdbackdoor2996.exe
c:\windows\system32\3607zr95734.ocx
c:\windows\system32\367ebackd5or196z.bin
c:\windows\system32\37zcspywar932595.cpl
c:\windows\system32\38979ac5zoor402.bin
c:\windows\system32\3960tzre9t56352.exe
c:\windows\system32\39d7spywa5e57z.dll
c:\windows\system32\3a8zs95al1894.bin
c:\windows\system32\3aza9pyware5706.ocx
c:\windows\system32\3bbdt9iez1159.cpl
c:\windows\system32\3c5adownloade51z99.ocx
c:\windows\system32\3ddds5ar9e315z.ocx
c:\windows\system32\3z175troj792.exe
c:\windows\system32\3z39troj4975.bin
c:\windows\system32\3z9steal19915.ocx
c:\windows\system32\40czdownloader2995.cpl
c:\windows\system32\4204th95f4z4.exe
c:\windows\system32\4289nzt5a-virus89.ocx
c:\windows\system32\42b9thief90z5.cpl
c:\windows\system32\43zro579d.ocx
c:\windows\system32\4501s9yw5ze3055.cpl
c:\windows\system32\4515o9nloader20z5.exe

c:\windows\system32\4520thie91542z.exe
c:\windows\system32\45d6th9ef898z.dll
c:\windows\system32\48135ownlz9der851.exe
c:\windows\system32\4897thiez2395.dll
c:\windows\system32\492add9az5546.bin
c:\windows\system32\4956zackdoor900.bin
c:\windows\system32\49c7bazkdo5r2914.dll
c:\windows\system32\4a5dsza9se1441.exe
c:\windows\system32\4b2ev59308z.exe
c:\windows\system32\4b82thre5t183z69.ocx
c:\windows\system32\4ba6d9wn5oader920z.cpl
c:\windows\system32\4ca2thie95094z.bin
c:\windows\system32\4cdzaddwar9750.cpl
c:\windows\system32\4f18downloa9er242z5.cpl
c:\windows\system32\4f8fthizf9520.ocx
c:\windows\system32\4z47s9ambot295.ocx
c:\windows\system32\4z999ir2546.cpl
c:\windows\system32\50275hrzat9089.bin
c:\windows\system32\5043downloazer8899.cpl
c:\windows\system32\5054zv9rus164.dll
c:\windows\system32\5063zir494.bin
c:\windows\system32\50ee9irz3.ocx
c:\windows\system32\51083hackzool58f9.exe
c:\windows\system32\5135t5rzat9595.exe
c:\windows\system32\513z7troj19f9.cpl
c:\windows\system32\51425viru9z2b.dll
c:\windows\system32\519zv591008.ocx
c:\windows\system32\536bac9zoor1100.exe
c:\windows\system32\539zvi52331.ocx
c:\windows\system32\53e8stezl2985.cpl
c:\windows\system32\549notza-virus48e.dll
c:\windows\system32\5509z9rm1b5.exe
c:\windows\system32\550c9hr5at304z6.dll
c:\windows\system32\5526ste9l211z.dll
c:\windows\system32\5529irz222.cpl
c:\windows\system32\5546downlozder2395.dll
c:\windows\system32\554addwaze24999.bin
c:\windows\system32\5550v5ruz3259.bin
c:\windows\system32\558hazktoo92d9.ocx
c:\windows\system32\558zhacktool926.cpl
c:\windows\system32\5594s5ar9e73z.exe
c:\windows\system32\56bba9dzare755.exe
c:\windows\system32\57099oznload5r2904.bin
c:\windows\system32\5780not-a-vi9us109z.ocx
c:\windows\system32\57z55py596.exe
c:\windows\system32\5839threat115z.dll
c:\windows\system32\589b9ckdooz126.dll
c:\windows\system32\58e9z5eal731.ocx
c:\windows\system32\58z65ir31659.cpl
c:\windows\system32\5919threat10251z.dll
c:\windows\system32\5938trzj5915.cpl
