I'm another victim of winblue

so.......... what now

Please do not keep Bumping your topic as you are not the only one that needs help,

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKCU\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe
  O8 - Extra context menu item: &Search - ?p=ZJxdm088YYUS
  O15 - Trusted Zone: *.moove.com
  O20 - AppInit_DLLs: blocker.dll
  O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-06-03.01 - Candi Drop 06/03/2009 20:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.144 [GMT -4:00]
Running from: c:\documents and settings\Candi Drop\My Documents\My Videos\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\101zt9ief5830.ocx
c:\windows\105659roz1d4.ocx
c:\windows\1058spzmbot6359.ocx
c:\windows\10875zackto9l7765.exe
c:\windows\10z85hackt5o989.dll
c:\windows\1126459t-a-virus5z.cpl
c:\windows\1145thzeat26998.bin
c:\windows\115159cktool680z.ocx
c:\windows\1206zwo9m555.cpl
c:\windows\12170zpy5d09.cpl
c:\windows\122459orm52z.cpl
c:\windows\12479not5a-zirus635.bin
c:\windows\1274295oj43z.dll
c:\windows\12775viru941z.cpl
c:\windows\12968ha9k5zol173.dll
c:\windows\129ca5dware15z0.exe
c:\windows\131329zrus995.cpl
c:\windows\13273s95z5a.exe
c:\windows\13289hackto5lz2c.ocx
c:\windows\13439vi9uz3595.cpl
c:\windows\13566h5cktoo91acz.bin
c:\windows\13577spzmbo9255.dll
c:\windows\13596not-5-virus4e6z.cpl
c:\windows\138zthr9at9523.dll
c:\windows\14189virusz9d5.ocx
c:\windows\14235not-az5iru9712.ocx
c:\windows\142zv9r5s587.ocx
c:\windows\14320vi59z496.exe
c:\windows\143z7not5a-viru95b8.ocx
c:\windows\14417hackto9524z.cpl
c:\windows\14595pa9bot39z.exe
c:\windows\14598virzs359.exe
c:\windows\14902ha9ktzol58.ocx
c:\windows\1510hackt9ol6adz.bin
c:\windows\151719pyz5e.dll

