Remove WinBlueSoft

I need this off my computer, and nothing has worked. I'm not able to install Anti-Malware software, because when I click on the download link. It comes up as like its not a site even, something with an error.

Here are my hijackthis logs


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:47 PM, on 6/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Downloads\Hijack(GP)This.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4143ED64-F2B3-4CCF-AE10-9232F0329D28}: NameServer = 85.255.112.25,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF915CC9-97A0-4700-BA18-0AB31D1F14E2}: NameServer = 85.255.112.25,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8482 bytes


thank you for your help.

Hello.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
  O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{4143ED64-F2B3-4CCF-AE10-9232F0329D28}: NameServer = 85.255.112.25,85.255.112.165
  O17 - HKLM\System\CCS\Services\Tcpip\..\{BF915CC9-97A0-4700-BA18-0AB31D1F14E2}: NameServer = 85.255.112.25,85.255.112.165
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I got to this step:

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

It didn't load the page, it came up with this error.

Address Not Found
Firefox can't find the server at www.malwarebytes.org.


The browser could not find the host server for the provided address.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (ESET NOD32)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I'm currently on my other computer typing this up.

I ran combo fix, after a few minutes it came up with this box.

ComboFix has detected the presence of rootkit activity and needs to reboot the machine
Kindly note down on paper, the name of each file. We may need it later

C:\\Windows\system32\drivers\MSIVXunysippnxqttjmdpymvvpxivvmuqafhs.sys
C:\Windows\system32\MSIVXtriosptdxyprwwecitoqreybxtqrwxvd.dll
C:\Windows\system32\MSIVXeptkwnklkdasknxmvarcbyqeaqmhxaxx.dll



I pressed ok and its now restarting.