c:\windows\system32\594fvi5z87.bin
c:\windows\system32\596athief103z.ocx
c:\windows\system32\59c5vir118z.bin
c:\windows\system32\59despa9se51z5.ocx
c:\windows\system32\5a0zd59nloader625.cpl
c:\windows\system32\5az49hreat9019.dll
c:\windows\system32\5azddware1892.ocx
c:\windows\system32\5b6cbackdooz5983.cpl
c:\windows\system32\5c8fbackd5or15z9.ocx
c:\windows\system32\5c98sparse149z.exe
c:\windows\system32\5ce45tz9l2580.exe
c:\windows\system32\5ce7s5ywaze259.ocx
c:\windows\system32\5cf5downloadzr28829.cpl
c:\windows\system32\5d4zack9o5r1199.ocx
c:\windows\system32\5e09s5yware31z4.dll
c:\windows\system32\5ed8sparse295z.cpl
c:\windows\system32\5efbthreaz91775.cpl
c:\windows\system32\5f50vzr9357.ocx
c:\windows\system32\5f52add9are14z5.ocx
c:\windows\system32\5f5zspywar92394.ocx
c:\windows\system32\5f6downloazer16789.dll
c:\windows\system32\5fz5sp9rse512.bin
c:\windows\system32\5z289acktool60.cpl
c:\windows\system32\5z35t9reat57142.dll
c:\windows\system32\5z67sparse1095.dll
c:\windows\system32\5z98vir3515.dll
c:\windows\system32\5ze2th5eat19378.exe
c:\windows\system32\603zsparse9205.bin
c:\windows\system32\6055steal1289z.dll
c:\windows\system32\6092sparse2539z.dll
c:\windows\system32\61629azkdoor565.dll
c:\windows\system32\635dthrz9t27366.exe
c:\windows\system32\639bdow5zoader1599.bin
c:\windows\system32\6511spy9are538z.bin
c:\windows\system32\6529thief316z.bin
c:\windows\system32\655backdozr3902.bin
c:\windows\system32\655zspyware194.dll
c:\windows\system32\65b5addwzre960.ocx
c:\windows\system32\6695spamb9t8z.ocx
c:\windows\system32\67179parse235z.ocx
c:\windows\system32\6753hacztoo92b2.ocx
c:\windows\system32\67939hr5at54z.cpl
c:\windows\system32\6985th9eat56261z.dll
c:\windows\system32\69c6d5wnloaderz50.dll
c:\windows\system32\6az95hreat19828.dll
c:\windows\system32\6c15st9az944.bin
c:\windows\system32\6c7ds5ar9e510z.ocx
c:\windows\system32\6d3fste9l5z9.cpl
c:\windows\system32\6e9azddware505.bin
c:\windows\system32\6f29downloader594z.bin
c:\windows\system32\6z495i92856.dll
c:\windows\system32\6z63s5eal9979.cpl
c:\windows\system32\6z81thi59871.ocx
c:\windows\system32\7059za5kdoor2725.bin
c:\windows\system32\705bbz5kd9or286.ocx
c:\windows\system32\71159teaz1865.dll
c:\windows\system32\714addwa5e93z1.dll
c:\windows\system32\715fad9waze3044.dll
c:\windows\system32\7345addw9rez895.ocx
c:\windows\system32\73z4sp5rse21509.bin
c:\windows\system32\7495zi5us30c9.bin
c:\windows\system32\749d9ir2z965.bin
c:\windows\system32\751cdownloaze93145.bin
c:\windows\system32\7549virzs7f15.exe
c:\windows\system32\7557downloadzr59.exe
c:\windows\system32\75zesp9rse5148.cpl
c:\windows\system32\7607a9dw5re249z.bin
c:\windows\system32\765dbackdooz2909.exe
c:\windows\system32\765troz3c9.dll
c:\windows\system32\77ddadd9are1591z.dll
c:\windows\system32\77eb9ckdooz1253.exe
c:\windows\system32\79a8threat5z089.ocx