c:\windows\151719pyz5e.dll
c:\windows\15290virusz5e.ocx
c:\windows\155bbaczdoor50569.bin
c:\windows\155zsparse2992.bin
c:\windows\15639hzc9tool5e9.bin
c:\windows\157z0s5amb9t21e.dll
c:\windows\15f8ad5wzre978.bin
c:\windows\15z8addware693.dll
c:\windows\16256not5a-virus9z8.cpl
c:\windows\16a0downloade9255z.bin
c:\windows\16bzthief26159.dll
c:\windows\17193zo5-a-9irus1b5.ocx
c:\windows\1720spy9a5e303z.bin
c:\windows\175zvir1279.bin
c:\windows\17673hazkt9ol185.exe
c:\windows\17802hackt5oz9f5.bin
c:\windows\1802spyzare2598.dll
c:\windows\1829s5eal1z14.ocx
c:\windows\1859backzoor1054.dll
c:\windows\185z6wo9m678.ocx
c:\windows\18862not-azvirus2f95.dll
c:\windows\1887n9t-a-5irzs70b.cpl
c:\windows\189025zy3be.dll
c:\windows\189959py5bz.ocx
c:\windows\18z49viru539a.bin
c:\windows\190299ackzool2c5.dll
c:\windows\191145orz9cb.ocx
c:\windows\19215zpambot3df.ocx
c:\windows\19415vizus6cc.ocx
c:\windows\198z05pambot19f.bin
c:\windows\1997downzoader5695.dll
c:\windows\19dzth5eat20845.bin
c:\windows\19f35ir1z92.bin
c:\windows\19f9addwa5z2573.dll
c:\windows\19z83hackt5ol169.bin
c:\windows\1a56zte9l1125.ocx
c:\windows\1ac4ba9kdoor235z.ocx
c:\windows\1b509pzrs51822.cpl
c:\windows\1d399parse85z.exe
c:\windows\1e90backdo9r5z21.bin
c:\windows\1z586spy25c9.ocx
c:\windows\1zd8spa9se1756.dll
c:\windows\205fbackdooz26899.dll
c:\windows\21829hackto5l1z4.bin
c:\windows\21954not5a-virus45z.exe
c:\windows\21z1t9ief575.exe
c:\windows\21z61sp5mbot697.dll
c:\windows\227359za5bot6f1.dll
c:\windows\23388hack5oo94dz.ocx
c:\windows\23391spambz54a9.dll
c:\windows\235015or91z5.ocx
c:\windows\2361z9ot-a-virus595.bin
c:\windows\23885viz9s1e3.ocx
c:\windows\239szarse885.bin
c:\windows\241zs5y933.exe
c:\windows\2424ste9l25z9.dll
c:\windows\24575vzrus6b69.dll
c:\windows\24854zp5mbot99.bin
c:\windows\24959spambot2zd9.cpl
c:\windows\2495tro97z2.exe
c:\windows\24z745iru930e.dll
c:\windows\2525d5wnlz9der452.bin
c:\windows\252fthrzat195.exe
c:\windows\25385vi9zs45c5.exe
c:\windows\253z9hief3185.bin
c:\windows\25557v9r5s6za.exe
c:\windows\25727zi9us1a5.bin
c:\windows\25891sza59ot1b7.ocx
c:\windows\25c2spa9ze2798.bin
c:\windows\26459troj5z.bin
c:\windows\265649pa5botz9.dll
c:\windows\265775pamboz2e9.exe
c:\windows\265vi93176z.cpl
c:\windows\26841zir9s7a45.bin
c:\windows\26902notza-viru592a.exe
c:\windows\27215worm39z.ocx
c:\windows\272379o5m466z.cpl
c:\windows\27245hazktool949.cpl
c:\windows\27556not9a-zirus6df.exe
c:\windows\2791znot-a-vi5us72f.cpl
c:\windows\27fzown95ader1912.ocx
c:\windows\28457hackt9oz756.cpl
c:\windows\2845z9roj5615.exe
c:\windows\28c8d9wzload5r2580.bin
c:\windows\29045h5cktzol1019.cpl
c:\windows\29557worm6ze.exe
c:\windows\29589zpy44d.ocx
c:\windows\29671spy675z.dll
c:\windows\2980ztro5522.bin
c:\windows\299565r9jza7.cpl
c:\windows\29b8ad5ware1z089.dll
c:\windows\29czt9ief3259.exe
c:\windows\29f3dzwnloa9er9125.ocx
c:\windows\29z06vir9s7f35.exe
c:\windows\29z1v5r580.exe
c:\windows\2z40n5t9a-virus414.ocx
c:\windows\2z540vi9us14e.dll
c:\windows\2z671w9rm56c.exe
c:\windows\2z6asparse2395.exe
c:\windows\2z9115orm384.bin
c:\windows\2z995spambot70f.dll
c:\windows\3009virzs56b9.exe
c:\windows\3032ad5war9z401.dll
c:\windows\30549ir2337z.ocx
c:\windows\308529orz315.exe
c:\windows\3155ha9ktool2z5.exe
c:\windows\318445zambot3b99.dll
c:\windows\3275zs9y5d5.dll
c:\windows\3326ha5ktool5z9.bin
c:\windows\340295zeat10341.exe
c:\windows\3412th9eaz67295.bin
c:\windows\3452add9arez014.dll
c:\windows\3456sz9mbot35.exe
c:\windows\352faddware199z.bin
c:\windows\35a8spyzar93226.bin
c:\windows\365dsparsz1529.dll
c:\windows\3695hackt9zl28a.ocx
c:\windows\37529ir92z.exe
c:\windows\3842h9cktoo57z8.bin
c:\windows\38zabackdoo95183.dll
c:\windows\3953virzs946.bin
c:\windows\39575a9kdooz1664.cpl
c:\windows\39585tzoj659.ocx
c:\windows\3992spyzare2519.ocx
c:\windows\39d95ackdoor1759z.ocx
c:\windows\39f5thizf2971.dll
c:\windows\39fe9p5zare178.dll
c:\windows\3a55s9ezl509.cpl
c:\windows\3b6cba9kdoor17z35.bin
c:\windows\3e409parsez525.ocx
c:\windows\3f25back9ozr2350.exe
c:\windows\3f9eaddz5re1450.cpl
c:\windows\3fz5addware5119.ocx
c:\windows\3z35spywa9e595.cpl
c:\windows\3z574w9rm2e5.bin
c:\windows\406bbackdzor19985.dll
c:\windows\411cthz9f2258.ocx
c:\windows\42055a9ktool7d9z.cpl
c:\windows\42z7ad9ware2157.dll
c:\windows\43best9zl19105.bin
c:\windows\4558spzmbo972c5.exe