Here is the Combofix.txt


ComboFix 09-06-12.02 - Owner 06/12/2009 19:51.1 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3002.1997 [GMT -5:00]
Running from: c:\users\Owner\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1003295z517.dll
c:\windows\10523virzs2569.dll
c:\windows\10829spamz5t29c.exe
c:\windows\10961vizus6945.cpl
c:\windows\11099rzj751.exe
c:\windows\115zdownload9r885.dll
c:\windows\11961worm951z.ocx
c:\windows\11zad5wa9e246.exe
c:\windows\123z3hack59ol18c.exe
c:\windows\12505trzj949.cpl
c:\windows\125dvzr1209.ocx
c:\windows\12923v59uz2cc.exe
c:\windows\12959wor985z.exe
c:\windows\1322zhrea959516.cpl
c:\windows\13857haczto5l5f89.bin
c:\windows\13954not-a-vir5s19az.cpl
c:\windows\13z41viru9855.exe
c:\windows\13z82not-a-virus4995.ocx
c:\windows\1432zs9y570.cpl
c:\windows\1454wo9z1df.exe
c:\windows\14758noz95-virus2de.exe
c:\windows\1539zh9cktool3dc.dll
c:\windows\1544zhacktoo9675.exe
c:\windows\15509worm559z.dll
c:\windows\15889vi9us4z5.exe
c:\windows\159zvir695.exe
c:\windows\15e9backd5or253z.ocx
c:\windows\161zsp9r5e2314.cpl
c:\windows\169e9pywaz52740.dll
c:\windows\1722zwor9538.bin
c:\windows\1759backdo5rz804.bin
c:\windows\178239roz555.dll
c:\windows\17852vizus59d.bin
c:\windows\179z5n9t5a-virus56b.cpl
c:\windows\182dzhief18459.exe
c:\windows\18644worz359.cpl
c:\windows\189ebackdoor5160z.ocx
c:\windows\18z53worm7809.ocx
c:\windows\19395t5zjd9.bin
c:\windows\19485hackt5ol4zb.dll
c:\windows\1957wor9zac5.exe
c:\windows\195fspazse5611.bin
c:\windows\197655roz692.bin
c:\windows\19955hazk5ool5e6.ocx
c:\windows\19z31s9y4625.cpl
c:\windows\19z99hr5at16989.cpl
c:\windows\1a26zhi9f28595.cpl
c:\windows\1a2edownlozder29145.cpl
c:\windows\1a4b5hreat25299z.dll
c:\windows\1b8czh5ef999.cpl
c:\windows\1cbb9ck5oorz33.bin
c:\windows\1cedzpa5se2948.bin
c:\windows\1d97threzt25982.bin
c:\windows\1e1avi9514z.cpl
c:\windows\1e915tezl2941.exe
c:\windows\1fzbbackd5or2994.dll
c:\windows\1z056viru923b.bin
c:\windows\1z106spy2459.cpl
c:\windows\1z20sp5ware1569.exe
c:\windows\1z9485orm3799.ocx
c:\windows\1z995not5a-virus16a.exe
c:\windows\20992zo5-a-virus302.ocx
c:\windows\20bcspazse859.ocx
c:\windows\20z25viru959a.bin
c:\windows\2110bazkd59r2910.bin
c:\windows\21zadd5are9843.ocx
c:\windows\2298zhacktoo53859.ocx
c:\windows\229zbackdo5r3269.exe
c:\windows\23283ha5k9ooz698.dll
c:\windows\23865h5cktzol5529.cpl
c:\windows\23909wo5mzd7.cpl
c:\windows\241219ot-a-5zrus5b5.exe
c:\windows\2434spy9a5e2698z.bin
c:\windows\247z559rmc2.exe
c:\windows\2485spzrse1599.bin
c:\windows\2492not-azv5ru94ec.exe
c:\windows\250bbackdoorz959.dll
c:\windows\2544d9wnlozder392.dll
c:\windows\25487spyzf19.dll
c:\windows\25689viruz493.ocx
c:\windows\25755s95mbotz7b.bin
c:\windows\258z29i5us16c.dll
c:\windows\262975zy589.ocx
c:\windows\26505hacktzol9c.ocx
c:\windows\26518v5rusz93.ocx
c:\windows\26569ackdoo51035z.cpl
c:\windows\26625zckdoo91674.ocx
c:\windows\266z65ir9s557.cpl
c:\windows\26f99pywz5e655.dll
c:\windows\271edownloazer52219.exe
c:\windows\28256z9ru517f.dll
c:\windows\28479hackt95lz30.exe
c:\windows\28bzste592604.dll
c:\windows\2905zir1710.cpl
c:\windows\29553wzrm2c3.exe
c:\windows\29580hacktozl565.dll
c:\windows\295czhief9589.ocx
c:\windows\29613hacktoo5z15.bin
c:\windows\2b9at95ezt15260.bin
c:\windows\2be0t9ief2573z.cpl
c:\windows\2c59vir2z15.ocx
c:\windows\2c64spywaze895.bin
c:\windows\2z585not9a-vir5s19b.ocx
c:\windows\2z905worm39c.exe
c:\windows\2z9355py2d8.ocx
c:\windows\2zf09hi5f2356.dll
c:\windows\3084zworm4795.bin
c:\windows\30f9adzware1035.bin
c:\windows\312079roz5c8.cpl
c:\windows\31319no5-a-vzrus904.exe
c:\windows\319855py57z.ocx
c:\windows\32295wor52z9.cpl
