Wow it worked!! : ) Here is the combofix log:

ComboFix 08-09-16.05 - HP_Administrator 2008-09-17 22:51:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1555 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clrs.tmp
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@autos.yahoo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@circuitcity[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dynamic.fmpub[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg.allstate[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@free.weblol[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@local.yahoo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@my.clearchannelradio[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@personals.yahoo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pretty-teengirls[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@superstats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@teenpornboulevard[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@touchofteen[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.bestbuy[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@vendorweb.citibank[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@webmastersaught[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.teenie-models[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.vipeporn[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www35.vzw[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yahoo[2].txt
C:\WINDOWS\system32\clrs.tmp
C:\WINDOWS\system32\drvhive.ocx
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_DRIVER_INTERFACE
-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.

2008-09-17 22:47 . 2008-09-17 22:55 22 --a------ C:\WINDOWS\system32\ieupdts.zip
2008-09-16 23:18 . 2008-09-17 17:57 190,744 --a------ C:\WINDOWS\system32\install_en.exe
2008-09-16 23:02 . 2008-09-16 23:07 <DIR> d-------- C:\ComboFix
2008-09-14 17:21 . 2008-09-14 17:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-14 17:04 . 2008-09-14 21:58 <DIR> d-------- C:\SDFix
2008-09-12 22:23 . 2008-09-12 22:23 <DIR> d-------- C:\Program Files\ERUNT
2008-09-12 19:14 . 2008-09-12 19:14 <DIR> d-------- C:\rsit
2008-09-12 19:14 . 2008-09-12 22:31 <DIR> d-------- C:\Program Files\trend micro
2008-09-12 18:11 . 2008-09-12 18:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 18:11 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 11:36 . 2008-09-12 11:36 <DIR> d-------- C:\e53ff8b278f38c8df753e8c33cb2
2008-09-12 05:49 . 2008-09-17 17:46 50,176 --a------ C:\WINDOWS\system32\crscha.exe
2008-09-12 05:49 . 2008-09-17 17:56 24,576 --a------ C:\WINDOWS\system32\crashdll.dll
2008-09-12 05:49 . 2008-09-17 17:56 20 --a------ C:\WINDOWS\system32\crdon.tsp.b
2008-09-12 05:23 . 2008-09-12 05:42 18,944 --a------ C:\0xf9.exe
2008-09-09 18:07 . 2008-09-12 12:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 22:36 . 2008-09-03 22:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-09 22:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-06 20:54 --------- d-----w C:\Program Files\Google
2008-07-29 14:36 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-09-10 00:22 1,434 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-01 18:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-20 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-03-07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vmmreg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= 6806111511.CPX

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VIDEO]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R1 VIDEO;VIDEO;C:\WINDOWS\SYSTEM32\VIDEO.sys [2008-09-12 30464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 pfsvgae;pfsvgae;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pfsvgae.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} - %SystemRoot%\system32\vmmreg32.dll
HKCU-Run-msctrl.exe - C:\Program Files\Microsoft Security Adviser\msctrl.exe
HKCU-Run-msavsc.exe - C:\Program Files\Microsoft Security Adviser\msavsc.exe
HKCU-Run-msscan.exe - C:\Program Files\Microsoft Security Adviser\msscan.exe
HKCU-Run-msiemon.exe - C:\Program Files\Microsoft Security Adviser\msiemon.exe
HKCU-Run-msfw.exe - C:\Program Files\Microsoft Security Adviser\msfw.exe
HKCU-Run-mssadv.exe - (no file)
HKLM-Run-Windows Help Service - C:\WINDOWS\SYSTEM32\winhelp32.exe
HKLM-Run-<NO NAME> - (no file)
HKLM-Run-PCDrProfiler - (no file)
SharedTaskScheduler-{C5AF49A2-94F3-42BD-F234-3604812C897D} - (no file)
ShellExecuteHooks-{74633F37-CF9D-4EFD-B548-D847566866FC} - C:\WINDOWS\system32\geBqNGvV.dll
Notify-geBqNGvV - geBqNGvV.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.33.inf
C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.33.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 22:55:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\winhelp32.exe [3568] 0x89ABABC0

