Removal of WinBlueSoft pop ups

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:33 PM, on 18/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBKP.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\mardy\Desktop\HiJack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6900F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBKP.EXE /FU "C:\Users\mardy\AppData\Local\Temp\E_S750.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - Startup: Hiro-Media Client.lnk = C:\Program Files\Hiro-Media\HiroClient\HiroClient.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-au.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4019633-2777-466F-9CA9-F38479E15424}: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
O18 - Protocol: hiro - {50BA1131-168F-4C08-A69B-4012273F222E} - C:\Program Files\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
O18 - Protocol: hirodownload - {77F2FF4C-CEDD-4C71-8ABF-DF7CC05EFC63} - C:\Program Files\Hiro-Media\HiroClient\HiroProtocolHandler.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 9175 bytes

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (AVG8)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hi, I followed your instructions and as I was running combofix a Warning came up to say "combofix has detected he following real time scanner to be active: Anti-virus and Anti-spyware: AVG. Antivirus programmes are known to interfere with Combofix's running. This may lead to unpredicatable results or possible machine damage. Please disable scanners before clicking OK."
I then tried to uninstall AVG with the following message "Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005
What shall I do now??
Thanks

Can you not just disable it using the instructions to the thread I linked to on BC?

I disabled AVG and ran Combo-fix but it still came up with message to say antivirus was still active. I pressed OK at my own risk, and Combofix disappeared. Nothing has happened.

Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try Combofix from safe mode.

Hi
I have run combofix in safe mode and I have saved the log. I have tried to paste it here but the message is too big. How do I send you the log.

Hello, please split the log into two posts or more if required.

