ComboFix 08-09-20.05 - HP_Administrator 2008-09-23 20:04:30.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1779 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt.txt

FILE ::
C:\WINDOWS\system32\drivers\aemauv.sys
C:\WINDOWS\system32\drivers\gpqhjpcv.sys
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\tdsspopup.dll
C:\WINDOWS\SYSTEM32\VIDEO.sys
C:\WINDOWS\system32\winhelp32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winhelp32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIDEO
-------\Service_VIDEO


((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-21 18:47 . 2008-09-21 18:57 22 --a------ C:\WINDOWS\system32\ieupdts.zip
2008-09-18 19:08 . 2008-09-18 19:17 <DIR> d-------- C:\SDFix
2008-09-16 23:02 . 2008-09-20 11:10 <DIR> d-------- C:\ComboFix
2008-09-14 17:21 . 2008-09-14 17:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-12 22:23 . 2008-09-12 22:23 <DIR> d-------- C:\Program Files\ERUNT
2008-09-12 19:14 . 2008-09-12 19:14 <DIR> d-------- C:\rsit
2008-09-12 19:14 . 2008-09-12 22:31 <DIR> d-------- C:\Program Files\trend micro
2008-09-12 18:11 . 2008-09-12 18:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 18:11 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 11:36 . 2008-09-12 11:36 <DIR> d-------- C:\e53ff8b278f38c8df753e8c33cb2
2008-09-12 06:09 . 2008-09-12 06:09 249,856 --a------ C:\WINDOWS\system32\vmmreg32.dll
2008-09-12 06:09 . 2008-09-12 06:09 30,464 --a------ C:\WINDOWS\system32\VIDEO.sys
2008-09-12 05:49 . 2008-09-12 06:09 <DIR> d-------- C:\WINDOWS\system32\webmin
2008-09-09 18:07 . 2008-09-12 12:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 22:36 . 2008-09-03 22:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-23 00:32 --------- d--h--w C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-09-09 22:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-06 20:54 --------- d-----w C:\Program Files\Google
2008-07-29 14:36 --------- d-----w C:\Program Files\Norton AntiVirus
2007-09-10 00:22 1,434 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-01 18:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-17_22.56.33.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-15 01:53:33 6,037,504 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-09-18 23:11:17 6,037,504 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-09-15 01:53:33 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-09-18 23:11:17 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2004-08-10 04:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\vmmreg32.dll
+ 2004-08-10 04:00:00 18,944 ----a-w C:\WINDOWS\vmmreg32.dll
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0xf9.exe
2008-09-12 05:23 18944 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000012.exe
2008-09-12 05:42 18944 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008377.exe

C:\Avenger\geBqNGvV.dll
2008-09-12 05:54 34688 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002017.dll

C:\Avenger\tdssadw.dll
2008-09-12 06:08 32768 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008289.dll

C:\Avenger\tdssinit.dll
2008-09-12 06:08 53237 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008290.dll

C:\Avenger\tdssl.dll
2008-09-12 06:08 16896 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008291.dll

C:\Avenger\tdsslog.dll
2008-09-12 06:08 11264 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008292.dll

C:\Avenger\tdssmain.dll
2008-09-12 06:08 10240 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008293.dll

C:\Avenger\tdssserv.sys
2008-09-12 06:08 35840 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008294.sys

C:\Avenger\winhelp32.exe
2008-09-12 05:49 194048 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012731.exe

2000-08-31 08:00 3156 C:\COFix\Assoc.cmd
2000-08-31 08:00 3156 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008297.cmd
2000-08-31 08:00 3156 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012857.cmd

2000-08-31 08:00 6957 C:\COFix\Boot.bat
2000-08-31 08:00 6803 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008298.bat
2000-08-31 08:00 6957 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012858.bat

2008-09-21 05:58 537087 C:\COFix\C.bat
2008-09-17 20:05 535389 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008299.bat
2008-09-21 05:58 537087 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012859.bat