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\vmmreg32.dll 18944 bytes executable


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\crashdll.dll
.
Completion time: 2008-09-17 22:58:02
ComboFix-quarantined-files.txt 2008-09-18 02:56:59

Pre-Run: 248,263,135,232 bytes free
Post-Run: 248,259,485,696 bytes free

226 --- E O F --- 2008-09-10 07:01:04


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:18 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\SYSTEM32\crscha.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: myiebho - {7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} - %SystemRoot%\system32\vmmreg32.dll (file missing)
O4 - HKLM\..\Run: [Windows Help Service] C:\WINDOWS\SYSTEM32\winhelp32.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{CDF6B40B-8D47-4C4F-B5D0-69E05576CA80}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O20 - AppInit_DLLs: vmmreg32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8885 bytes

SDFix should work now.

Delete C:\SDFix, then

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

This post has been edited by SpySentinel: Sep 18 2008, 06:27 AM

This is all I got from the report...When it restarted the fixtool never ran again and the report did not pop up on the screen. Was I supposed to restart in safe mode or just let it go back to normal operations?

SDFix: Version 1.226
Run by HP_Administrator on Thu 09/18/2008 at 07:15 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

SilentBanker/PWS:Win32/Yaludle.A found!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux1"="wdmaud.drv"

Restoring aux1 registry value to wdmaud.drv


HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:28 PM, on 9/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\crscha.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: myiebho - {7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD} - %SystemRoot%\system32\vmmreg32.dll (file missing)
O4 - HKLM\..\Run: [Windows Help Service] C:\WINDOWS\SYSTEM32\winhelp32.exe
O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{CDF6B40B-8D47-4C4F-B5D0-69E05576CA80}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab
O20 - AppInit_DLLs: vmmreg32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8886 bytes

I also keep getting this error message:

---------------------------
Microsoft Visual C++ Runtime Library
---------------------------
Runtime Error!

Program: C:\WINDOWS\system32\install_en.exe


This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

---------------------------
OK
---------------------------

Hey, sorry for the delay. This should take care of this nasty infection:

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\ieupdts.zip
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as Combo-Fix.exe




Refering to the picture above, drag CFScript into Combo-Fix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

The ViriScan website does not seem to be working properly. I pasted and hit upload but then get error messages and a screen that says other users uploaded this file click "rescan" or "scan results" nothing about copying to clipboard. I hit scan results and the page goes blank. Do i just proceed with the combo fix step? Thanks

Yes, go ahead and proceed with the ComboFix step. We will deal with the VirScan issue later.

ComboFix 08-09-20.05 - HP_Administrator 2008-09-20 19:38:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1586 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\0xf9.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pfsvgae.sys
C:\WINDOWS\system32\crashdll.dll
C:\WINDOWS\system32\crdon.tsp.b
C:\WINDOWS\system32\crscha.exe
C:\WINDOWS\system32\install_en.exe


This is all I got after the reboot

Try Running ComboFix again

the same thing happened - I get the fatal exceptions and runtime error posted above each time it reboots after the scan

ComboFix 08-09-20.05 - HP_Administrator 2008-09-20 20:58:22.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1571 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\0xf9.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pfsvgae.sys
C:\WINDOWS\system32\crashdll.dll
C:\WINDOWS\system32\crdon.tsp.b
C:\WINDOWS\system32\crscha.exe
C:\WINDOWS\system32\install_en.exe

Try running ComboFix in Safe mode. If that does not work, then I have another plan of attack. We will get your computer cleaned, hang in there.

Great Idea it worked that time!