PART 1 OF LOG:
ComboFix 09-06-18.02 - mardy 20/06/2009 12:09.1 - NTFSx86 NETWORK
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.61.1033.18.3326.2673 [GMT 10:00]
Running from: c:\users\mardy\Documents\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\mardy\AppData\Local\Temp\ppcrlui_1148_2
c:\windows\10113hacztool4559.dll
c:\windows\10195wozmca.exe
c:\windows\101e9ownloadez3025.cpl
c:\windows\109595roz1f5.exe
c:\windows\1106za9k5ool253.bin
c:\windows\113z4tro95c4.bin
c:\windows\1144zh59at27453.exe
c:\windows\11529sp5313z.bin
c:\windows\1250tzreat233729.exe
c:\windows\1279do5nlzader2554.dll
c:\windows\129spywzre3503.ocx
c:\windows\13209ot-a-v5ruz4f5.exe
c:\windows\13406hz5ktooldc9.cpl
c:\windows\13z5downloader2397.ocx
c:\windows\14226n5t-a-vi9uz76c.ocx
c:\windows\14475troz5c99.ocx
c:\windows\14543wzr9657.cpl
c:\windows\14615sp95z4.dll
c:\windows\1499th59f1755z.cpl
c:\windows\14z47wor9151.ocx
c:\windows\150405irus99z.cpl
c:\windows\150fsteal973z.ocx
c:\windows\153599zy29f.cpl
c:\windows\153z59pambot6d3.bin
c:\windows\159799acktool3c6z.ocx
c:\windows\15988troj5z0.ocx
c:\windows\15z11spy5c29.ocx
c:\windows\15z55worm9c.ocx
c:\windows\16175za9kto5l67c.cpl
c:\windows\16247not5z-vi9us5b5.exe
c:\windows\1654t9ief474z.ocx
c:\windows\16584not-a-vi59z2f.exe
c:\windows\169029p5109z.cpl
c:\windows\169espazse29675.ocx
c:\windows\16zc5parse3959.bin
c:\windows\1795not-z-viru5409.exe
c:\windows\17d2thiez959.exe
c:\windows\1896addware25z8.dll
c:\windows\19003not-azvir5s3679.bin
c:\windows\190559acztool11d.dll
c:\windows\19097hackzool5f3.bin
c:\windows\19166zpambot959.dll
c:\windows\19234viru52a0z.bin
c:\windows\19254virzs2925.dll
c:\windows\19335not-a9zirus152.dll
c:\windows\1949vir5s668z.cpl
c:\windows\19560zot-a-virus6f4.exe
c:\windows\1959s5yzare88.ocx
c:\windows\195downl9a5erz541.bin
c:\windows\196435orm269z.bin
c:\windows\1965vzr9054.bin
c:\windows\19683spambot5z5.cpl
c:\windows\19691szamb9t5705.dll
c:\windows\19998sz5795.exe
c:\windows\19z84h59ktool4a6.ocx
c:\windows\19zes5arse1839.ocx
c:\windows\1a49sp5rze2586.bin
c:\windows\1a69st5az941.ocx
c:\windows\1c7fs9yware15z6.ocx
c:\windows\1e489pzrse5875.bin
c:\windows\1e54sp9ware58z5.ocx
c:\windows\1f97thief1858z.ocx
c:\windows\1fb9th5zat22552.dll
c:\windows\1ffe5pyware91z3.exe
c:\windows\1z045s9ambotc3.bin
c:\windows\1z078w95m70.cpl
c:\windows\1z1125irus199.bin
c:\windows\1z195n9t-a-virus184.cpl
c:\windows\1z282hackt5ol594.ocx
c:\windows\1z499tro5245.bin
c:\windows\1z97spyw9re16515.ocx
c:\windows\202695ot-a-virzs3a0.cpl
c:\windows\20498not-9zvirus2c5.cpl
c:\windows\20611sp51bz9.ocx
c:\windows\20649spy72z5.bin
c:\windows\20989s5ambot1zf9.cpl
c:\windows\210d9wn5zader1289.cpl
c:\windows\21322not-a-zirus3095.bin
c:\windows\21350zpam9ot6b6.ocx
c:\windows\21761spz95ot7a2.dll
c:\windows\21952wozm279.bin
c:\windows\21a3azdwar5659.dll
c:\windows\22590hac5tool14z.ocx
c:\windows\2260st5alz229.ocx
c:\windows\227a9dwaze521.ocx
c:\windows\22995hacztool32.exe
c:\windows\23675vzr95d7.cpl
c:\windows\25075spam9otzbc.ocx
c:\windows\25426hazk5ool2d9.bin
c:\windows\255749orm2dz.cpl
c:\windows\25589wormz3f.cpl
c:\windows\2578th9ez357.cpl
c:\windows\25823s9yz47.dll
c:\windows\25954troj59z.bin
c:\windows\25994viruz700.exe
c:\windows\25zethief3089.dll
c:\windows\26259hief2959z.cpl
c:\windows\264419zck5oolae.cpl
c:\windows\26652t9oj1z0.bin
c:\windows\267dspywz9e29755.ocx
c:\windows\26e2spywarez956.bin
c:\windows\2789virzs56f.dll
c:\windows\2799t5iez918.ocx
c:\windows\27z40s9ambot75f.dll
c:\windows\27z5n5t-a-virus349.bin
c:\windows\280z65pambot39e.exe
c:\windows\28100zir95563.dll
c:\windows\281z9tro9465.cpl
c:\windows\28980spazbo5419.bin
c:\windows\29401zpy6e55.cpl
c:\windows\2955tzoj79a.exe
c:\windows\296309irus1z5.dll
c:\windows\298zspar5e757.ocx
c:\windows\29967not-a-vzrus34c5.dll
c:\windows\2ae5th9e5z22535.ocx
c:\windows\2e1bthrz9t23500.cpl
c:\windows\2e35ba9kdoor433z.bin
c:\windows\2e99addwarz2065.ocx
c:\windows\2ec2s9y5zre974.bin
c:\windows\2f39bac5door25z9.bin