c:\windows\4574zpy69f9.cpl
c:\windows\4712z5ambot907.exe
c:\windows\4759s5arse2658z.ocx
c:\windows\4a2ethr9zt15832.cpl
c:\windows\4c69tzie52979.bin
c:\windows\4cds5ea92z06.bin
c:\windows\4d4zt5rea915733.dll
c:\windows\4e05iz915.exe
c:\windows\4e53downlozder53599.cpl
c:\windows\4e73zddw9re935.dll
c:\windows\4efzbac5door1914.dll
c:\windows\4ezfspar952366.bin
c:\windows\4f53tz5ef1929.ocx
c:\windows\4f7ebackdz9r1459.bin
c:\windows\4z3aa59ware1367.dll
c:\windows\4zbdownload5r957.ocx
c:\windows\501e9dd5zre1539.cpl
c:\windows\5085v5ruz349.bin
c:\windows\515z7spy6a9.ocx
c:\windows\51c9zir852.bin
c:\windows\51z7t9reat192685.exe
c:\windows\52756viru95z3.dll
c:\windows\52z9thie51981.exe
c:\windows\530z5i988.bin
c:\windows\5340down9oade52968z.dll
c:\windows\5388no5-a-vzrus2d9.exe
c:\windows\542cthi9z5315.dll
c:\windows\5449wo9m3az.ocx
c:\windows\5454thie9z69.dll
c:\windows\54908spz4ea.bin
c:\windows\54bc9ddzare1871.ocx
c:\windows\5555z5y6799.cpl
c:\windows\55e2sp9rsz3597.bin
c:\windows\55zfaddware1519.bin
c:\windows\5674a9dw5rz2245.exe
c:\windows\5681wo5z359.dll
c:\windows\56e9spzrse2959.exe
c:\windows\572dtzi9f3086.dll
c:\windows\57703worm39z.exe
c:\windows\579dth9efz955.bin
c:\windows\5859add9arz1514.exe
c:\windows\58919teaz2095.dll
c:\windows\5901st5zl1686.cpl
c:\windows\59267t9oj5c6z.ocx
c:\windows\592bthreat5z54.dll
c:\windows\5933wor5350z.bin
c:\windows\595ad5wzloader652.dll
c:\windows\59859te5l2478z.dll
c:\windows\59939ot-a-zir5sce.ocx
c:\windows\59z9troj280.cpl
c:\windows\5a56tz5ef931.ocx
c:\windows\5a9aazdware2137.dll
c:\windows\5abasza9se29635.exe
c:\windows\5c1dz5r27139.ocx
c:\windows\5cdcthrzat9899.exe
c:\windows\5d9fstealz98.bin
c:\windows\5ddaspywarz4159.exe
c:\windows\5ea5backdo5rz6689.cpl
c:\windows\5f3e95ywaze923.dll
c:\windows\5ff2ad59zre1132.cpl
c:\windows\5z56w9rm146.bin
c:\windows\5z6thief159.dll
c:\windows\5z75thief31479.bin
c:\windows\5z90t5ief2241.exe
c:\windows\5zafaddw9re1820.cpl
c:\windows\5zcet59ef631.ocx
c:\windows\6025spywar9z903.cpl
c:\windows\611notza-9irus575.exe
c:\windows\626fthrezt582109.ocx
c:\windows\63a59zdware2539.cpl
c:\windows\6505back9oor1z78.cpl
c:\windows\65z0thief31049.bin
c:\windows\66999d5waze680.dll
c:\windows\6785szyware9623.exe
c:\windows\67d5sp9rsez085.ocx
c:\windows\683z9a5kdoor201.cpl
c:\windows\6915steal965z.exe
c:\windows\6941ad9waze2159.bin
c:\windows\695ztroj9c3.bin
c:\windows\6962th5ef272z.cpl
c:\windows\696s5y234z.dll
c:\windows\6a0b5tez93158.bin
c:\windows\6a50spyw9ze3003.exe
c:\windows\6aafthzeat958935.ocx
c:\windows\6czthief20259.exe
c:\windows\6dbzthrea952458.bin
c:\windows\6e15threaz92500.exe
c:\windows\6f29a9dwarz525.dll
c:\windows\6z24tro919c5.ocx
c:\windows\70035zr1893.dll
c:\windows\70389hie52076z.exe
c:\windows\7069viruz9855.exe
c:\windows\712f5par9z1186.dll
c:\windows\7195sz9ware173.exe
c:\windows\71aca95warz2864.cpl
c:\windows\71d9threat5z09.exe
c:\windows\7243zpyware15659.bin
c:\windows\7255no5-a-virus5ze9.bin
c:\windows\7255t9oz225.exe
c:\windows\738zt5re9t10057.ocx
c:\windows\740d59eal51z.dll
c:\windows\7476s5zware9600.dll
c:\windows\7520tzo93f6.ocx
c:\windows\75vir19z.exe
c:\windows\760ebackdozr915.bin
c:\windows\7895z5915c.cpl
c:\windows\7936vir1295z.bin
c:\windows\7bb39h5ef1578z.cpl
c:\windows\7bbcba9kzoo52764.exe
c:\windows\7d575ownzoader25969.dll
c:\windows\7db5dzwnlo5der729.cpl
c:\windows\7dcza9dwar5606.bin
c:\windows\7dezste5l8489.ocx
c:\windows\7z03steal3519.bin
c:\windows\7z95spambot157.ocx
c:\windows\8528hacktoo59z.dll
c:\windows\85449ot-a-zirus485.dll
c:\windows\8575spazb9t75.exe
c:\windows\8795vzr9s58.bin
c:\windows\8z49not-a-virus656.bin
c:\windows\90ezaddw5re1578.ocx
c:\windows\9100stzal2965.bin
c:\windows\9175sparse2972z.dll
c:\windows\9258spy78az.cpl
c:\windows\9268not-a-v9rus55bz.exe
c:\windows\926z8viru5200.bin
c:\windows\93491spy54z.dll
c:\windows\940backdoz5669.dll
c:\windows\949zhack9ool6705.cpl