ComboFix 08-09-20.05 - HP_Administrator 2008-09-21 18:59:38.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1780 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt.txt

FILE ::
C:\0xf9.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pfsvgae.sys
C:\WINDOWS\system32\crashdll.dll
C:\WINDOWS\system32\crdon.tsp.b
C:\WINDOWS\system32\crscha.exe
C:\WINDOWS\system32\install_en.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clrs.tmp
C:\WINDOWS\system32\crashdll.dll
C:\WINDOWS\system32\crdon.tsp.b
C:\WINDOWS\system32\crscha.exe
C:\WINDOWS\system32\install_en.exe
C:\WINDOWS\system32\winhelp32.exe . . . . failed to delete
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[2].txt
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\WINDOWS\system32\clrs.tmp
C:\WINDOWS\system32\crashdll.dll
C:\WINDOWS\system32\crdon.tsp.b
C:\WINDOWS\system32\crscha.exe
C:\WINDOWS\system32\install_en.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PFSVGAE
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_pfsvgae
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-21 18:47 . 2008-09-21 18:57 22 --a------ C:\WINDOWS\system32\ieupdts.zip
2008-09-18 19:08 . 2008-09-18 19:17 <DIR> d-------- C:\SDFix
2008-09-16 23:02 . 2008-09-20 11:10 <DIR> d-------- C:\ComboFix
2008-09-14 17:21 . 2008-09-14 17:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-12 22:23 . 2008-09-12 22:23 <DIR> d-------- C:\Program Files\ERUNT
2008-09-12 19:14 . 2008-09-12 19:14 <DIR> d-------- C:\rsit
2008-09-12 19:14 . 2008-09-12 22:31 <DIR> d-------- C:\Program Files\trend micro
2008-09-12 18:11 . 2008-09-12 18:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 18:11 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 11:36 . 2008-09-12 11:36 <DIR> d-------- C:\e53ff8b278f38c8df753e8c33cb2
2008-09-12 05:49 . 2008-09-21 19:05 194,048 --------- C:\WINDOWS\system32\winhelp32.exe
2008-09-09 18:07 . 2008-09-12 12:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 22:36 . 2008-09-03 22:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-09 22:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-06 20:54 --------- d-----w C:\Program Files\Google
2008-07-29 14:36 --------- d-----w C:\Program Files\Norton AntiVirus
2007-09-10 00:22 1,434 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-01 18:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-17_22.56.33.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-15 01:53:33 6,037,504 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-09-18 23:11:17 6,037,504 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-09-15 01:53:33 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-09-18 23:11:17 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0xf9.exe
2008-09-12 05:23 18944 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000012.exe
2008-09-12 05:42 18944 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008377.exe

C:\Avenger\geBqNGvV.dll
2008-09-12 05:54 34688 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002017.dll

C:\Avenger\tdssadw.dll
2008-09-12 06:08 32768 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008289.dll

C:\Avenger\tdssinit.dll
2008-09-12 06:08 53237 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008290.dll

C:\Avenger\tdssl.dll
2008-09-12 06:08 16896 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008291.dll

C:\Avenger\tdsslog.dll
2008-09-12 06:08 11264 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008292.dll

C:\Avenger\tdssmain.dll
2008-09-12 06:08 10240 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008293.dll

C:\Avenger\tdssserv.sys
2008-09-12 06:08 35840 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008294.sys

C:\Avenger\winhelp32.exe
2008-09-12 05:49 194048 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012731.exe

2000-08-31 08:00 3156 C:\COFix\Assoc.cmd
2000-08-31 08:00 3156 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008297.cmd
2000-08-31 08:00 3156 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012666.cmd

2000-08-31 08:00 6957 C:\COFix\Boot.bat
2000-08-31 08:00 6803 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008298.bat
2000-08-31 08:00 6957 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012667.bat

2008-09-21 05:58 537087 C:\COFix\C.bat
2008-09-17 20:05 535389 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008299.bat
2008-09-21 05:58 537087 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012668.bat