c:\windows\324109acktool4z5.dll
c:\windows\32429sp55e5z.bin
c:\windows\32551ha5ktoo972z.cpl
c:\windows\32bethie5925z.cpl
c:\windows\32dzaddwa9e8585.bin
c:\windows\349bvzr5726.ocx
c:\windows\35395z896.ocx
c:\windows\353estea92827z.exe
c:\windows\3547s9yw5ze2567.bin
c:\windows\35z8v9r335.dll
c:\windows\3895stzal2773.bin
c:\windows\3901s5yware1z15.dll
c:\windows\39094spyz355.ocx
c:\windows\390bz5r909.dll
c:\windows\3991thr5at1z724.bin
c:\windows\3c56zddware5009.exe
c:\windows\3dc5addzare5319.dll
c:\windows\3e5a5hrea913z38.bin
c:\windows\3f2bback5zo9282.cpl
c:\windows\3z485not9a-virus1c5.bin
c:\windows\3z999pyware354.cpl
c:\windows\3zd4th9ef2055.exe
c:\windows\4025tzie91012.exe
c:\windows\43e29hreaz213135.cpl
c:\windows\449bzparse1115.ocx
c:\windows\44afspar5e269z9.bin
c:\windows\45z9parse2596.exe
c:\windows\46s9am5ot4ze.dll
c:\windows\4825threat2989z.ocx
c:\windows\4893s5azse1883.bin
c:\windows\492bb5ckdoorz459.exe
c:\windows\4a2eback9oorz4685.bin
c:\windows\4a3bzparse96875.dll
c:\windows\4b315zy9are2495.exe
c:\windows\4bcbt9ie51z34.dll
c:\windows\4bfdzhief5093.ocx
c:\windows\4c35spywar9z309.cpl
c:\windows\4d17thiefz59.ocx
c:\windows\4fd5s9zware1366.dll
c:\windows\50489zroj5a2.cpl
c:\windows\51592hacktool98fz.cpl
c:\windows\51easpyware10z9.ocx
c:\windows\51f4spywar9121z.cpl
c:\windows\52549wozm18e.dll
c:\windows\52652hacktool6a9z.ocx
c:\windows\5281zhief3969.cpl
c:\windows\5359hreaz31657.cpl
c:\windows\53f29py5arez597.cpl
c:\windows\544baczdoor39175.cpl
c:\windows\545ath5ef9z56.ocx
c:\windows\5482troj4z69.exe
c:\windows\5495zspy7a.bin
c:\windows\549athzef2334.bin
c:\windows\55207hacktzo9522.dll
c:\windows\5591spywzr9695.bin
c:\windows\5594spywaze1096.exe
c:\windows\5595backdooz998.dll
c:\windows\55995hrzat19970.cpl
c:\windows\55a5do9zloader1528.cpl
c:\windows\55c9zhie51712.bin
c:\windows\55cfsp9ware219z.ocx
c:\windows\5698azdw5re548.exe
c:\windows\56abackdooz99215.bin
c:\windows\56ds5azse1499.ocx
c:\windows\56e5spyzar9565.ocx
c:\windows\57345vi9usfz.ocx
c:\windows\57747not-z-viru94ad.exe
c:\windows\57d9steal198z.dll
c:\windows\57zfthie93237.cpl
c:\windows\5829pazse2937.bin
c:\windows\58979ot-a-zi5us151.bin
c:\windows\5927bacz5oor369.bin
c:\windows\5929downloa5er1z26.dll
c:\windows\5939hacktzo95f9.dll
c:\windows\5941th5ef310z.bin
c:\windows\594fdownzoa5er2079.bin
c:\windows\5981ba9kdoor5048z.cpl
c:\windows\5a99backdoor2175z.cpl
c:\windows\5abfaddw9rez8295.dll
c:\windows\5b71zi5593.bin
c:\windows\5ba1azd95re51.ocx
c:\windows\5c589azkdoor1704.ocx
c:\windows\5de5spzrse2904.dll
c:\windows\5e559pzrse411.ocx
c:\windows\5eddzhreat15890.ocx
c:\windows\5f09sp5rsez429.ocx
c:\windows\5f29addwarz5089.bin
c:\windows\5fez9hief754.cpl
c:\windows\5z10b9ckdoor92.dll
c:\windows\5z1as95al702.dll
c:\windows\5zcfvi510699.ocx
c:\windows\5zdthief5749.dll
c:\windows\613c5hr9az31099.bin
c:\windows\617steal59z.ocx
c:\windows\6188h5cztool91a.cpl
c:\windows\61czs59al2258.dll
c:\windows\620ds5arse895z.exe
c:\windows\635csparsz9579.ocx
c:\windows\6429steaz3185.exe
c:\windows\6449spywaz5802.exe
c:\windows\6479spyware1159z.exe
c:\windows\64ddsp95sez201.dll
c:\windows\650zspars91506.ocx
c:\windows\65c9szyware1529.exe
c:\windows\65eszarse1927.ocx
c:\windows\6642t5o972az.ocx
c:\windows\6692thizf28495.exe
c:\windows\6695thiefz597.bin
c:\windows\6755bzckdoor2909.ocx
c:\windows\67c3addwar527z9.exe
c:\windows\67zbad95are1358.ocx
c:\windows\6860ste9z25695.ocx
c:\windows\68z1t59j412.dll
c:\windows\695tz5j119.ocx
c:\windows\69z9st95l866.cpl
c:\windows\6a31tzre9t14553.bin
c:\windows\6ac3addwaze13965.exe
c:\windows\6f38sze95198.cpl
c:\windows\6z1695ief220.dll
c:\windows\7055dow9loader210z.bin