c:\windows\951bazk95or2802.exe
c:\windows\955z6spy2335.bin
c:\windows\95706spy16z.exe
c:\windows\9649not-a-viru951fz.bin
c:\windows\96559wormz0b.bin
c:\windows\96bzparse27945.dll
c:\windows\982vi59s7z3.bin
c:\windows\98czthreat275355.exe
c:\windows\9a2z5ir1319.cpl
c:\windows\9adth5eaz5059.bin
c:\windows\9b25thzeat24564.dll
c:\windows\9b3cspar5e2z85.dll
c:\windows\9d1stezl5549.exe
c:\windows\9d20spar5e10z7.cpl
c:\windows\9ezi51103.bin
c:\windows\9z60downl5ader190.bin
c:\windows\9zc6vir5795.exe
c:\windows\a61down5o9dzr1937.bin
c:\windows\bd0thief2z519.exe
c:\windows\bz7sp9rse59.dll
c:\windows\dzfad5ware28799.exe
c:\windows\e375hief19z9.cpl
c:\windows\e85backdozr997.bin
c:\windows\f41spyw9re256z.ocx
c:\windows\f925teal1z77.exe
c:\windows\fa9st5az2122.bin
c:\windows\IE4 Error Log.txt
c:\windows\system32\10249wzrm4d65.dll
c:\windows\system32\1039zhief519.ocx
c:\windows\system32\11464spambz539b.cpl
c:\windows\system32\115255pambot2z9.cpl
c:\windows\system32\11585troz309.cpl
c:\windows\system32\115spzm9ot7af5.exe
c:\windows\system32\11652spambot695z.dll
c:\windows\system32\11693spy5za.cpl
c:\windows\system32\11811s5z9d4.cpl
c:\windows\system32\120zth5e92550.dll
c:\windows\system32\1239z5pambot58.bin
c:\windows\system32\1265tr9z699.bin
c:\windows\system32\1327tro9z05.bin
c:\windows\system32\13497szamb5966f.exe
c:\windows\system32\13909spam5zt31b.exe
c:\windows\system32\13a5baczdoor2999.exe
c:\windows\system32\14406hackt5z9174.exe
c:\windows\system32\1451backdoor29z9.bin
c:\windows\system32\14598s5ambzt95.exe
c:\windows\system32\146z0hack5oo9399.bin
c:\windows\system32\14f6bz95door649.ocx
c:\windows\system32\1509hackzoole59.ocx
c:\windows\system32\15495not5azvirus19a.cpl
c:\windows\system32\15574worm9zb.bin
c:\windows\system32\15594zroj9ea.bin
c:\windows\system32\15951tzoj6f5.dll
c:\windows\system32\15976wzr57b1.dll
c:\windows\system32\15a2thz9at21507.bin
c:\windows\system32\15z859orm95.bin
c:\windows\system32\15z8t9reat16335.cpl
c:\windows\system32\16575trz950c.dll
c:\windows\system32\1687sp9mbztee5.dll
c:\windows\system32\16995not-5-zirus793.dll
c:\windows\system32\175529zrm46d.dll
c:\windows\system32\17f5addza9e5673.exe
c:\windows\system32\17f85pyw9ze2729.bin
c:\windows\system32\17z23not-95virus7c3.cpl
c:\windows\system32\180759pambot359z.bin
c:\windows\system32\188z1h5cktool2df9.dll
c:\windows\system32\18999trojz5.bin
c:\windows\system32\18zds59rse276.dll
c:\windows\system32\19033spzm5ot4c9.dll
c:\windows\system32\19033zirus4185.exe
c:\windows\system32\19056vzru9604.cpl
c:\windows\system32\19098z9rus1e85.exe
c:\windows\system32\19385zorm3c59.bin
c:\windows\system32\19398spambo9325z.bin
c:\windows\system32\19553vi5us5za.dll
c:\windows\system32\1959zvirus391.exe
c:\windows\system32\19839zorm556.bin
c:\windows\system32\19845no5-a-v9rus61z.ocx
c:\windows\system32\1990addw5re6z3.ocx
c:\windows\system32\1995spzmbot6f5.bin
c:\windows\system32\199z8spy57.bin
c:\windows\system32\19c2d9wnlzad5r2192.ocx
c:\windows\system32\1c47z5eal9659.exe
c:\windows\system32\1d1ezpyware20569.ocx
c:\windows\system32\1z102spy5559.ocx
c:\windows\system32\1z114vir9s70f5.exe
c:\windows\system32\1za9s5e9l2725.bin
c:\windows\system32\20296hack9oolz5.dll
c:\windows\system32\20449vir5s7cz.cpl
c:\windows\system32\20456zot-a-vi5u97e1.exe
c:\windows\system32\20512trzj913.cpl
c:\windows\system32\209935rojzd9.dll
c:\windows\system32\209z1spamb9t258.dll
c:\windows\system32\21542spzmbo9460.exe
c:\windows\system32\219cthre5t2606z.exe
c:\windows\system32\21c7s9y5are2548z.ocx
c:\windows\system32\22883s5ambot13z9.dll
c:\windows\system32\23256hackzool9b8.bin
c:\windows\system32\2352zhackt59l7c4.cpl
c:\windows\system32\23837zack5o9l779.exe
c:\windows\system32\23978not-5-vizu9138.exe
c:\windows\system32\239bspz5se31839.cpl
c:\windows\system32\2519hac5tzol69d.ocx
c:\windows\system32\25252w9rm35z.ocx
c:\windows\system32\2529szeal1171.dll
c:\windows\system32\25323z9oj5a9.bin
c:\windows\system32\253z5worm9d.dll
c:\windows\system32\255239orm5az.exe
c:\windows\system32\25587sp9mzot775.exe
c:\windows\system32\255athzef27945.bin
c:\windows\system32\25688s5ambo97c4z.ocx
c:\windows\system32\25732tzo9791.cpl
c:\windows\system32\2576zhack59ol7d3.ocx
c:\windows\system32\2590659t-a-virus5z4.dll
c:\windows\system32\2592th5zf66.exe
c:\windows\system32\25963hack5z9l5bc.bin
c:\windows\system32\259d9teal25z8.dll
c:\windows\system32\259dthief972z.bin
c:\windows\system32\25a0spyzare931.exe
c:\windows\system32\26059zp559.exe
c:\windows\system32\26872spy935z.exe
c:\windows\system32\26902spamboz159.dll
c:\windows\system32\26930tro5290z.bin
c:\windows\system32\26azdwa5e23969.cpl
c:\windows\system32\26bsp9warez53.cpl
c:\windows\system32\26d5thief597z.dll
c:\windows\system32\26z9vir3581.bin
c:\windows\system32\2719addwzre29015.dll
c:\windows\system32\275e5tezl1190.exe
c:\windows\system32\2799stzal5095.exe
c:\windows\system32\27c1bzckd5or9196.ocx
c:\windows\system32\27e4sz5rse9250.cpl
c:\windows\system32\2813995y5zc.cpl
c:\windows\system32\2830spzr5e7729.dll
c:\windows\system32\28395spz749.cpl
c:\windows\system32\286z595y25c.bin
c:\windows\system32\28813hzck59ol1db.bin
c:\windows\system32\289009zambot526.cpl
c:\windows\system32\28956not-a-viruz5b9.dll
c:\windows\system32\29098not-a-vir5z77b.cpl
c:\windows\system32\292th9eat52947z.bin
c:\windows\system32\29376ha9ktozl356.exe
c:\windows\system32\294735py2f2z.dll
c:\windows\system32\2955spzware1977.exe
c:\windows\system32\295zdownloader79.bin
c:\windows\system32\298zspy5ar91242.ocx
c:\windows\system32\2a585dd9are3116z.ocx
c:\windows\system32\2aes9ars53z72.dll
c:\windows\system32\2af85ac9dooz1981.dll
c:\windows\system32\2d79th5ef20z9.dll
c:\windows\system32\2e50addwaze5029.cpl
c:\windows\system32\2z045ir890.bin
c:\windows\system32\2z088spamb5t980.cpl
c:\windows\system32\2z4th95at15381.exe
c:\windows\system32\2z8775ot-a-9irus5e6.ocx
c:\windows\system32\30169v9zus3c65.dll
c:\windows\system32\30594v5rus73z.bin
c:\windows\system32\30794s5ambot51z9.cpl
c:\windows\system32\31594t9oj7e5z.ocx
c:\windows\system32\31627z9ambot4dd5.dll
c:\windows\system32\31644v5rzs692.ocx
c:\windows\system32\32299trz5533.cpl
c:\windows\system32\329115irus5z1.dll
c:\windows\system32\3294sz9ware1650.exe
c:\windows\system32\34c8z5reat210689.cpl
c:\windows\system32\351zhackto9l578.ocx
c:\windows\system32\35409spy42z.dll
c:\windows\system32\355a5tealz6559.cpl
c:\windows\system32\35930zirus407.cpl
c:\windows\system32\3595thrzat155515.ocx
c:\windows\system32\35dfsparze9924.bin
c:\windows\system32\35zdbackdoor2996.exe
c:\windows\system32\3607zr95734.ocx
c:\windows\system32\367ebackd5or196z.bin
c:\windows\system32\37zcspywar932595.cpl
c:\windows\system32\38979ac5zoor402.bin
c:\windows\system32\3960tzre9t56352.exe
c:\windows\system32\39d7spywa5e57z.dll
c:\windows\system32\3a8zs95al1894.bin
c:\windows\system32\3aza9pyware5706.ocx
c:\windows\system32\3bbdt9iez1159.cpl
c:\windows\system32\3c5adownloade51z99.ocx
c:\windows\system32\3ddds5ar9e315z.ocx
c:\windows\system32\3z175troj792.exe
c:\windows\system32\3z39troj4975.bin
c:\windows\system32\3z9steal19915.ocx
c:\windows\system32\40czdownloader2995.cpl
c:\windows\system32\4204th95f4z4.exe
c:\windows\system32\4289nzt5a-virus89.ocx
c:\windows\system32\42b9thief90z5.cpl
c:\windows\system32\43zro579d.ocx
c:\windows\system32\4501s9yw5ze3055.cpl
c:\windows\system32\4515o9nloader20z5.exe