2008-09-21 19:04 33 C:\COFix\CCS.bat
2008-09-20 19:42 33 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011590.bat
2008-09-20 21:02 33 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012669.bat

C:\COFix\CF8965.exe
2008-09-17 22:50 388608 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008300.exe

2008-09-21 18:59 16 C:\COFix\chcp.bat
2008-09-17 22:50 16 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008301.bat
2008-09-20 20:57 16 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012670.bat

2000-08-31 08:00 1024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008302.sys
2000-08-31 08:00 1024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012671.sys

C:\COFix\Combobatch.bat
2000-08-31 08:00 6795 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008286.bat
2000-08-31 08:00 6728 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012716.bat

2000-08-31 08:00 61440 C:\COFix\ComboFix-Download.exe
2000-08-31 08:00 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008303.exe
2000-08-31 08:00 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012673.exe

2000-08-31 08:00 149 C:\COFix\Comspec.bat
2000-08-31 08:00 149 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008304.bat
2000-08-31 08:00 149 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012674.bat

2000-08-31 08:00 3184 C:\COFix\CregC.cmd
2000-08-31 08:00 3184 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008305.cmd
2000-08-31 08:00 3184 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012675.cmd

2000-08-31 08:00 1727 C:\COFix\DelClsid.bat
2000-08-31 08:00 1727 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008306.bat
2000-08-31 08:00 1727 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012676.bat

C:\COFix\Disclaimer.bat
2000-08-31 08:00 933 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0011435.bat
2000-08-31 08:00 933 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012703.bat

2000-08-31 08:00 6796 C:\COFix\Exe.reg
2000-08-31 08:00 6809 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008307.reg
2000-08-31 08:00 6796 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012677.reg

2000-08-31 08:00 100805 C:\COFix\FIND3M.bat
2000-08-31 08:00 97095 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008308.bat
2000-08-31 08:00 100805 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012678.bat

2000-08-31 08:00 3815 C:\COFix\FIXLSP.bat
2000-08-31 08:00 3783 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008309.bat
2000-08-31 08:00 3815 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012679.bat

2000-08-31 08:00 15388 C:\COFix\FProps.vbs
2000-08-31 08:00 15388 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008310.vbs
2000-08-31 08:00 15388 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012680.vbs

2005-08-16 01:54 1536 C:\COFix\hidec.exe
2005-08-16 01:54 1536 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008311.exe
2005-08-16 01:54 1536 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012681.exe

2000-08-31 08:00 2083 C:\COFix\history.bat
2000-08-31 08:00 2063 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008312.bat
2000-08-31 08:00 2083 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012682.bat

2008-09-21 19:04 85042 C:\COFix\Lang.bat
2000-08-31 08:00 86043 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008313.bat
2000-08-31 08:00 84784 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012715.bat

2000-08-31 08:00 349 C:\COFix\LFN.vbs
2000-08-31 08:00 349 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008314.vbs
2000-08-31 08:00 349 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012684.vbs

C:\COFix\List-C.bat
2000-08-31 08:00 227086 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008284.bat
2000-08-31 08:00 230929 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012713.bat

2000-08-31 08:00 1528 C:\COFix\lnkread.vbs
2000-08-31 08:00 1528 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008315.vbs
2000-08-31 08:00 1528 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012685.vbs

2000-08-31 08:00 805 C:\COFix\LocalDrive.vbs
2000-08-31 08:00 805 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008316.vbs
2000-08-31 08:00 805 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012686.vbs

2008-09-21 19:04 58271 C:\COFix\LspFixed.reg
2008-09-20 19:42 58271 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011609.reg
2008-09-20 21:02 58271 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012687.reg

2000-08-31 08:00 2703 C:\COFix\MoveIt.bat
2000-08-31 08:00 2693 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008317.bat
2000-08-31 08:00 2703 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012688.bat

2000-08-31 08:00 1561 C:\COFix\ND_.bat
2000-08-31 08:00 1449 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008318.bat
2000-08-31 08:00 1561 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012689.bat