c:\windows\system32\79e3spazse39275.bin
c:\windows\system32\79f8downzoader2915.bin
c:\windows\system32\7acadowzloade915805.ocx
c:\windows\system32\7ad9th9eatz6705.exe
c:\windows\system32\7b9zth5eat7678.bin
c:\windows\system32\7bbspa9se3z75.bin
c:\windows\system32\7c26threa97325z.ocx
c:\windows\system32\7c59zhreat11612.dll
c:\windows\system32\7fc5vi9768z.cpl
c:\windows\system32\7z619ir24295.dll
c:\windows\system32\7zf3addw9re26925.ocx
c:\windows\system32\885s9zm5ot1ad.ocx
c:\windows\system32\8915n9t-a-virus23cz.exe
c:\windows\system32\898zorm95.bin
c:\windows\system32\89bspy5arez94.dll
c:\windows\system32\8dfszywar59608.exe
c:\windows\system32\9099t59j73az.exe
c:\windows\system32\90c4thzef5765.bin
c:\windows\system32\9338not-a5vizus6af9.cpl
c:\windows\system32\9386zworm7045.ocx
c:\windows\system32\93eavir5980z.ocx
c:\windows\system32\947dback5oor1569z.exe
c:\windows\system32\9489addwar5360z.cpl
c:\windows\system32\94zevir5489.ocx
c:\windows\system32\952viz2879.dll
c:\windows\system32\9539zwo5m371.dll
c:\windows\system32\9542spy6z89.dll
c:\windows\system32\9557virzs1a5.exe
c:\windows\system32\957addz5re577.exe
c:\windows\system32\95z3spywar51329.ocx
c:\windows\system32\96azthief5588.exe
c:\windows\system32\9795spy2fz.exe
c:\windows\system32\9815szy335.exe
c:\windows\system32\985adownloader1978z.dll
c:\windows\system32\989bviz5985.exe
c:\windows\system32\98a5sp5zare2254.dll
c:\windows\system32\99211ha5ztool748.bin
c:\windows\system32\9929hackto5l2za.ocx
c:\windows\system32\993z5teal804.ocx
c:\windows\system32\9975troj7ze.cpl
c:\windows\system32\997backzoo95937.exe
c:\windows\system32\9beaadzware5237.ocx
c:\windows\system32\9befstzal2335.cpl
c:\windows\system32\9c2zsteal5450.ocx
c:\windows\system32\9cbe5ownloader126z.ocx
c:\windows\system32\9f01azdwar5676.dll
c:\windows\system32\9z856virus595.cpl
c:\windows\system32\9zfdow9loader85.exe
c:\windows\system32\b9f9azkdoo5958.cpl
c:\windows\system32\c50d5znloade92100.cpl
c:\windows\system32\drivers\I2220NTA.CAT
c:\windows\system32\drivers\I2220NTX.CAT
c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
c:\windows\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
c:\windows\system32\drivers\netag3n.cat
c:\windows\system32\drivers\tmimo3p.CAT
c:\windows\system32\e1dazd95re2646.exe
c:\windows\system32\z0075worm2b95.cpl
c:\windows\system32\z0419spambo52aa.ocx
c:\windows\system32\z10f5pyware8689.dll
c:\windows\system32\z1359spy595.dll
c:\windows\system32\z1a0s9eal15115.ocx
c:\windows\system32\z263ad5ware1093.cpl
c:\windows\system32\z276vi5us693.bin
c:\windows\system32\z2cfthi591317.dll
c:\windows\system32\z3579wo9m5265.bin
c:\windows\system32\z3bbvir5977.ocx
c:\windows\system32\z4055spambot9e65.exe
c:\windows\system32\z436spa9bot6e95.ocx
c:\windows\system32\z45129p521f.ocx
c:\windows\system32\z459addware3060.bin
c:\windows\system32\z4b7s9yware451.bin