2008-09-23 20:09 33 C:\COFix\CCS.bat
2008-09-20 19:42 33 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011590.bat
2008-09-21 19:04 33 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012860.bat

C:\COFix\CF10924.exe
2008-09-21 18:59 388608 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012861.exe

C:\COFix\CF8965.exe
2008-09-17 22:50 388608 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008300.exe

2008-09-23 20:04 16 C:\COFix\chcp.bat
2008-09-17 22:50 16 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008301.bat
2008-09-21 18:59 16 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012862.bat

2000-08-31 08:00 1024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008302.sys
2000-08-31 08:00 1024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012863.sys

C:\COFix\Combobatch.bat
2000-08-31 08:00 6728 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012950.bat
2008-09-21 19:04 6843 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012725.bat

2000-08-31 08:00 61440 C:\COFix\ComboFix-Download.exe
2000-08-31 08:00 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008303.exe
2000-08-31 08:00 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012864.exe

2000-08-31 08:00 149 C:\COFix\Comspec.bat
2000-08-31 08:00 149 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008304.bat
2000-08-31 08:00 149 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012865.bat

2000-08-31 08:00 3184 C:\COFix\CregC.cmd
2000-08-31 08:00 3184 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008305.cmd
2000-08-31 08:00 3184 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012866.cmd

2000-08-31 08:00 1727 C:\COFix\DelClsid.bat
2000-08-31 08:00 1727 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008306.bat
2000-08-31 08:00 1727 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012867.bat

C:\COFix\Disclaimer.bat
2000-08-31 08:00 933 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012943.bat
2000-08-31 08:00 933 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012703.bat

2000-08-31 08:00 6796 C:\COFix\Exe.reg
2000-08-31 08:00 6809 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008307.reg
2000-08-31 08:00 6796 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012868.reg

2000-08-31 08:00 100805 C:\COFix\FIND3M.bat
2000-08-31 08:00 97095 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008308.bat
2000-08-31 08:00 100805 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012869.bat

2000-08-31 08:00 3815 C:\COFix\FIXLSP.bat
2000-08-31 08:00 3783 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008309.bat
2000-08-31 08:00 3815 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012870.bat

2000-08-31 08:00 15388 C:\COFix\FProps.vbs
2000-08-31 08:00 15388 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008310.vbs
2000-08-31 08:00 15388 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012871.vbs

2005-08-16 01:54 1536 C:\COFix\hidec.exe
2005-08-16 01:54 1536 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008311.exe
2005-08-16 01:54 1536 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012872.exe

2000-08-31 08:00 2083 C:\COFix\history.bat
2000-08-31 08:00 2063 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008312.bat
2000-08-31 08:00 2083 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012873.bat

2008-09-23 20:09 85042 C:\COFix\Lang.bat
2000-08-31 08:00 84784 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012949.bat
2008-09-21 19:04 85042 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012874.bat

2000-08-31 08:00 349 C:\COFix\LFN.vbs
2000-08-31 08:00 349 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008314.vbs
2000-08-31 08:00 349 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012875.vbs

C:\COFix\List-C.bat
2000-08-31 08:00 230929 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012948.bat
2000-08-31 08:00 230929 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012713.bat

2000-08-31 08:00 1528 C:\COFix\lnkread.vbs
2000-08-31 08:00 1528 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008315.vbs
2000-08-31 08:00 1528 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012876.vbs

2000-08-31 08:00 805 C:\COFix\LocalDrive.vbs
2000-08-31 08:00 805 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008316.vbs
2000-08-31 08:00 805 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012877.vbs

2008-09-23 20:09 58271 C:\COFix\LspFixed.reg
2008-09-20 19:42 58271 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011609.reg
2008-09-21 19:04 58271 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012878.reg

2000-08-31 08:00 2703 C:\COFix\MoveIt.bat
2000-08-31 08:00 2693 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008317.bat
2000-08-31 08:00 2703 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012879.bat