2000-08-31 08:00 28672 C:\COFix\nircmd.com
2000-08-31 08:00 28672 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008319.com
2000-08-31 08:00 28672 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012690.com

2000-08-31 08:00 657 C:\COFix\OSid.vbs
2000-08-31 08:00 657 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008320.vbs
2000-08-31 08:00 657 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012691.vbs

2000-08-31 08:00 3501 C:\COFix\Qoo.bat
2000-08-31 08:00 3355 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008321.bat
2000-08-31 08:00 3501 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012692.bat

C:\COFix\restore_pt.vbs
2000-08-31 08:00 232 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008280.vbs
2000-08-31 08:00 232 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012706.vbs

2000-08-31 08:00 1636 C:\COFix\RestoreO4.bat
2000-08-31 08:00 1479 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008322.bat
2000-08-31 08:00 1636 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012693.bat

2000-08-31 08:00 15283 C:\COFix\SafeBootRepair.bat
2000-08-31 08:00 15230 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008323.bat
2000-08-31 08:00 15283 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012694.bat

2008-09-21 19:04 992 C:\COFix\SDBG.reg
2008-09-20 19:42 920 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011617.reg
2008-09-20 21:02 956 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012695.reg

2000-08-31 08:00 11884 C:\COFix\SetEnvmt.bat
2000-08-31 08:00 11873 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008324.bat
2000-08-31 08:00 11884 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012696.bat

2008-09-21 19:05 11464 C:\COFix\SetPath.bat
2008-09-20 19:38 11152 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011619.bat
2008-09-21 18:59 11615 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012724.bat

2008-09-21 18:59 83 C:\COFix\sfx.cmd
2008-09-17 22:50 14 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008325.cmd
2008-09-20 20:57 83 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012698.cmd

2000-08-31 08:00 1128 C:\COFix\SvcDrv.vbs
2000-08-31 08:00 1128 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008326.vbs
2000-08-31 08:00 1128 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012699.vbs

2008-09-20 19:36 2854922 C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
2008-09-17 21:15 2853294 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0011425.exe

2008-09-14 17:11 304421 C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
2008-09-12 19:14 304189 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0003041.exe

2008-09-21 19:08 840200 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
2008-09-12 11:30 820694 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001005.dll
2008-09-21 18:25 840200 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012723.dll

C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll
2008-04-01 16:42 24673 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002018.dll

C:\Program Files\Viewpoint\Common\ViewpointService.exe
2007-01-04 17:38 24652 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011499.exe

C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
2007-01-05 11:32 254022 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011500.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
2007-06-15 23:55 217158 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011502.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
2004-02-20 16:17 57344 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011510.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
2004-02-20 16:17 81978 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011511.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
2006-10-11 15:22 413766 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011512.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
2007-07-07 20:13 36864 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011513.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
2004-02-20 16:17 86016 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011514.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
2004-02-20 16:11 192559 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011515.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
2006-10-11 15:10 122948 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011516.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
2004-02-20 16:04 196656 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011517.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
2006-10-11 15:10 204868 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011518.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
2004-02-20 16:11 163889 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011519.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
2007-06-15 23:55 1282120 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011520.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
2004-02-20 16:12 53302 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011521.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
2007-07-07 20:12 774210 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011522.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
2006-10-11 15:18 725057 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011523.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
2004-02-20 16:10 606256 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011524.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
2006-10-11 15:16 725070 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011525.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
2004-02-20 16:17 1093678 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011526.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
2004-02-20 16:17 57344 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011527.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
2006-10-11 15:22 249923 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011528.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
2004-02-20 16:15 630830 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011529.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
2007-07-07 20:13 770115 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011530.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
2004-02-20 15:48 53299 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011531.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
2004-02-20 16:04 217134 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011532.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
2007-08-10 15:10 114688 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011508.exe