c:\windows\70a1d9wnloader2z05.bin
c:\windows\7141s5azse7879.dll
c:\windows\7229downl5ader2z58.bin
c:\windows\72z9vir985.exe
c:\windows\74a75ackdooz297.ocx
c:\windows\74d9bazkdoor1785.exe
c:\windows\758cste9z2502.bin
c:\windows\759zh5ef654.cpl
c:\windows\7850a9dwzre556.cpl
c:\windows\78795izus73f.ocx
c:\windows\789fd5znloade92410.bin
c:\windows\7974ad5wzr91757.exe
c:\windows\79e5steal5570z.ocx
c:\windows\7ae5steaz23449.exe
c:\windows\7c40zhre5t1499.cpl
c:\windows\7e69thre9t302z5.dll
c:\windows\7f32do9n5zader3087.exe
c:\windows\7f59downloader10z.ocx
c:\windows\7fzestea9506.bin
c:\windows\8230sp5m9ot1zf.bin
c:\windows\82z9spy359.cpl
c:\windows\8569s9az5ot2cb.dll
c:\windows\90040sp5z0.cpl
c:\windows\90284sp5mbotz13.ocx
c:\windows\90d6zte5l2152.ocx
c:\windows\913spam5ot6az.exe
c:\windows\9162spz258.dll
c:\windows\91f3ste5z16.exe
c:\windows\93493spamzot65d5.bin
c:\windows\9379sp5105z.dll
c:\windows\9385zhie53005.cpl
c:\windows\9392zspy175.bin
c:\windows\9398troj5z3.ocx
c:\windows\93d6zparse565.dll
c:\windows\93dzsteal30725.bin
c:\windows\9466t9oj5az.bin
c:\windows\94754ha5ktooz4cd.ocx
c:\windows\9515tzoj1d0.dll
c:\windows\95172spy9fz.bin
c:\windows\951caddware1z81.exe
c:\windows\95359spy1dz.exe
c:\windows\9540w5rm3z4.dll
c:\windows\9548worm6f9z.exe
c:\windows\9553dowzloader2274.bin
c:\windows\95558hacktool55z.exe
c:\windows\9555v9zus656.bin
c:\windows\9556downl5adzr557.cpl
c:\windows\9566s9y5fz.exe
c:\windows\957faddware2543z.ocx
c:\windows\95876zackt5ol655.dll
c:\windows\95a8vzr557.exe
c:\windows\95fadd59rz1866.ocx
c:\windows\96697sp5za9.exe
c:\windows\9799vi5us62z.exe
c:\windows\99903no5-a-virus5z4.cpl
c:\windows\9a3tzr59t12920.exe
c:\windows\9aad5teal1z33.bin
c:\windows\9c27addwar5326z.exe
c:\windows\9dzb5ckdoor3199.exe
c:\windows\9facad5ware608z.cpl
c:\windows\9g2234wesdf3dfgjf23
c:\windows\9z02tr5j46d9.ocx
c:\windows\9z64spa5se1869.dll
c:\windows\af5steal9208z.exe
c:\windows\b04back5o9r370z.dll
c:\windows\c9sp5rse250z.dll
c:\windows\e59downlzader775.exe
c:\windows\ecdsp9waz591.exe
c:\windows\f795pyw9rez859.ocx
c:\windows\system32\1007b5ckz9or734.dll
c:\windows\system32\10169worm53z.bin
c:\windows\system32\10505not-a-viz9s1a7.cpl
c:\windows\system32\10915hacztoo9496.bin
c:\windows\system32\10952viruz55d9.bin
c:\windows\system32\10z835pa9bot4bd.ocx
c:\windows\system32\11099zor57b9.dll
c:\windows\system32\11454wo9m7a0z.bin
c:\windows\system32\1145addwaze906.cpl
c:\windows\system32\114955py95z.dll
c:\windows\system32\11870not-z-vi5us7689.exe
c:\windows\system32\121785ro91zb.bin
c:\windows\system32\12258hzckto9l24d.exe
c:\windows\system32\1259zroj69a5.dll
c:\windows\system32\12951vizu53e5.exe
c:\windows\system32\1385thief5z39.exe
c:\windows\system32\13967wo5m2b9z.cpl
c:\windows\system32\13a09zyware29965.cpl
c:\windows\system32\14065n9t-a-vz5us667.cpl
c:\windows\system32\145689ackzool16.exe
c:\windows\system32\1484ztro5579.ocx
c:\windows\system32\15066not-z-virus956.bin
c:\windows\system32\150back9oorz775.cpl
c:\windows\system32\15592zroj399.bin
c:\windows\system32\155z5wor9336.dll
c:\windows\system32\15613t9o57acz.dll
c:\windows\system32\15778spazbo5699.bin
c:\windows\system32\15820sp5mbotz91.dll
c:\windows\system32\158529izus4e4.bin
c:\windows\system32\15896s9z769.exe
c:\windows\system32\1597viz895.dll
c:\windows\system32\15z41wo5934a.ocx
c:\windows\system32\15z69no5-a-vi9us1b.dll
c:\windows\system32\16516no59azvirus4b5.cpl
c:\windows\system32\168675acktool3z09.dll
c:\windows\system32\1692spyw9r560z.ocx
c:\windows\system32\16f9spa5sz139.exe
c:\windows\system32\16z45hr9at31207.dll
c:\windows\system32\16z52hackt5ol67f9.bin
c:\windows\system32\1752downl9ader25z3.cpl