c:\windows\system32\4520thie91542z.exe
c:\windows\system32\45d6th9ef898z.dll
c:\windows\system32\48135ownlz9der851.exe
c:\windows\system32\4897thiez2395.dll
c:\windows\system32\492add9az5546.bin
c:\windows\system32\4956zackdoor900.bin
c:\windows\system32\49c7bazkdo5r2914.dll
c:\windows\system32\4a5dsza9se1441.exe
c:\windows\system32\4b2ev59308z.exe
c:\windows\system32\4b82thre5t183z69.ocx
c:\windows\system32\4ba6d9wn5oader920z.cpl
c:\windows\system32\4ca2thie95094z.bin
c:\windows\system32\4cdzaddwar9750.cpl
c:\windows\system32\4f18downloa9er242z5.cpl
c:\windows\system32\4f8fthizf9520.ocx
c:\windows\system32\4z47s9ambot295.ocx
c:\windows\system32\4z999ir2546.cpl
c:\windows\system32\50275hrzat9089.bin
c:\windows\system32\5043downloazer8899.cpl
c:\windows\system32\5054zv9rus164.dll
c:\windows\system32\5063zir494.bin
c:\windows\system32\50ee9irz3.ocx
c:\windows\system32\51083hackzool58f9.exe
c:\windows\system32\5135t5rzat9595.exe
c:\windows\system32\513z7troj19f9.cpl
c:\windows\system32\51425viru9z2b.dll
c:\windows\system32\519zv591008.ocx
c:\windows\system32\536bac9zoor1100.exe
c:\windows\system32\539zvi52331.ocx
c:\windows\system32\53e8stezl2985.cpl
c:\windows\system32\549notza-virus48e.dll
c:\windows\system32\5509z9rm1b5.exe
c:\windows\system32\550c9hr5at304z6.dll
c:\windows\system32\5526ste9l211z.dll
c:\windows\system32\5529irz222.cpl
c:\windows\system32\5546downlozder2395.dll
c:\windows\system32\554addwaze24999.bin
c:\windows\system32\5550v5ruz3259.bin
c:\windows\system32\558hazktoo92d9.ocx
c:\windows\system32\558zhacktool926.cpl
c:\windows\system32\5594s5ar9e73z.exe
c:\windows\system32\56bba9dzare755.exe
c:\windows\system32\57099oznload5r2904.bin
c:\windows\system32\5780not-a-vi9us109z.ocx
c:\windows\system32\57z55py596.exe
c:\windows\system32\5839threat115z.dll
c:\windows\system32\589b9ckdooz126.dll
c:\windows\system32\58e9z5eal731.ocx
c:\windows\system32\58z65ir31659.cpl
c:\windows\system32\5919threat10251z.dll
c:\windows\system32\5938trzj5915.cpl
c:\windows\system32\594fvi5z87.bin
c:\windows\system32\596athief103z.ocx
c:\windows\system32\59c5vir118z.bin
c:\windows\system32\59despa9se51z5.ocx
c:\windows\system32\5a0zd59nloader625.cpl
c:\windows\system32\5az49hreat9019.dll
c:\windows\system32\5azddware1892.ocx
c:\windows\system32\5b6cbackdooz5983.cpl
c:\windows\system32\5c8fbackd5or15z9.ocx
c:\windows\system32\5c98sparse149z.exe
c:\windows\system32\5ce45tz9l2580.exe
c:\windows\system32\5ce7s5ywaze259.ocx
c:\windows\system32\5cf5downloadzr28829.cpl
c:\windows\system32\5d4zack9o5r1199.ocx
c:\windows\system32\5e09s5yware31z4.dll
c:\windows\system32\5ed8sparse295z.cpl
c:\windows\system32\5efbthreaz91775.cpl
c:\windows\system32\5f50vzr9357.ocx
c:\windows\system32\5f52add9are14z5.ocx
c:\windows\system32\5f5zspywar92394.ocx
c:\windows\system32\5f6downloazer16789.dll
c:\windows\system32\5fz5sp9rse512.bin
c:\windows\system32\5z289acktool60.cpl
c:\windows\system32\5z35t9reat57142.dll
c:\windows\system32\5z67sparse1095.dll
c:\windows\system32\5z98vir3515.dll
c:\windows\system32\5ze2th5eat19378.exe
c:\windows\system32\603zsparse9205.bin
c:\windows\system32\6055steal1289z.dll
c:\windows\system32\6092sparse2539z.dll
c:\windows\system32\61629azkdoor565.dll
c:\windows\system32\635dthrz9t27366.exe
c:\windows\system32\639bdow5zoader1599.bin
c:\windows\system32\6511spy9are538z.bin
c:\windows\system32\6529thief316z.bin
c:\windows\system32\655backdozr3902.bin
c:\windows\system32\655zspyware194.dll
c:\windows\system32\65b5addwzre960.ocx
c:\windows\system32\6695spamb9t8z.ocx
c:\windows\system32\67179parse235z.ocx
c:\windows\system32\6753hacztoo92b2.ocx
c:\windows\system32\67939hr5at54z.cpl
c:\windows\system32\6985th9eat56261z.dll
c:\windows\system32\69c6d5wnloaderz50.dll
c:\windows\system32\6az95hreat19828.dll
c:\windows\system32\6c15st9az944.bin
c:\windows\system32\6c7ds5ar9e510z.ocx