C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
2007-04-16 13:07 180293 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011509.dll

C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
2007-02-15 13:12 663616 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011533.dll

C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
2007-01-04 17:38 26320 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011535.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
2007-01-04 17:38 112336 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011536.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
2007-02-15 12:12 407248 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011537.dll

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
2007-01-04 17:38 98380 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011538.exe

C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
2004-03-11 13:23 245810 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011541.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
2007-02-02 23:22 249906 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011542.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
2007-03-08 19:22 254022 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011543.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
2007-02-15 11:45 213062 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011545.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
2007-02-02 23:22 413746 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011552.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
2007-02-15 11:45 36864 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011553.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
2007-02-15 11:45 122948 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011554.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
2007-02-15 11:45 204868 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011555.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
2007-02-15 11:45 1278024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011556.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
2007-02-15 11:45 774210 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011557.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
2007-02-02 23:22 643116 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011558.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
2007-02-15 12:12 41024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011559.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
2007-02-15 11:45 647234 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011560.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
2007-02-15 11:45 770115 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011561.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
2007-02-15 11:45 53319 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011562.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
2004-03-11 13:14 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011551.exe

2008-09-18 19:11 798 C:\SDFix\backupreg\AppInit_DLLs.reg
2008-09-14 17:21 798 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004106.reg
2008-09-14 21:44 798 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005115.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\bat_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004099.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005108.reg

2008-09-18 19:11 960 C:\SDFix\backupreg\BHO.reg
2008-09-14 17:21 960 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004088.reg
2008-09-14 21:44 960 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005097.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\com_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004100.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005109.reg

2008-09-18 19:11 23930 C:\SDFix\backupreg\ControlPanel_Load.reg
2008-09-14 17:21 23760 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004105.reg
2008-09-14 21:44 23760 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005114.reg

2008-09-18 19:11 3074 C:\SDFix\backupreg\Drivers32.reg
2008-09-14 17:21 3074 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004084.reg
2008-09-14 21:44 3074 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005093.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\exe_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004095.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005104.reg

2008-09-18 19:11 3926 C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
2008-09-14 17:21 3118 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004102.reg
2008-09-14 21:44 3118 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005111.reg

2008-09-18 19:11 1922 C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
2008-09-14 17:21 840 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004104.reg
2008-09-14 21:44 840 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005113.reg

2008-09-18 19:11 982 C:\SDFix\backupreg\HKCURun.reg
2008-09-14 17:21 982 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004093.reg
2008-09-14 21:44 982 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005102.reg

2008-09-18 19:11 228 C:\SDFix\backupreg\HKCURunServices.reg
2008-09-14 17:21 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004094.reg
2008-09-14 21:44 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005103.reg

2008-09-18 19:11 119194 C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
2008-09-14 17:21 118644 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004101.reg
2008-09-14 21:44 118644 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005110.reg

2008-09-18 19:11 4114 C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
2008-09-14 17:21 2670 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004103.reg
2008-09-14 21:44 2670 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005112.reg

2008-09-18 19:11 1316 C:\SDFix\backupreg\HKLMRun.reg
2008-09-14 17:21 1350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004091.reg
2008-09-14 21:44 1350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005100.reg

2008-09-18 19:11 230 C:\SDFix\backupreg\HKLMRunServices.reg
2008-09-14 17:21 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004092.reg
2008-09-14 21:44 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005101.reg

2008-09-18 19:11 5848 C:\SDFix\backupreg\IEDesktop.reg
2008-09-14 17:21 5604 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004090.reg
2008-09-14 21:44 5604 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005099.reg

2008-09-18 19:11 5898 C:\SDFix\backupreg\IEMain.reg
2008-09-14 17:21 6504 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004089.reg
2008-09-14 21:44 6504 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005098.reg

2008-09-18 19:11 35350 C:\SDFix\backupreg\Installed_Components.reg
2008-09-14 17:21 35350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004087.reg
2008-09-14 21:44 35350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005096.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\pif_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004098.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005107.reg