2000-08-31 08:00 1561 C:\COFix\ND_.bat
2000-08-31 08:00 1449 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008318.bat
2000-08-31 08:00 1561 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012880.bat

2000-08-31 08:00 28672 C:\COFix\nircmd.com
2000-08-31 08:00 28672 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008319.com
2000-08-31 08:00 28672 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012881.com

2000-08-31 08:00 657 C:\COFix\OSid.vbs
2000-08-31 08:00 657 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008320.vbs
2000-08-31 08:00 657 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012882.vbs

2000-08-31 08:00 3501 C:\COFix\Qoo.bat
2000-08-31 08:00 3355 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008321.bat
2000-08-31 08:00 3501 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012883.bat

C:\COFix\restore_pt.vbs
2000-08-31 08:00 232 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012946.vbs
2000-08-31 08:00 232 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012706.vbs

2000-08-31 08:00 1636 C:\COFix\RestoreO4.bat
2000-08-31 08:00 1479 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008322.bat
2000-08-31 08:00 1636 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012884.bat

2000-08-31 08:00 15283 C:\COFix\SafeBootRepair.bat
2000-08-31 08:00 15230 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008323.bat
2000-08-31 08:00 15283 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012885.bat

2008-09-23 20:09 1028 C:\COFix\SDBG.reg
2008-09-20 19:42 920 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011617.reg
2008-09-21 19:04 992 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012886.reg

2000-08-31 08:00 11884 C:\COFix\SetEnvmt.bat
2000-08-31 08:00 11873 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008324.bat
2000-08-31 08:00 11884 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012887.bat

2008-09-23 20:04 11615 C:\COFix\SetPath.bat
2008-09-20 19:38 11152 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011619.bat
2008-09-21 18:59 11615 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012724.bat

2008-09-23 20:04 83 C:\COFix\sfx.cmd
2008-09-17 22:50 14 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008325.cmd
2008-09-21 18:59 83 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012888.cmd

2000-08-31 08:00 1128 C:\COFix\SvcDrv.vbs
2000-08-31 08:00 1128 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008326.vbs
2000-08-31 08:00 1128 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012889.vbs

2008-06-15 01:02 99704 C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2008-01-12 01:11 99704 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP10\A0012904.exe

C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\qsp2ie07076007.dll
2008-01-12 01:11 687992 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012913.dll

2008-09-22 20:32 34064 C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
2008-05-11 17:09 34050 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP10\A0012905.exe

2008-09-20 19:36 2854922 C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
2008-09-17 21:15 2853294 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0011425.exe

2008-09-14 17:11 304421 C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
2008-09-12 19:14 304189 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0003041.exe

2008-09-23 20:13 840200 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
2008-09-21 21:05 840200 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP10\A0012891.dll
2008-09-21 18:25 840200 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012723.dll

C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll
2008-04-01 16:42 24673 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002018.dll

C:\Program Files\Viewpoint\Common\ViewpointService.exe
2007-01-04 17:38 24652 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011499.exe

C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
2007-01-05 11:32 254022 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011500.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
2007-06-15 23:55 217158 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011502.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
2004-02-20 16:17 57344 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011510.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
2004-02-20 16:17 81978 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011511.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
2006-10-11 15:22 413766 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011512.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
2007-07-07 20:13 36864 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011513.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
2004-02-20 16:17 86016 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011514.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
2004-02-20 16:11 192559 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011515.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
2006-10-11 15:10 122948 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011516.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
2004-02-20 16:04 196656 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011517.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
2006-10-11 15:10 204868 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011518.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
2004-02-20 16:11 163889 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011519.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
2007-06-15 23:55 1282120 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011520.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
2004-02-20 16:12 53302 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011521.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
2007-07-07 20:12 774210 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011522.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
2006-10-11 15:18 725057 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011523.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
2004-02-20 16:10 606256 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011524.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
2006-10-11 15:16 725070 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011525.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
2004-02-20 16:17 1093678 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011526.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
2004-02-20 16:17 57344 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011527.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
2006-10-11 15:22 249923 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011528.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
2004-02-20 16:15 630830 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011529.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
2007-07-07 20:13 770115 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011530.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
2004-02-20 15:48 53299 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011531.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
2004-02-20 16:04 217134 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011532.dll