c:\windows\system32\6d3fste9l5z9.cpl
c:\windows\system32\6e9azddware505.bin
c:\windows\system32\6f29downloader594z.bin
c:\windows\system32\6z495i92856.dll
c:\windows\system32\6z63s5eal9979.cpl
c:\windows\system32\6z81thi59871.ocx
c:\windows\system32\7059za5kdoor2725.bin
c:\windows\system32\705bbz5kd9or286.ocx
c:\windows\system32\71159teaz1865.dll
c:\windows\system32\714addwa5e93z1.dll
c:\windows\system32\715fad9waze3044.dll
c:\windows\system32\7345addw9rez895.ocx
c:\windows\system32\73z4sp5rse21509.bin
c:\windows\system32\7495zi5us30c9.bin
c:\windows\system32\749d9ir2z965.bin
c:\windows\system32\751cdownloaze93145.bin
c:\windows\system32\7549virzs7f15.exe
c:\windows\system32\7557downloadzr59.exe
c:\windows\system32\75zesp9rse5148.cpl
c:\windows\system32\7607a9dw5re249z.bin
c:\windows\system32\765dbackdooz2909.exe
c:\windows\system32\765troz3c9.dll
c:\windows\system32\77ddadd9are1591z.dll
c:\windows\system32\77eb9ckdooz1253.exe
c:\windows\system32\79a8threat5z089.ocx
c:\windows\system32\79e3spazse39275.bin
c:\windows\system32\79f8downzoader2915.bin
c:\windows\system32\7acadowzloade915805.ocx
c:\windows\system32\7ad9th9eatz6705.exe
c:\windows\system32\7b9zth5eat7678.bin
c:\windows\system32\7bbspa9se3z75.bin
c:\windows\system32\7c26threa97325z.ocx
c:\windows\system32\7c59zhreat11612.dll
c:\windows\system32\7fc5vi9768z.cpl
c:\windows\system32\7z619ir24295.dll
c:\windows\system32\7zf3addw9re26925.ocx
c:\windows\system32\885s9zm5ot1ad.ocx
c:\windows\system32\8915n9t-a-virus23cz.exe
c:\windows\system32\898zorm95.bin
c:\windows\system32\89bspy5arez94.dll
c:\windows\system32\8dfszywar59608.exe
c:\windows\system32\9099t59j73az.exe
c:\windows\system32\90c4thzef5765.bin
c:\windows\system32\9338not-a5vizus6af9.cpl
c:\windows\system32\9386zworm7045.ocx
c:\windows\system32\93eavir5980z.ocx
c:\windows\system32\947dback5oor1569z.exe
c:\windows\system32\9489addwar5360z.cpl
c:\windows\system32\94zevir5489.ocx
c:\windows\system32\952viz2879.dll
c:\windows\system32\9539zwo5m371.dll
c:\windows\system32\9542spy6z89.dll
c:\windows\system32\9557virzs1a5.exe
c:\windows\system32\957addz5re577.exe
c:\windows\system32\95z3spywar51329.ocx
c:\windows\system32\96azthief5588.exe
c:\windows\system32\9795spy2fz.exe
c:\windows\system32\9815szy335.exe
c:\windows\system32\985adownloader1978z.dll
c:\windows\system32\989bviz5985.exe
c:\windows\system32\98a5sp5zare2254.dll
c:\windows\system32\99211ha5ztool748.bin
c:\windows\system32\9929hackto5l2za.ocx
c:\windows\system32\993z5teal804.ocx
c:\windows\system32\9975troj7ze.cpl
c:\windows\system32\997backzoo95937.exe
c:\windows\system32\9beaadzware5237.ocx
c:\windows\system32\9befstzal2335.cpl
c:\windows\system32\9c2zsteal5450.ocx
c:\windows\system32\9cbe5ownloader126z.ocx
c:\windows\system32\9f01azdwar5676.dll
c:\windows\system32\9z856virus595.cpl
c:\windows\system32\9zfdow9loader85.exe
c:\windows\system32\b9f9azkdoo5958.cpl
c:\windows\system32\c50d5znloade92100.cpl
c:\windows\system32\drivers\I2220NTA.CAT
c:\windows\system32\drivers\I2220NTX.CAT
c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
c:\windows\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
c:\windows\system32\drivers\netag3n.cat
c:\windows\system32\drivers\tmimo3p.CAT
c:\windows\system32\e1dazd95re2646.exe
c:\windows\system32\z0075worm2b95.cpl
c:\windows\system32\z0419spambo52aa.ocx
c:\windows\system32\z10f5pyware8689.dll
c:\windows\system32\z1359spy595.dll
c:\windows\system32\z1a0s9eal15115.ocx
c:\windows\system32\z263ad5ware1093.cpl
c:\windows\system32\z276vi5us693.bin
c:\windows\system32\z2cfthi591317.dll
c:\windows\system32\z3579wo9m5265.bin
c:\windows\system32\z3bbvir5977.ocx
c:\windows\system32\z4055spambot9e65.exe
c:\windows\system32\z436spa9bot6e95.ocx
c:\windows\system32\z45129p521f.ocx
c:\windows\system32\z459addware3060.bin
c:\windows\system32\z4b7s9yware451.bin