c:\windows\system32\17544zo5-a-9irus3bf.bin
c:\windows\system32\1769spyware1z59.dll
c:\windows\system32\177fst59l162z.ocx
c:\windows\system32\178209zckto5la2.ocx
c:\windows\system32\1799vzr596.dll
c:\windows\system32\17d9downloadzr9075.ocx
c:\windows\system32\17z95worm6d1.cpl
c:\windows\system32\18929h5cktozl6199.dll
c:\windows\system32\18z595ot-a-virus4c5.bin
c:\windows\system32\1905wor56zb.exe
c:\windows\system32\19093not-a-z5r9s1b2.dll
c:\windows\system32\1919vz51916.cpl
c:\windows\system32\19456wzrm479.ocx
c:\windows\system32\19542n9t-a-viruz544.bin
c:\windows\system32\195685pa9bot5f7z.exe
c:\windows\system32\19651hackto5z1ac.ocx
c:\windows\system32\19711viz5s112.bin
c:\windows\system32\1975stz5l323.bin
c:\windows\system32\19800sz51c3.dll
c:\windows\system32\19823zp5395.exe
c:\windows\system32\19827not-a-vzr5s71b.exe
c:\windows\system32\19942tro5z06.dll
c:\windows\system32\1b7bvzr1956.bin
c:\windows\system32\1d5zs5ar9e1241.cpl
c:\windows\system32\1f9edow59oader12z.dll
c:\windows\system32\1z19not-5-virus1939.exe
c:\windows\system32\1z469virus6535.cpl
c:\windows\system32\1z55th59f2150.exe
c:\windows\system32\1z92steal15175.cpl
c:\windows\system32\1z957vir9s458.cpl
c:\windows\system32\1zbdownlo9der2159.ocx
c:\windows\system32\20559ha9zt5ol505.dll
c:\windows\system32\21751n9t-z-virus23d.exe
c:\windows\system32\2192zi52064.exe
c:\windows\system32\21990hac5zool3489.bin
c:\windows\system32\2205addzare3919.bin
c:\windows\system32\223975irusz99.bin
c:\windows\system32\225zthief899.dll
c:\windows\system32\2291no9-a-viruz259.bin
c:\windows\system32\23310tro955bz.cpl
c:\windows\system32\23cbvir5z9.ocx
c:\windows\system32\24197n59-a-virus1zc.ocx
c:\windows\system32\24295woz56b9.ocx
c:\windows\system32\2429vzr20005.dll
c:\windows\system32\242z9troj1915.ocx
c:\windows\system32\24327ha5k9oolzf2.ocx
c:\windows\system32\24862zir591b9.ocx
c:\windows\system32\25003hac5zool691.bin
c:\windows\system32\25013zr5968.dll
c:\windows\system32\25159t5oj9zf.dll
c:\windows\system32\25183not-a-v9rz52c5.cpl
c:\windows\system32\25254wormz9.ocx
c:\windows\system32\2529zteal23255.cpl
c:\windows\system32\25343n9t-z-virus763.bin
c:\windows\system32\25580tr9z73b.exe
c:\windows\system32\25629n9tza-virus1735.ocx
c:\windows\system32\2567a9dwarez65.bin
c:\windows\system32\25z6threat49489.cpl
c:\windows\system32\25z97w5rm163.bin
c:\windows\system32\26162noz5a-virus19e.cpl
c:\windows\system32\26zbdownloade51956.dll
c:\windows\system32\270aspy5zre18919.dll
c:\windows\system32\2737hacktool5ez9.cpl
c:\windows\system32\27e9s9zal2955.ocx
c:\windows\system32\28599spzmbot4495.exe
c:\windows\system32\285threatz25549.ocx
c:\windows\system32\2870znot5a9virus645.ocx
c:\windows\system32\287et59eat24z9.bin
c:\windows\system32\28955zr5j20.ocx
c:\windows\system32\28z32tr9j359.dll
c:\windows\system32\29014s5y29z.bin
c:\windows\system32\29174nzt-a-virus158.bin
c:\windows\system32\29271not-a-vi95s3z8.exe
c:\windows\system32\29493s5azbot12.bin
c:\windows\system32\299115iruz275.exe
c:\windows\system32\2998th5eaz296.exe
c:\windows\system32\29ezstea5857.cpl
c:\windows\system32\29z3v5r9177.dll
c:\windows\system32\2afeth5zat226379.ocx
c:\windows\system32\2baez5ywa9e2608.dll
c:\windows\system32\2c98thr5zt29869.bin
c:\windows\system32\2c9fsp5ware781z.exe
c:\windows\system32\2e9cdz5nloader326.ocx
c:\windows\system32\2ebf5zr949.ocx
c:\windows\system32\2f4f95ief2198z.exe
c:\windows\system32\2fdca9dware1z54.ocx
c:\windows\system32\2z2159acktool55c.cpl
c:\windows\system32\2z25th9ef939.exe
c:\windows\system32\2zcfth9e52977.ocx
c:\windows\system32\30110viz951c6.bin
c:\windows\system32\3054ztr9j495.exe
c:\windows\system32\30735zot-a-vi9us205.cpl
c:\windows\system32\30z27not-5-viru9d.cpl
c:\windows\system32\31084hzck5ool790.bin
c:\windows\system32\311315pzmbo9614.exe
c:\windows\system32\31150zpa5bot3739.bin
c:\windows\system32\31176h95kzool12d.bin
c:\windows\system32\31559zb3.ocx
c:\windows\system32\31566not-9zvirus32e.dll
c:\windows\system32\32155not-a-vzru51039.exe
c:\windows\system32\3266zs9amb5t6bf.bin
c:\windows\system32\326zthi9f2445.cpl
c:\windows\system32\32bbdo9nloader556z.ocx
c:\windows\system32\3359t9r5at2992z.dll
c:\windows\system32\338faddwa5ez0449.dll
c:\windows\system32\3392zo9m45b.dll
c:\windows\system32\33979py75z.dll
c:\windows\system32\33z4b9ckdoor2255.ocx
c:\windows\system32\349bvir9z15.bin
c:\windows\system32\3509s9zal2097.ocx
c:\windows\system32\3515spzmbot93b.ocx
c:\windows\system32\351z8not-a-vi9us359.dll
c:\windows\system32\3546d5wnl9adez1486.bin
c:\windows\system32\3789tr5jz8c.bin
c:\windows\system32\3899not9a5virusz4d.exe
c:\windows\system32\3946vir597z.cpl
c:\windows\system32\3954hacktool612z.dll
c:\windows\system32\3955spzmbot93.exe
c:\windows\system32\39c5thre9t291z1.ocx
c:\windows\system32\3ac5bac9door139z.bin
c:\windows\system32\3cz09p5rse2088.ocx
c:\windows\system32\3dba9pywa5ez573.ocx
c:\windows\system32\3dc8stzal1599.dll
c:\windows\system32\3dz5ddw9re1997.ocx
c:\windows\system32\3e82sparsz29495.dll
c:\windows\system32\3z04vir1959.exe
c:\windows\system32\3z266wo5m9cc.bin
c:\windows\system32\3z8addwar9850.exe
c:\windows\system32\417e9ddwaz51244.cpl
c:\windows\system32\432zv9r1514.exe
c:\windows\system32\43z2s5eal2298.ocx
c:\windows\system32\4416s9z7f5.bin
c:\windows\system32\4499sp9rsz5050.exe
c:\windows\system32\44z4worm9225.dll
c:\windows\system32\4551thizf1955.exe
c:\windows\system32\459thief295z.exe
c:\windows\system32\45cbthz9at15654.exe
c:\windows\system32\45e95zreat9141.exe
c:\windows\system32\464bdownlo5derz4419.bin
c:\windows\system32\465zdownload9r5052.bin
c:\windows\system32\469bz9y5are2512.exe
c:\windows\system32\47b9adzware5189.bin
c:\windows\system32\47c7szy5a9e847.dll
c:\windows\system32\495ezhre9t22934.exe
c:\windows\system32\498da5zware3063.exe
c:\windows\system32\49f2do5nzoad9r98.dll
c:\windows\system32\4b6atzief26859.exe
c:\windows\system32\4c50spzr9e1549.cpl
c:\windows\system32\4dz5threat75239.exe
c:\windows\system32\4e9dviz6559.cpl
c:\windows\system32\4eezs59rse206.ocx
c:\windows\system32\4fb7thi9f475z.ocx