C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
2007-08-10 15:10 114688 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011508.exe

C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
2007-04-16 13:07 180293 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011509.dll

C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
2007-02-15 13:12 663616 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011533.dll

C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
2007-01-04 17:38 26320 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011535.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
2007-01-04 17:38 112336 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011536.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
2007-02-15 12:12 407248 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011537.dll

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
2007-01-04 17:38 98380 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011538.exe

C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
2004-03-11 13:23 245810 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011541.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
2007-02-02 23:22 249906 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011542.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
2007-03-08 19:22 254022 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011543.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
2007-02-15 11:45 213062 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011545.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
2007-02-02 23:22 413746 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011552.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
2007-02-15 11:45 36864 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011553.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
2007-02-15 11:45 122948 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011554.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
2007-02-15 11:45 204868 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011555.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
2007-02-15 11:45 1278024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011556.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
2007-02-15 11:45 774210 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011557.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
2007-02-02 23:22 643116 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011558.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
2007-02-15 12:12 41024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011559.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
2007-02-15 11:45 647234 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011560.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
2007-02-15 11:45 770115 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011561.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
2007-02-15 11:45 53319 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011562.dll

C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
2004-03-11 13:14 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011551.exe

2008-09-18 19:11 798 C:\SDFix\backupreg\AppInit_DLLs.reg
2008-09-14 17:21 798 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004106.reg
2008-09-14 21:44 798 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005115.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\bat_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004099.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005108.reg

2008-09-18 19:11 960 C:\SDFix\backupreg\BHO.reg
2008-09-14 17:21 960 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004088.reg
2008-09-14 21:44 960 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005097.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\com_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004100.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005109.reg

2008-09-18 19:11 23930 C:\SDFix\backupreg\ControlPanel_Load.reg
2008-09-14 17:21 23760 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004105.reg
2008-09-14 21:44 23760 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005114.reg

2008-09-18 19:11 3074 C:\SDFix\backupreg\Drivers32.reg
2008-09-14 17:21 3074 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004084.reg
2008-09-14 21:44 3074 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005093.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\exe_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004095.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005104.reg

2008-09-18 19:11 3926 C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
2008-09-14 17:21 3118 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004102.reg
2008-09-14 21:44 3118 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005111.reg

2008-09-18 19:11 1922 C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
2008-09-14 17:21 840 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004104.reg
2008-09-14 21:44 840 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005113.reg

2008-09-18 19:11 982 C:\SDFix\backupreg\HKCURun.reg
2008-09-14 17:21 982 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004093.reg
2008-09-14 21:44 982 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005102.reg

2008-09-18 19:11 228 C:\SDFix\backupreg\HKCURunServices.reg
2008-09-14 17:21 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004094.reg
2008-09-14 21:44 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005103.reg

2008-09-18 19:11 119194 C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
2008-09-14 17:21 118644 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004101.reg
2008-09-14 21:44 118644 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005110.reg

2008-09-18 19:11 4114 C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
2008-09-14 17:21 2670 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004103.reg
2008-09-14 21:44 2670 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005112.reg

2008-09-18 19:11 1316 C:\SDFix\backupreg\HKLMRun.reg
2008-09-14 17:21 1350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004091.reg
2008-09-14 21:44 1350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005100.reg

2008-09-18 19:11 230 C:\SDFix\backupreg\HKLMRunServices.reg
2008-09-14 17:21 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004092.reg
2008-09-14 21:44 74 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005101.reg