c:\windows\system32\z5349vi5us42b.bin
c:\windows\system32\z5e0steal2952.exe
c:\windows\system32\z69bdownload5r716.bin
c:\windows\system32\z70bbackdoor6589.cpl
c:\windows\system32\z74295arse2345.exe
c:\windows\system32\z756hacktoo9b8.bin
c:\windows\system32\z897t5ief3099.dll
c:\windows\system32\z9dthr5at14421.dll
c:\windows\system32\z9fdsparse560.exe
c:\windows\system32\za5cspy9are884.bin
c:\windows\system32\zb5e9ir2179.cpl
c:\windows\system32\zb79t9reat12573.ocx
c:\windows\system32\zd51spy9are930.ocx
c:\windows\system32\ze57add5are896.cpl
c:\windows\system32\zf05sparse9394.exe
c:\windows\z0168worm45e9.bin
c:\windows\z035t9reat219575.dll
c:\windows\z051addware2149.ocx
c:\windows\z158spambot40a9.cpl
c:\windows\z1951w5rm748.ocx
c:\windows\z1d7addwa9e7195.exe
c:\windows\z2126spy9de5.dll
c:\windows\z2255r9j3a0.cpl
c:\windows\z3895wor54919.ocx
c:\windows\z492vir23125.bin
c:\windows\z495hacktool195.dll
c:\windows\z495vir1593.dll
c:\windows\z4a95hief1771.cpl
c:\windows\z4d5vir9079.bin
c:\windows\z595st9al589.ocx
c:\windows\z5b9addware75.cpl
c:\windows\z6458tro95fc.ocx
c:\windows\z6549spyee.dll
c:\windows\z677ste5l12819.exe
c:\windows\z6955spy157.ocx
c:\windows\z785t9i5f2577.ocx
c:\windows\z7997worm68f5.exe
c:\windows\z817threat59974.cpl
c:\windows\z8558hacktoo95c.ocx
c:\windows\z857tr9j15d.bin
c:\windows\z89305py91d.exe
c:\windows\z906thre5t28205.ocx
c:\windows\z951threa5952.exe
c:\windows\z9e9stea5652.ocx
c:\windows\z9parse3475.dll
c:\windows\za19s5yware1225.dll
c:\windows\za9ev5r597.ocx
c:\windows\zdb95hreat23937.exe
c:\windows\zf8ad5ware2990.bin
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 00:08 . 2009-06-04 00:09 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot
2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro
2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-03 00:02 . 2009-06-03 00:02 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-06-01 23:57 . 2009-06-01 23:57 10684866 ----a-w- c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-24 23:02 . 2009-06-03 00:07 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Azureus
2009-05-24 22:59 . 2009-05-24 23:08 -------- d-----w- c:\program files\Vuze
2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer
2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe
2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2
2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU
2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe
2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient
2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla
2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe
2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe
2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 00:37 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 00:35 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 00:35 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 00:35 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 00:35 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat
2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0
2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks
2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX
2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX
2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll
2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java
2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll
2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe
2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll
2007-11-14 22:10 . 2007-11-14 03:16 24 -csh--w- c:\windows\SAE0A6F7D.tmp
2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys
2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/2/2008 8:33 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://imvu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://imvu.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-04 21:04
ComboFix-quarantined-files.txt 2009-06-04 01:03