c:\windows\system32\z5349vi5us42b.bin
c:\windows\system32\z5e0steal2952.exe
c:\windows\system32\z69bdownload5r716.bin
c:\windows\system32\z70bbackdoor6589.cpl
c:\windows\system32\z74295arse2345.exe
c:\windows\system32\z756hacktoo9b8.bin
c:\windows\system32\z897t5ief3099.dll
c:\windows\system32\z9dthr5at14421.dll
c:\windows\system32\z9fdsparse560.exe
c:\windows\system32\za5cspy9are884.bin
c:\windows\system32\zb5e9ir2179.cpl
c:\windows\system32\zb79t9reat12573.ocx
c:\windows\system32\zd51spy9are930.ocx
c:\windows\system32\ze57add5are896.cpl
c:\windows\system32\zf05sparse9394.exe
c:\windows\z0168worm45e9.bin
c:\windows\z035t9reat219575.dll
c:\windows\z051addware2149.ocx
c:\windows\z158spambot40a9.cpl
c:\windows\z1951w5rm748.ocx
c:\windows\z1d7addwa9e7195.exe
c:\windows\z2126spy9de5.dll
c:\windows\z2255r9j3a0.cpl
c:\windows\z3895wor54919.ocx
c:\windows\z492vir23125.bin
c:\windows\z495hacktool195.dll
c:\windows\z495vir1593.dll
c:\windows\z4a95hief1771.cpl
c:\windows\z4d5vir9079.bin
c:\windows\z595st9al589.ocx
c:\windows\z5b9addware75.cpl
c:\windows\z6458tro95fc.ocx
c:\windows\z6549spyee.dll
c:\windows\z677ste5l12819.exe
c:\windows\z6955spy157.ocx
c:\windows\z785t9i5f2577.ocx
c:\windows\z7997worm68f5.exe
c:\windows\z817threat59974.cpl
c:\windows\z8558hacktoo95c.ocx
c:\windows\z857tr9j15d.bin
c:\windows\z89305py91d.exe
c:\windows\z906thre5t28205.ocx
c:\windows\z951threa5952.exe
c:\windows\z9e9stea5652.ocx
c:\windows\z9parse3475.dll
c:\windows\za19s5yware1225.dll
c:\windows\za9ev5r597.ocx
c:\windows\zdb95hreat23937.exe
c:\windows\zf8ad5ware2990.bin
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 00:08 . 2009-06-04 00:09 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot
2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro
2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-03 00:02 . 2009-06-03 00:02 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-06-01 23:57 . 2009-06-01 23:57 10684866 ----a-w- c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-24 23:02 . 2009-06-03 00:07 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Azureus
2009-05-24 22:59 . 2009-05-24 23:08 -------- d-----w- c:\program files\Vuze
2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer
2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe
2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2
2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU
2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe
2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient
2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla
2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe
2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe
2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 00:37 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 00:35 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 00:35 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 00:35 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 00:35 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat
2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0
2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks
2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX
2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX
2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll
2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java
2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll
2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe
2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll
2007-11-14 22:10 . 2007-11-14 03:16 24 -csh--w- c:\windows\SAE0A6F7D.tmp
2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys
2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/2/2008 8:33 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://imvu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://imvu.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-04 21:04
ComboFix-quarantined-files.txt 2009-06-04 01:03