2008-09-18 19:11 5848 C:\SDFix\backupreg\IEDesktop.reg
2008-09-14 17:21 5604 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004090.reg
2008-09-14 21:44 5604 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005099.reg

2008-09-18 19:11 5898 C:\SDFix\backupreg\IEMain.reg
2008-09-14 17:21 6504 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004089.reg
2008-09-14 21:44 6504 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005098.reg

2008-09-18 19:11 35350 C:\SDFix\backupreg\Installed_Components.reg
2008-09-14 17:21 35350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004087.reg
2008-09-14 21:44 35350 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005096.reg

2008-09-18 19:11 204 C:\SDFix\backupreg\pif_shell_open.reg
2008-09-14 17:21 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004098.reg
2008-09-14 21:44 204 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005107.reg

2008-09-18 19:11 222 C:\SDFix\backupreg\reg_shell_open.reg
2008-09-14 17:21 222 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004097.reg
2008-09-14 21:44 222 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005106.reg

2008-09-18 19:11 8002 C:\SDFix\backupreg\SecurityProviders.reg
2008-09-14 17:21 8002 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004086.reg
2008-09-14 21:44 8002 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005095.reg

2008-09-18 19:11 546 C:\SDFix\backupreg\SharedTaskScheduler.reg
2008-09-14 17:21 678 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004109.reg
2008-09-14 21:44 678 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005118.reg

2008-09-18 19:11 696 C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
2008-09-14 17:21 696 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004110.reg
2008-09-14 21:44 696 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005119.reg

2008-09-18 19:11 5282 C:\SDFix\backupreg\SubSystems.reg
2008-09-14 17:21 5282 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004085.reg
2008-09-14 21:44 5282 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005094.reg

2008-09-18 19:11 668 C:\SDFix\backupreg\txt_shell_open.reg
2008-09-14 17:21 668 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004096.reg
2008-09-14 21:44 668 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005105.reg

2008-09-18 19:11 23654 C:\SDFix\backupreg\Winlogon.reg
2008-09-14 17:21 24320 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004107.reg
2008-09-14 21:44 24320 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005116.reg

2008-09-18 19:11 6918 C:\SDFix\backupreg\WinlogonNotify.reg
2008-09-14 17:21 7584 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004108.reg
2008-09-14 21:44 7584 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005117.reg

2008-09-18 19:12 140 C:\SDFix\Repairaux1.reg
2008-09-14 17:23 140 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004081.reg
2008-09-14 21:45 140 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005090.reg

2008-09-18 19:15 169 C:\SDFix\userinfix.reg
2008-09-14 17:26 169 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004111.reg
2008-09-14 21:48 169 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005120.reg

2008-08-07 16:27 163328 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
2008-08-07 16:27 163328 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0004082.EXE
2008-08-07 16:27 163328 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP6\A0008375.EXE

C:\WINDOWS\system32\crashdll.dll
2008-09-12 11:42 24576 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001011.dll
2008-09-21 18:16 24576 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012709.dll

C:\WINDOWS\system32\crscha.exe
2008-09-12 11:58 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001006.exe
2008-09-20 16:34 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0011419.exe

C:\WINDOWS\system32\crscha.exe
2008-09-20 19:13 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0011564.exe

C:\WINDOWS\system32\crscha.exe
2008-09-20 19:44 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0011632.exe
2008-09-21 00:06 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012655.exe

C:\WINDOWS\system32\crscha.exe
2008-09-21 18:06 50176 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012710.exe

C:\WINDOWS\system32\drivers\aemauv.sys
2008-09-12 19:04 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001001.sys

C:\WINDOWS\system32\drivers\gpqhjpcv.sys
2008-09-12 21:50 61440 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002023.sys

C:\WINDOWS\system32\drivers\tdssserv.sys
2008-09-14 17:19 1024 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0008111.sys

C:\WINDOWS\system32\install_en.exe
2008-09-12 19:16 194836 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002012.exe
2008-09-21 18:16 190744 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012711.exe