2008-09-18 19:11 222 C:\SDFix\backupreg\reg_shell_open.reg
2008-09-14 17:21 222 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004097.reg
2008-09-14 21:44 222 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005106.reg

2008-09-18 19:11 8002 C:\SDFix\backupreg\SecurityProviders.reg
2008-09-14 17:21 8002 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004086.reg
2008-09-14 21:44 8002 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005095.reg

2008-09-18 19:11 546 C:\SDFix\backupreg\SharedTaskScheduler.reg
2008-09-14 17:21 678 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004109.reg
2008-09-14 21:44 678 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005118.reg

2008-09-18 19:11 696 C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
2008-09-14 17:21 696 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004110.reg
2008-09-14 21:44 696 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005119.reg

2008-09-18 19:11 5282 C:\SDFix\backupreg\SubSystems.reg
2008-09-14 17:21 5282 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004085.reg
2008-09-14 21:44 5282 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005094.reg

2008-09-18 19:11 668 C:\SDFix\backupreg\txt_shell_open.reg
2008-09-14 17:21 668 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004096.reg
2008-09-14 21:44 668 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005105.reg

2008-09-18 19:11 23654 C:\SDFix\backupreg\Winlogon.reg
2008-09-14 17:21 24320 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004107.reg
2008-09-14 21:44 24320 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005116.reg

2008-09-18 19:11 6918 C:\SDFix\backupreg\WinlogonNotify.reg
2008-09-14 17:21 7584 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004108.reg
2008-09-14 21:44 7584 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005117.reg

2008-09-18 19:12 140 C:\SDFix\Repairaux1.reg
2008-09-14 17:23 140 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004081.reg
2008-09-14 21:45 140 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005090.reg

2008-09-18 19:15 169 C:\SDFix\userinfix.reg
2008-09-14 17:26 169 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004111.reg
2008-09-14 21:48 169 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005120.reg

2008-08-07 16:27 163328 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
2008-08-07 16:27 163328 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004082.EXE
2008-08-07 16:27 163328 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008375.EXE

C:\WINDOWS\system32\crashdll.dll
2008-09-12 11:42 24576 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001011.dll
2008-09-21 18:16 24576 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012709.dll

C:\WINDOWS\system32\crscha.exe
2008-09-12 11:58 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001006.exe
2008-09-20 16:34 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0011419.exe

C:\WINDOWS\system32\crscha.exe
2008-09-20 19:13 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011564.exe

C:\WINDOWS\system32\crscha.exe
2008-09-20 19:44 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0011632.exe
2008-09-21 00:06 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012655.exe

C:\WINDOWS\system32\crscha.exe
2008-09-21 18:06 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012710.exe

C:\WINDOWS\system32\drivers\aemauv.sys
2008-09-12 19:04 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001001.sys

C:\WINDOWS\system32\drivers\gpqhjpcv.sys
2008-09-12 21:50 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002023.sys

C:\WINDOWS\system32\drivers\tdssserv.sys
2008-09-14 17:19 1024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0008111.sys

C:\WINDOWS\system32\install_en.exe
2008-09-12 19:16 194836 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002012.exe
2008-09-21 18:16 190744 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012711.exe

C:\WINDOWS\system32\tdsspopup.dll
2008-09-12 06:08 14848 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002019.dll

2008-09-21 19:05 194048 C:\WINDOWS\system32\winhelp32.exe
2008-09-12 19:05 194048 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002024.exe
2008-09-12 21:51 194048 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012718.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C6E1044-DBF1-EDB3-57BB-D40A130EA5BD}]
%SystemRoot%\system32\vmmreg32.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vmmreg32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VIDEO]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R1 VIDEO;VIDEO;C:\WINDOWS\SYSTEM32\VIDEO.sys [2008-09-12 30464]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 19:06:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\system32\VIDEO.sys 30464 bytes executable
C:\WINDOWS\system32\vmmreg32.dll 249856 bytes executable
C:\WINDOWS\system32\webmin

scan completed successfully
hidden files: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\COFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-21 19:17:26 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-09-21 23:17:21
ComboFix2.txt 2008-09-18 02:58:03

Pre-Run: 248,142,331,904 bytes free
Post-Run: 248,131,923,968 bytes free

621 --- E O F --- 2008-09-10 07:01:04

Sorry for the delay, I am currently reviewing your CF Log and working on a fix.