c:\windows\system32\4z5a9ir5932.ocx
c:\windows\system32\4z99vir30255.exe
c:\windows\system32\4zadsp9ware575.exe
c:\windows\system32\5073zorm39b9.ocx
c:\windows\system32\5119z9py471.dll
c:\windows\system32\51315not-a-vi9zs1a0.bin
c:\windows\system32\51375oz9loader2215.exe
c:\windows\system32\5159hazktoo9258.cpl
c:\windows\system32\51e1d9wnl5aderz47.dll
c:\windows\system32\522b9hreaz50057.exe
c:\windows\system32\523e5zr21609.bin
c:\windows\system32\52829zrus30.ocx
c:\windows\system32\52za5hief2951.cpl
c:\windows\system32\5324a95warz2909.dll
c:\windows\system32\53299pyzf5.bin
c:\windows\system32\53587hack9ool4z3.cpl
c:\windows\system32\536et5z9f244.exe
c:\windows\system32\5389s5yzare993.ocx
c:\windows\system32\53d95tzal9693.bin
c:\windows\system32\5434s9ea52z23.dll
c:\windows\system32\5487viruszf49.dll
c:\windows\system32\549ezir2196.dll
c:\windows\system32\54e8v5r24z9.cpl
c:\windows\system32\55000spy3z9.dll
c:\windows\system32\5519addwarz1945.exe
c:\windows\system32\55bcd5wnlozder1229.exe
c:\windows\system32\55bdvir319z.dll
c:\windows\system32\55z8addware2799.exe
c:\windows\system32\55z9virus9a.dll
c:\windows\system32\564ds9ywarez648.cpl
c:\windows\system32\56533spyz95.exe
c:\windows\system32\56689ot-a-virusz4f.bin
c:\windows\system32\5679sp5warez5779.cpl
c:\windows\system32\57035iz1996.exe
c:\windows\system32\5765thr9zt14710.dll
c:\windows\system32\5796addware3085z.cpl
c:\windows\system32\57fthief100z9.exe
c:\windows\system32\582zspy296.cpl
c:\windows\system32\58d2addwar95459z.exe
c:\windows\system32\58e5downlzader1597.ocx
c:\windows\system32\58fczhie9944.exe
c:\windows\system32\58z1vir9s55b.ocx
c:\windows\system32\5905tzreat11285.bin
c:\windows\system32\5916backdoor2z5.dll
c:\windows\system32\59276tzoj409.bin
c:\windows\system32\592zvir2653.cpl
c:\windows\system32\59505ownlozder2759.dll
c:\windows\system32\5951zir14.bin
c:\windows\system32\59637zpambot902.bin
c:\windows\system32\59995parse193z.exe
c:\windows\system32\59a8spars53219z.exe
c:\windows\system32\59acaddwarz2427.dll
c:\windows\system32\59zevir3157.dll
c:\windows\system32\5a1zthrea596009.dll
c:\windows\system32\5a5badzwa9e1749.bin
c:\windows\system32\5b49spyzare1878.bin
c:\windows\system32\5b93stezl8105.exe
c:\windows\system32\5bbeszyware2925.dll
c:\windows\system32\5bs95alz02.cpl
c:\windows\system32\5c97backdzo52257.dll
c:\windows\system32\5e39st5al1z49.cpl
c:\windows\system32\5e61back5oor829z.dll
c:\windows\system32\5e85o9nloader1396z.bin
c:\windows\system32\5f8zteal2954.dll
c:\windows\system32\5z19addwar91065.bin
c:\windows\system32\5z31t5i9f922.cpl
c:\windows\system32\5z37ba9kdoor5981.bin
c:\windows\system32\5z39backdoor156.exe
c:\windows\system32\5z65t9ief2811.ocx
c:\windows\system32\5z96thie92015.cpl
c:\windows\system32\5za4backdoo9343.exe
c:\windows\system32\5ze9threat3581.exe
c:\windows\system32\618zspy5are2129.exe
c:\windows\system32\6193zp9567.ocx
c:\windows\system32\6195azdware901.cpl
c:\windows\system32\61bzi9525.ocx
c:\windows\system32\6220vzrus5059.ocx
c:\windows\system32\6465zpy5are9599.dll
c:\windows\system32\649zspy7d15.dll
c:\windows\system32\65439parse5681z.exe
c:\windows\system32\6543thzef25519.cpl
c:\windows\system32\6555n9t-a-viruz53b.ocx
c:\windows\system32\655z9ir1080.cpl
c:\windows\system32\660dspa9sez6955.dll
c:\windows\system32\6687t5ief9520z.exe
c:\windows\system32\66a8backdzor24895.cpl
c:\windows\system32\6921az5war92372.exe
c:\windows\system32\69z8d9wn5oader290.exe
c:\windows\system32\6ba2azdware956.cpl
c:\windows\system32\6baba9kdoor305z.ocx
c:\windows\system32\6c259pzware896.bin
c:\windows\system32\6d75spyware9647z.ocx
c:\windows\system32\6dedow5loazer9427.ocx
c:\windows\system32\6e53backd59r32z.ocx
c:\windows\system32\6e88th5eatz3249.cpl
c:\windows\system32\6f04dow9loaderz526.ocx
c:\windows\system32\6z1aspars923105.exe
c:\windows\system32\6za0s9eal9125.cpl
c:\windows\system32\7159ste5l925z.bin
c:\windows\system32\72559pyzare2239.cpl
c:\windows\system32\7450zackdo9r575.exe
c:\windows\system32\74c5thiez2913.exe
c:\windows\system32\7575dd9zre2771.exe
c:\windows\system32\75e9steal3z83.cpl
c:\windows\system32\75ecaddwzre22945.cpl
c:\windows\system32\760zhackt95l138.cpl
c:\windows\system32\7693thrzat20459.dll
c:\windows\system32\77385or96bz.cpl
c:\windows\system32\77509parsz510.cpl
c:\windows\system32\776s5eal32z9.exe
c:\windows\system32\785zthief2197.exe
c:\windows\system32\78f6zackdo9r658.exe
c:\windows\system32\7967spar5z2032.exe
c:\windows\system32\7bz9ad5ware39.cpl
c:\windows\system32\7ea95hzeat23244.exe
c:\windows\system32\7z465roj9c9.ocx
c:\windows\system32\7z91addw5re2331.dll
c:\windows\system32\7zbdspywa5e394.ocx
c:\windows\system32\81785pa9bot72z.dll
c:\windows\system32\8658vir9s5z5.exe
c:\windows\system32\8z85virus49f.ocx
c:\windows\system32\9028b5zkdoor75.dll
c:\windows\system32\90477s5ambotf4z.dll
c:\windows\system32\9154zpy3529.exe
c:\windows\system32\91601zot-a5virusf9.dll
c:\windows\system32\92006w5rmb4z.cpl
c:\windows\system32\92179w5zm58d.cpl
c:\windows\system32\9218virzs555.exe
c:\windows\system32\9309hac5toz95f4.exe
c:\windows\system32\9355baczdoor634.ocx
c:\windows\system32\93853vizus648.exe
c:\windows\system32\941a5pazse1950.cpl
c:\windows\system32\9493vi5usz3a.ocx
c:\windows\system32\95054spy7z0.cpl
c:\windows\system32\9542downloader288z.bin
c:\windows\system32\955wz9m195.exe
c:\windows\system32\9595spy27z5.ocx
c:\windows\system32\95a7vir180z.exe
c:\windows\system32\95cdzwnlo5der795.cpl
c:\windows\system32\963z5rm110.bin
c:\windows\system32\96712wozm6d5.cpl
c:\windows\system32\972c5hiefz158.dll
c:\windows\system32\975dvzr1787.dll
c:\windows\system32\9781zhackt5ol505.bin
c:\windows\system32\98395zy437.cpl
c:\windows\system32\98z0threat3256.exe
c:\windows\system32\99095irus28az.bin
c:\windows\system32\990evi5z196.dll
c:\windows\system32\99229hacktool4z5.dll
c:\windows\system32\9988ha5ktooz69c.cpl
c:\windows\system32\9996tr5j50z.exe
c:\windows\system32\9bf0s5eal102z.bin
c:\windows\system32\9c7dsparsz5838.bin
c:\windows\system32\9f6sz5rse209.exe
c:\windows\system32\9f82th5ef7z7.cpl