C:\WINDOWS\system32\tdsspopup.dll
2008-09-12 06:08 14848 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0002019.dll

C:\WINDOWS\system32\winhelp32.exe
2008-09-21 19:05 194048 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012954.exe
2008-09-12 21:51 194048 {106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0012718.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 20:11:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\COFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-23 20:21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 00:21:19
ComboFix2.txt 2008-09-21 23:17:27
ComboFix3.txt 2008-09-18 02:58:03

Pre-Run: 239,716,601,856 bytes free
Post-Run: 239,744,659,456 bytes free

524 --- E O F --- 2008-09-10 07:01:04

Sorry for the delay.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into Combo-Fix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Hey - Sorry for taking so long with the log post. Here is the log - it worked without going into safe mode.

ComboFix 08-09-28.05 - HP_Administrator 2008-09-30 15:04:56.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1576 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\COFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll
C:\WINDOWS\system32\VIDEO.sys
C:\WINDOWS\system32\vmmreg32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cubics[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rockyou[2].txt
C:\WINDOWS\system32\VIDEO.sys
C:\WINDOWS\system32\vmmreg32.dll
C:\WINDOWS\system32\webmin
C:\WINDOWS\system32\webmin\VIDEO.bkp
C:\WINDOWS\system32\webmin\vmmreg32.bkp
C:\WINDOWS\system32\webmin\winhelp32.bkp

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-26 16:17 . 2008-09-30 01:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-26 16:17 . 2008-09-26 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-21 18:47 . 2008-09-21 18:57 22 --a------ C:\WINDOWS\system32\ieupdts.zip
2008-09-18 19:08 . 2008-09-18 19:17 <DIR> d-------- C:\SDFix
2008-09-16 23:02 . 2008-09-20 11:10 <DIR> d-------- C:\ComboFix
2008-09-14 17:21 . 2008-09-14 17:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-12 22:23 . 2008-09-12 22:23 <DIR> d-------- C:\Program Files\ERUNT
2008-09-12 19:14 . 2008-09-12 19:14 <DIR> d-------- C:\rsit
2008-09-12 19:14 . 2008-09-12 22:31 <DIR> d-------- C:\Program Files\trend micro
2008-09-12 18:11 . 2008-09-12 18:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-12 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 18:11 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 18:11 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 11:36 . 2008-09-12 11:36 <DIR> d-------- C:\e53ff8b278f38c8df753e8c33cb2
2008-09-09 18:07 . 2008-09-12 12:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 22:36 . 2008-09-03 22:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-23 00:32 --------- d--h--w C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-09-09 22:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-06 20:54 --------- d-----w C:\Program Files\Google
2008-07-29 14:36 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2007-09-10 00:22 1,434 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-01 18:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-17_22.56.33.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-15 01:53:33 6,037,504 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-09-18 23:11:17 6,037,504 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-09-15 01:53:33 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-09-18 23:11:17 122,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2004-08-10 04:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\vmmreg32.dll
+ 2004-08-10 04:00:00 18,944 ----a-w C:\WINDOWS\vmmreg32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 7634944]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"PCDrProfiler"="" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-20 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-03-07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 15:10:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-30 15:12:20
ComboFix-quarantined-files.txt 2008-09-30 19:11:17
ComboFix2.txt 2008-09-24 00:21:24
ComboFix3.txt 2008-09-21 23:17:27
ComboFix4.txt 2008-09-18 02:58:03

Pre-Run: 239,328,747,520 bytes free
Post-Run: 239,493,287,936 bytes free

169 --- E O F --- 2008-09-10 07:01:04

No problem.


Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Malwarebytes report

Malwarebytes' Anti-Malware 1.28
Database version: 1142
Windows 5.1.2600 Service Pack 2

10/1/2008 3:45:16 PM
mbam-log-2008-10-01 (15-45-16).txt

Scan type: Quick Scan
Objects scanned: 56316
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\68061115112.CPX (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks, and the report from Kaspersky Online Scanner

sorry that one took a while but here it is.....