Are you getting help elsewhere? Because I see you ran Avenger:

C:\Avenger\winhelp32.exe

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\ieupdts.zip
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Nope, you are my only hope to solving this mess : ) I don't know what avenger is or how it was run.


VirSCAN.org Scanned Report :
Scanner results: All Scanners reported not find malware!
File Name : e-card.zip
File Size : 22 byte
File Type : data
MD5 : 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 : b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
Online report : http://virscan.org/report/76cdb2bad9582d23...d868218d6c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.14 2008.09.17 2008-09-17 1.41 -
AhnLab V3 2008.09.19.01 2008.09.19 2008-09-19 0.91 -
AntiVir 7.8.1.34 7.0.6.180 2008-09-18 2.33 -
Arcavir 1.0.5 200809182042 2008-09-18 1.17 -
AVAST! 3.0.1 080918-0 2008-09-18 0.68 -
AVG 7.5.52.442 270.7.0/1679 2008-09-18 1.55 -
BitDefender 7.60825.1765627 7.20962 2008-09-19 3.08 -
CA (VET) 9.0.0.143 31.6.6094 2008-09-18 5.41 -
ClamAV 0.94 8285 2008-09-19 0.00 -
Comodo 2.11 2.0.0.650 2008-09-18 0.98 -
CP Secure 1.1.0.715 2008.09.19 2008-09-19 5.75 -
Dr.Web 4.44.0.9170 2008.09.19 2008-09-19 3.16 -
ewido 4.0.0.2 2008.09.18 2008-09-18 2.82 -
F-Prot 4.4.4.56 20080918 2008-09-18 1.01 -
F-Secure 5.51.6100 2008.09.19.01 2008-09-19 3.38 -
Fortinet 2.81-3.113 9.564 2008-09-18 0.15 -
ViRobot 20080918 2008.09.18 2008-09-18 0.44 -
Ikarus T3.1.01.34 2008.09.19.71487 2008-09-19 3.32 -
JiangMin 11.0.706 2008.09.19 2008-09-19 1.23 -
Kaspersky 5.5.10 2008.09.19 2008-09-19 0.02 -
KingSoft 2008.1.14.15 2008.9.19.14 2008-09-19 0.94 -
McAfee 5.3.00 5387 2008-09-18 1.88 -
Microsoft 1.3903 2008.09.18 2008-09-18 3.91 -
mks_vir 2.01 2008.09.18 2008-09-18 2.49 -
Norman 5.93.01 5.93.00 2008-09-18 5.55 -
Panda 9.05.01 2008.09.18 2008-09-18 3.16 -
Trend Micro 8.700-1004 5.552.02 2008-09-18 0.02 -
Quick Heal 9.50 2008.09.19 2008-09-19 1.82 -
Rising 20.0 20.62.40.00 2008-09-19 0.24 -
Sophos 2.78.0 4.33 2008-09-19 1.81 -
Sunbelt 3.1.1647.1 2241 2008-09-18 0.49 -
Symantec 1.3.0.24 20080918.008 2008-09-18 0.18 -
nProtect 2008-09-18.00 2118370 2008-09-18 4.38 -
The Hacker 6.3.0.9 v00088 2008-09-18 0.42 -
VBA32 3.12.8.5 20080918.0815 2008-09-18 1.18 -
VirusBuster 4.5.11.10 10.87.17/635387 2008-09-18 0.81 -