Pre-Run: 21,312,040,960 bytes free
Post-Run: 21,868,310,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

920 --- E O F --- 2009-06-03 23:54

Hello.

I see you have Viewpoint software installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: here and here

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint Manager (remove only)
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\tempo-setup2.exe
c:\windows\SAE0A6F7D.tmp

Folder::
c:\documents and settings\Candi Drop\Application Data\Azureus
c:\program files\Vuze
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-03.01 - Candi Drop 06/03/2009 21:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.119 [GMT -4:00]
Running from: c:\documents and settings\Candi Drop\My Documents\My Videos\Combo-Fix.exe
Command switches used :: c:\documents and settings\Candi Drop\My Documents\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\SAE0A6F7D.tmp"
"c:\windows\system32\tempo-setup2.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Candi Drop\Application Data\Azureus
c:\documents and settings\Candi Drop\Application Data\Azureus\.certs
c:\documents and settings\Candi Drop\Application Data\Azureus\.keystore
c:\documents and settings\Candi Drop\Application Data\Azureus\.lock
c:\documents and settings\Candi Drop\Application Data\Azureus\active\0A0B6EAAD77C0CDF31DF350E5253887564366881.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\active\0A0B6EAAD77C0CDF31DF350E5253887564366881.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\active\FE646CAF4CF1F5F159AD13AB54EFD5802319A55B.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\active\FE646CAF4CF1F5F159AD13AB54EFD5802319A55B.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.config
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.statistics
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\cnetworks.config
c:\documents and settings\Candi Drop\Application Data\Azureus\devices.config
c:\documents and settings\Candi Drop\Application Data\Azureus\devices.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\general.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\version.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\downloads.config
c:\documents and settings\Candi Drop\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\friends.config
c:\documents and settings\Candi Drop\Application Data\Azureus\friends.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Devices_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\metasearch.config
c:\documents and settings\Candi Drop\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\net\pm_22773.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\azump_1.3.jar
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\azump_1.3.zip
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer.exe
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer\config
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Candi Drop\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\400B09C6BFC041C77125.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\87E23B1872099785E348.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\FDA6C9DF3B7E1F2FABB6.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subscriptions.config
c:\documents and settings\Candi Drop\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\tables.config
c:\documents and settings\Candi Drop\Application Data\Azureus\tables.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\timingstats.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU107787296963972247.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU1529233668609806418.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU214149684569347568.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU2514381345798138013.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU275085248884005532.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU4233609604609371708.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU5245277886146964402.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU5389728241646696845.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6082309576462123970.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6243922447146768488.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6283595954165585738.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7536209642271768462.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7568853768625403076.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7859733689560533652.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU8368403792997730814.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU8520211911358395100.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU5962977002979067292.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU6785125243215119707.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU7122738622163932536.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\He's_Just_Not_That_Into_You_[2009]_DvdRip_XviD-aXXo.torrent
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\Terminator Salvation (2009) !DVDRip XviD - aXXo.torrent

c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config
c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config
c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\update.log
c:\documents and settings\Candi Drop\Application Data\Azureus\update.properties
c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config.bak
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Log\2009 Jun 03 - 08_08_57 PM_375.log
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\rs.dat
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Settings\ScanResults.pie
c:\windows\SAE0A6F7D.tmp
c:\windows\system32\tempo-setup2.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro
2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer
2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe
2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2
2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU
2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe
2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient
2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla
2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe
2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe
2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 01:32 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 01:31 . 2006-10-21 16:27 -------- d-----w- c:\program files\Viewpoint
2009-06-04 01:30 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 01:30 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 01:30 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 01:30 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-04 01:18 . 2006-10-21 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat
2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0
2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks
2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX
2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX
2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll
2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java
2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll
2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe
2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll
2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys
2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_00.58.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_388.dat
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_32c.dat
- 2009-06-02 22:18 . 2009-06-02 22:18 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://imvu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://imvu.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Connect 2\wmccds.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-04 21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 01:38
ComboFix2.txt 2009-06-04 01:04

Pre-Run: 21,894,123,520 bytes free
Post-Run: 21,910,466,560 bytes free

299 --- E O F --- 2009-06-03 23:54

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

ok i got it..... everything seems to be running great... plus the viewpoint thing was great idea... i didn't know what it was for and wasn't sure if i should remove it or not. so thanks for the heads up on that... I'm trying to get rid of some of the things i don't need. lol thankyou agian. you guys are very good at this.... i'll have to slide you guys a little something sometime.