c:\windows\system32\9f8espyware1z955.bin
c:\windows\system32\a56steal93z9.cpl
c:\windows\system32\a6stea9z955.exe
c:\windows\system32\ba5thzeat99155.cpl
c:\windows\system32\c19a9dwarz28955.ocx
c:\windows\system32\c9zba59door2999.cpl
c:\windows\system32\d699ir5z9.bin
c:\windows\system32\d7dzpyw9re1542.dll
c:\windows\system32\drivers\MSIVXunysippnxqttjmdpymvvpxivvmuqafhs.sys
c:\windows\system32\f89tzrea525709.cpl
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXeptkwnklkdasknxmvarcbyqeaqmhxaxx.dll
c:\windows\system32\MSIVXtriosptdxyprwwecitoqreybxtqrwxvd.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z0311hac5to9l396.exe
c:\windows\system32\z0542worm7c9.exe
c:\windows\system32\z071tr59e5.exe
c:\windows\system32\z0855wor965e.ocx
c:\windows\system32\z36099py62f5.cpl
c:\windows\system32\z37t5ief1449.cpl
c:\windows\system32\z495t9o5c4.ocx
c:\windows\system32\z5088wo9m4c2.ocx
c:\windows\system32\z5099s9am5ot7c3.dll
c:\windows\system32\z532not-a-v9ru565.dll
c:\windows\system32\z579vir5549.bin
c:\windows\system32\z590thre5t10892.bin
c:\windows\system32\z5b5s9arse1846.bin
c:\windows\system32\z6558not-a-vir9s4fa.bin
c:\windows\system32\z6994w95m504.dll
c:\windows\system32\z6b5sparse9004.cpl
c:\windows\system32\z7753t9oj499.exe
c:\windows\system32\z777h9ckt5ol649.exe
c:\windows\system32\z884spar9e13885.dll
c:\windows\system32\z899spa5se611.dll
c:\windows\system32\z905ir2592.bin
c:\windows\system32\z9462t5o92d6.exe
c:\windows\system32\z9c2downl5ader2086.bin
c:\windows\system32\z9f9bac5door253.cpl
c:\windows\system32\zddethi592776.ocx
c:\windows\system32\ze95threat28441.dll
c:\windows\system32\ze9csteal2518.bin
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z130not-a9v5rus4da.dll
c:\windows\z14da9dw5re1599.cpl
c:\windows\z49evir22095.ocx
c:\windows\z539th5ef996.ocx
c:\windows\z5585not-a-virus7c9.exe
c:\windows\z568thi9f1635.dll
c:\windows\z569do5nloader811.bin
c:\windows\z656w9rm374.exe
c:\windows\z65929orm1b45.exe
c:\windows\z671spa9se955.ocx
c:\windows\z7320viru5139.ocx
c:\windows\z7775hief179.exe
c:\windows\z7926wor579b.exe
c:\windows\z7975n5t-a-9irus324.exe
c:\windows\z8251troj956.cpl
c:\windows\z851do9nloader5270.ocx
c:\windows\z8687hackt5ol729.bin
c:\windows\z885ad9ware2186.ocx
c:\windows\z909spy59f.cpl
c:\windows\z9546virus455.dll
c:\windows\z9800sp5mbot225.bin
c:\windows\zc1t5i9f2041.dll
c:\windows\zdb9thief5936.dll
c:\windows\zddathie92508.exe
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 01:13 . 2009-06-13 01:13 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-06-13 00:51 . 2009-06-13 00:51 -------- d-----w- c:\users\Owner\AppData\Local\ESET
2009-06-12 21:45 . 2009-06-12 21:45 -------- d-----w- c:\program files\Trend Micro
2009-06-12 21:35 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-12 21:35 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-12 21:35 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-12 21:35 . 2009-06-12 21:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-12 21:35 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-12 21:35 . 2009-06-12 21:36 -------- d-----w- c:\program files\Spyware Doctor
2009-06-12 21:35 . 2009-06-12 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Tools
2009-06-12 21:35 . 2009-06-12 21:35 -------- d-----w- c:\programdata\PC Tools
2009-06-12 21:18 . 2009-06-12 21:18 680 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-06-12 19:50 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-12 19:39 . 2009-06-12 19:39 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-12 19:39 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-12 19:38 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-12 19:38 . 2009-06-12 19:38 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-12 19:37 . 2009-06-12 19:39 -------- d-----w- c:\programdata\Lavasoft
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\program files\Lavasoft
2009-06-12 08:48 . 2009-06-12 08:48 2 ---h--w- c:\windows\ro122458.dat
2009-06-11 21:34 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-10 19:44 . 2009-06-12 10:12 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-06-10 06:50 . 2009-06-10 06:50 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2009-06-10 06:16 . 2009-06-10 21:35 -------- d-----w- c:\users\Owner\AppData\Local\Hewlett-Packard
2009-06-10 06:00 . 2009-06-10 06:00 -------- d-----w- c:\programdata\acccore
2009-06-10 05:01 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Roaming\acccore
2009-06-10 05:01 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\AOL OCP
2009-06-10 05:01 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2009-06-09 21:08 . 2009-06-09 21:08 -------- d-----w- c:\program files\ESET
2009-06-01 22:03 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-01 21:56 . 2009-06-01 21:56 -------- d-----w- c:\program files\MSXML 4.0
2009-05-22 14:34 . 2008-12-05 04:32 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-22 14:34 . 2008-12-05 04:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-22 14:33 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-22 14:33 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-05-22 14:33 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-05-22 14:31 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-22 14:31 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-05-22 14:31 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-05-22 14:31 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-22 14:31 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-22 14:31 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-22 14:29 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-22 14:16 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-22 14:16 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-22 14:16 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-22 14:16 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-22 14:16 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-22 14:16 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-22 14:16 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-22 14:16 . 2008-10-16 19:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-22 14:16 . 2008-10-16 18:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-21 22:25 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-21 22:24 . 2009-05-21 22:24 -------- d-----w- c:\program files\Common Files\L&H