Pre-Run: 21,312,040,960 bytes free
Post-Run: 21,868,310,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

920 --- E O F --- 2009-06-03 23:54

Hello.

I see you have Viewpoint software installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: here and here

I suggest you remove the program now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint Manager (remove only)
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\tempo-setup2.exe
c:\windows\SAE0A6F7D.tmp

Folder::
c:\documents and settings\Candi Drop\Application Data\Azureus
c:\program files\Vuze
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-03.01 - Candi Drop 06/03/2009 21:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.119 [GMT -4:00]
Running from: c:\documents and settings\Candi Drop\My Documents\My Videos\Combo-Fix.exe
Command switches used :: c:\documents and settings\Candi Drop\My Documents\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\SAE0A6F7D.tmp"
"c:\windows\system32\tempo-setup2.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Candi Drop\Application Data\Azureus
c:\documents and settings\Candi Drop\Application Data\Azureus\.certs
c:\documents and settings\Candi Drop\Application Data\Azureus\.keystore
c:\documents and settings\Candi Drop\Application Data\Azureus\.lock
c:\documents and settings\Candi Drop\Application Data\Azureus\active\0A0B6EAAD77C0CDF31DF350E5253887564366881.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\active\0A0B6EAAD77C0CDF31DF350E5253887564366881.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\active\FE646CAF4CF1F5F159AD13AB54EFD5802319A55B.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\active\FE646CAF4CF1F5F159AD13AB54EFD5802319A55B.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.config
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.statistics
c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\cnetworks.config
c:\documents and settings\Candi Drop\Application Data\Azureus\devices.config
c:\documents and settings\Candi Drop\Application Data\Azureus\devices.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\general.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\dht\version.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\downloads.config
c:\documents and settings\Candi Drop\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\friends.config
c:\documents and settings\Candi Drop\Application Data\Azureus\friends.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Devices_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Candi Drop\Application Data\Azureus\metasearch.config
c:\documents and settings\Candi Drop\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\net\pm_22773.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\azump_1.3.jar
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\azump_1.3.zip
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer.exe
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer\config
c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Candi Drop\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\400B09C6BFC041C77125.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\87E23B1872099785E348.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subs\FDA6C9DF3B7E1F2FABB6.vuze
c:\documents and settings\Candi Drop\Application Data\Azureus\subscriptions.config
c:\documents and settings\Candi Drop\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\tables.config
c:\documents and settings\Candi Drop\Application Data\Azureus\tables.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\timingstats.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU107787296963972247.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU1529233668609806418.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU214149684569347568.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU2514381345798138013.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU275085248884005532.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU4233609604609371708.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU5245277886146964402.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU5389728241646696845.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6082309576462123970.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6243922447146768488.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6283595954165585738.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7536209642271768462.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7568853768625403076.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7859733689560533652.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU8368403792997730814.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU8520211911358395100.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU5962977002979067292.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU6785125243215119707.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU7122738622163932536.tmp
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\He's_Just_Not_That_Into_You_[2009]_DvdRip_XviD-aXXo.torrent
c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\Terminator Salvation (2009) !DVDRip XviD - aXXo.torrent

c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config
c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config
c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\update.log
c:\documents and settings\Candi Drop\Application Data\Azureus\update.properties
c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config.bak
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Log\2009 Jun 03 - 08_08_57 PM_375.log
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\rs.dat
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Settings\ScanResults.pie
c:\windows\SAE0A6F7D.tmp
c:\windows\system32\tempo-setup2.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro
2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer
2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe
2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2
2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU
2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe
2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient
2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla
2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe
2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe
2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 01:32 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 01:31 . 2006-10-21 16:27 -------- d-----w- c:\program files\Viewpoint
2009-06-04 01:30 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 01:30 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 01:30 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 01:30 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-04 01:18 . 2006-10-21 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat
2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0
2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks
2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX
2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX
2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll
2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java
2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll
2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe
2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll
2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys
2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_00.58.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_388.dat
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_32c.dat
- 2009-06-02 22:18 . 2009-06-02 22:18 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://imvu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://imvu.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Connect 2\wmccds.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-04 21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 01:38
ComboFix2.txt 2009-06-04 01:04

Pre-Run: 21,894,123,520 bytes free
Post-Run: 21,910,466,560 bytes free

299 --- E O F --- 2009-06-03 23:54

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

ok i got it..... everything seems to be running great... plus the viewpoint thing was great idea... i didn't know what it was for and wasn't sure if i should remove it or not. so thanks for the heads up on that... I'm trying to get rid of some of the things i don't need. lol thankyou agian. you guys are very good at this.... i'll have to slide you guys a little something sometime.