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 20:22:57
Records in database: 1280928
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 135851
Threat name: 7
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 01:48:46


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MagicApplet.class-1f438417-47ab437a.class Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MagicApplet.class-2993b835-7938f923.class Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OwnClassLoader.class-2c35e127-58d5a03c.class Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-1ff27693-5eaf6361.zip Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-439666f5-430ea62a.zip Infected: Trojan-Downloader.Java.OpenConnection.ar 1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-67d6b2c6-72220a02.zip Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\QooBox\Quarantine\C\WINDOWS\system32\install_en.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.au 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vmmreg32.dll.vir Infected: Trojan.Win32.BHO.grh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\webmin\vmmreg32.bkp.vir Infected: Trojan.Win32.BHO.grh 1
C:\SDFix\backups\0xf9.exe Infected: Backdoor.Win32.Agent.rop 1

The selected area was scanned.

No problem, the Kaspersky scan is known to take a while.


Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  [kill explorer]
  C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MagicApplet.class-1f438417-47ab437a.class
  C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MagicApplet.class-2993b835-7938f923.class
  C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OwnClassLoader.class-2c35e127-58d5a03c.class
  C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-1ff27693-5eaf6361.zip
  C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-439666f5-430ea62a.zip
  C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-67d6b2c6-72220a02.zip
  purity
  EmptyTemp
  [start explorer]
  
  
• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Okay completed both steps - here is the log

Explorer killed successfully
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MagicApplet.class-1f438417-47ab437a.class moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\MagicApplet.class-2993b835-7938f923.class moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OwnClassLoader.class-2c35e127-58d5a03c.class moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-1ff27693-5eaf6361.zip moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java2SE.jar-439666f5-430ea62a.zip moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-67d6b2c6-72220a02.zip moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF5749.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF5764.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10022008_190758

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF5749.tmp not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF5764.tmp not found!

How is your computer running?

It seems to be running like normal. No fatal errors, pop-ups, or random re-boots. Only thing I noticed is that Norton Antivirus no longer boots up when the computer starts (its out of date anyway - is there a better protection to use? I dont care for Norton) and I have two X icons in the start menu that say Antivirus XP 2008 which never used to be there. The files cannot be located.

How does my computer look based on the log reports? Is it clean?

Thanks a bunch!

Your logs look clean, Great Job


You can go ahead and delete those Antivirus XP 2008 Items, they are just leftover, no harm.


As for Norton you can remove it by downloading and running the Norton Removal Tool.


Here are a few very good free Antivirus products which are available (Only Choose One):

• AntiVir Personal
• AVG Free
• AVAST!
• PC Tools AntiVirus

Select one of these, or another of your choice. Download, install, and update definitions.



Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Now for some cleanup..
Please download OTCleanIt and save it to Desktop.

• Please make sure you are connecting to the Internet
• Double-click OTCleanIt.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
   
   
   
2. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
3. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
   No Firewall Onboard
   
   You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:
   
   • Sunbelt Personal Firewall
   • Comodo Firewall Pro
   • ZoneAlarm
   • OutPost Firewall
   
   
   
   
4. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
5. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
6. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
7. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

This post has been edited by SpySentinel: Oct 6 2008, 02:37 PM

Great! I can't tell you how thankful I am for all of your help! You saved me a lot of money in computer repair cost. Your instructions were simple and easy to follow and I learned a great deal. Its great what you and all the others on geekstogo.com do. I will defiantly follow-up with your suggested antivirus programs and other advice for keeping a clean computer. Thanks again!!!!!!

Hi JTD4T11. Thanks for the kind reply. You are very welcome. I am glad I was able to help you out.
Please feel free to ask me any questions you may have. And don't be a stranger on the forums.

SpySentinel

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.