2009-05-21 22:23 . 2009-05-21 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-21 22:22 . 2009-05-21 22:22 -------- d-----w- c:\windows\PCHEALTH
2009-05-21 22:22 . 2009-05-21 22:22 -------- d-----w- c:\program files\Microsoft.NET
2009-05-21 22:21 . 2009-05-21 22:21 -------- d--h--r- C:\MSOCache
2009-05-21 20:22 . 2009-06-12 21:16 -------- d-----w- C:\Temp
2009-05-21 19:12 . 2009-06-10 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Hewlett-Packard
2009-05-21 19:12 . 2009-05-21 19:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Symantec
2009-05-21 19:11 . 2009-05-21 19:11 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-05-21 19:10 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\VirtualStore
2009-05-21 19:06 . 2009-05-22 14:11 106552 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-21 19:00 . 2009-05-21 19:00 -------- d-----w- c:\users\Owner\AppData\Roaming\HP TCS
2009-05-21 18:59 . 2009-06-10 06:00 -------- d-----w- c:\programdata\Viewpoint
2009-05-21 18:59 . 2009-05-21 19:00 -------- d-----w- c:\program files\Viewpoint
2009-05-21 18:59 . 2009-06-10 05:02 -------- d-----w- c:\programdata\AOL OCP
2009-05-21 18:59 . 2009-05-21 18:59 -------- d-----w- c:\programdata\AOL
2009-05-21 18:59 . 2009-05-21 18:59 -------- d-----w- c:\program files\Common Files\AOL
2009-05-21 18:59 . 2009-06-11 23:31 -------- d-----w- c:\program files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 21:35 . 2008-06-27 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-10 21:34 . 2008-06-27 17:49 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-10 04:48 . 2008-06-27 17:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 21:03 . 2008-06-27 17:24 -------- d-----w- c:\programdata\Symantec
2009-06-01 22:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-21 22:23 . 2008-06-27 18:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-21 22:16 . 2008-06-27 18:28 -------- d-----w- c:\programdata\Microsoft Help
2009-05-21 18:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-21 18:57 . 2009-05-21 18:57 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G50 Notebook PC_Y5335KV_0U_Q2CE9129H70_E480012-001_4A_I360B_SWistron_V09.50_F.35_T090304_WV3-1_L409_M3003_J250_7Intel_86FD_92.17_#090401_N10EC8136;168C001C_(NW067UA#ABA)_XMOBILE_CN10_Z_2F.35.MRK
2009-04-24 16:05 . 2009-06-10 04:56 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 04:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-10 04:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 04:56 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 04:56 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-03-31 20:35 . 2009-06-10 21:29 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 22:30 . 2009-06-10 21:29 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-17 03:38 . 2009-05-22 14:29 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-22 14:29 24064 ----a-w- c:\windows\system32\amxread.dll
2008-06-27 16:02 . 2008-06-27 16:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0EA8201-8DF2-460B-8FA0-CA6DF34E6153}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{8454C891-500E-4F2E-B082-21ED4AB360D5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5D500A14-07EB-4251-995C-A11A6DB4967B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{587846ED-2948-470E-9137-F37EF73A7765}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4B863293-D703-4A63-AFAB-628AC1FDB3AA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{014DE51E-DF88-4DD2-8DC2-39A0B9F53A85}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6F00454D-0C8E-46F4-AE85-CC2B7E17BD8E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EE1F8A82-A706-4C5D-95F3-0BFB9317FE65}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{483C7465-B391-47B4-BC84-E3FB3577DE92}"= TCP:c:\program files\AIM6\aim6.exe:AIM

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/12/2009 2:39 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/12/2009 4:35 PM 130936]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [3/13/2008 4:52 PM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/13/2008 4:49 PM 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 921936]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6/27/2008 1:46 PM 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/21/2009 2:00 PM 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/4/2008 12:54 PM 113664]
S2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [1/20/2008 9:23 PM 21504]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/27/2008 12:46 PM 193840]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/12/2009 4:35 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
podmena REG_MULTI_SZ podmena
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-12 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-27 03:03]

2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{56A5D8AE-0650-49D9-9654-3F8826E131EC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6pv1t1ks.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 20:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-13 20:14
ComboFix-quarantined-files.txt 2009-06-13 01:14

Pre-Run: 193,760,022,528 bytes free
Post-Run: 193,935,560,704 bytes free

935 --- E O F --- 2009-06-12 07:09

I'm not sure if thats all I have to do? I haven't seen anything pop up yet, and it changed my wallpaper.

I'll keep you updated, let me know if there is anything further I was suppose to do.

thank you for your help.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
podmena
Viewpoint Manager Service

Folder::
c:\programdata\Viewpoint
c:\program files\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.