c:\windows\2z278vi9u55cb.exe
c:\windows\2z41download95398.ocx
c:\windows\2z446tr5j399.bin
c:\windows\2z6c59eal2167.bin
c:\windows\300z4not9a-virus53b5.dll
c:\windows\301z059rmc2.bin
c:\windows\31134h9ckzool54d.cpl
c:\windows\31z59spa5bot4af.cpl
c:\windows\32099s5ambzt4f0.cpl
c:\windows\32711no95a-zirus778.bin
c:\windows\3324ha9kt5ol587z.ocx
c:\windows\33easp5waze1912.ocx
c:\windows\3402trz56f9.bin
c:\windows\3409not5a-virus4z3.bin
c:\windows\3450z5r1549.bin
c:\windows\349ad5w9rz191.ocx
c:\windows\34z0not5a-vir9s4ea.bin
c:\windows\34z8spar9e19895.bin
c:\windows\351bthief809z.exe
c:\windows\35557not-azvi9us4a.ocx
c:\windows\356z9teal998.exe
c:\windows\35751vizus39d.cpl
c:\windows\3671t9o554z.cpl
c:\windows\36z9spa5se2269.bin
c:\windows\3736th5za929711.cpl
c:\windows\373b9tea5894z.ocx
c:\windows\3814zp5609.ocx
c:\windows\391fthzeat242595.exe
c:\windows\393spamzot7da5.ocx
c:\windows\39c0zhief23255.exe
c:\windows\39c5szeal5190.exe
c:\windows\39fdst5al2z15.cpl
c:\windows\3ac0sparse3955z.ocx
c:\windows\3az9s9eal856.cpl
c:\windows\3cdzspa5se9509.exe
c:\windows\3cf9thre5z22519.cpl
c:\windows\3d65sparze18699.exe
c:\windows\3f05thie9348z.exe
c:\windows\3fcazpars91155.bin
c:\windows\3z389irus3f5.ocx
c:\windows\3z4esp95se1313.exe
c:\windows\432bac9dzo52806.exe
c:\windows\4415addwzr92815.ocx
c:\windows\4511th5zf899.cpl
c:\windows\4590sparze1554.exe
c:\windows\45z2down9oader216.ocx
c:\windows\45z8download9r958.cpl
c:\windows\46469pyzare3151.dll
c:\windows\4764nzt-a-vir9s75c.bin
c:\windows\4825v5ru92ez.bin
c:\windows\4925spyware2z48.ocx
c:\windows\49c4vz517529.dll
c:\windows\4a16sp5rze9302.dll
c:\windows\4a605tezl1269.ocx
c:\windows\4az4vi91675.dll
c:\windows\4b57steal9117z.ocx
c:\windows\4b5zste9l687.ocx
c:\windows\4c89s5ywarz9530.ocx
c:\windows\4cc5steal25z79.ocx
c:\windows\4e5adzware9451.bin
c:\windows\4z2bac9door5050.cpl
c:\windows\4z46v9r564.cpl
c:\windows\4z94th5eat97465.ocx
c:\windows\4ze6threat18599.bin
c:\windows\5023no9-a-v5zus423.bin
c:\windows\5049wzr94ae5.dll
c:\windows\5088troj97dz.dll
c:\windows\5093zt9oj2c8.bin
c:\windows\50zspa59ot95.ocx
c:\windows\518th9ezt7630.cpl
c:\windows\51928tz9j5f2.cpl
c:\windows\5239ztroj95a.cpl
c:\windows\5254vir100z9.dll
c:\windows\52695rus4bz.cpl
c:\windows\5279spz9.exe
c:\windows\52919ir18z9.ocx
c:\windows\52z0thi5f3914.dll
c:\windows\533dtzrea99120.exe
c:\windows\5359threat107z25.dll
c:\windows\53625par9e90z.dll
c:\windows\53e7virz579.exe
c:\windows\5469not-azvir5s72d.bin
c:\windows\5479notza5virus39c.bin
c:\windows\5480trzj4b9.bin
c:\windows\54z479acktool4b0.ocx
c:\windows\55092spy10z.bin
c:\windows\55855hz9at16451.exe
c:\windows\5595spywarz519.bin
c:\windows\559eaddw9re28z2.exe
c:\windows\55c3zhief31419.exe
c:\windows\55c8tzief90355.dll
c:\windows\55cz5py9are1865.cpl
c:\windows\55z9thie91507.exe
c:\windows\56219pa5se17z9.exe
c:\windows\56409h5ef84z.bin
c:\windows\564ezownloa9er1924.bin
c:\windows\5700z9eal505.ocx
c:\windows\571addware2975z.exe
c:\windows\5795spy634z.exe
c:\windows\57b3t9izf20585.bin
c:\windows\57f9szeal3130.ocx
c:\windows\58295py6fcz.cpl
c:\windows\58c95teaz520.dll
c:\windows\5911st5al3z29.bin
c:\windows\59199wzrm3fc.ocx
c:\windows\594ezi52518.dll
c:\windows\595cvirz953.exe
c:\windows\59798viruz36d.exe
c:\windows\59819irus72z.dll
c:\windows\5989wozm629.cpl
c:\windows\59z5sparse223.cpl
c:\windows\5aa5thiefz995.cpl
c:\windows\5bf09teal5727z.dll
c:\windows\5c95s9ealz751.ocx
c:\windows\5cf8t5reaz29000.ocx
c:\windows\5ed1t9re5tz1789.exe
c:\windows\5ez7st95l1576.cpl
c:\windows\5f225ir106z9.ocx
c:\windows\5fb9zhief1815.dll
c:\windows\5ff8v5r95z2.exe
c:\windows\5z5dbackdoo59581.cpl
c:\windows\5z69t9ief1725.dll
c:\windows\5z95spyware13399.exe
c:\windows\5z9asteal2568.dll
c:\windows\5zb4st5al2092.ocx
c:\windows\6057adzware16859.cpl
c:\windows\60z69roj565.cpl
c:\windows\6197vi5uz4a9.exe
c:\windows\6243spyz955.exe
c:\windows\62a99a5kdoorz45.exe
c:\windows\6307nzt-a-viru9255.ocx
c:\windows\6444bac5doo91954z.ocx
c:\windows\650fzhr5at6949.exe
c:\windows\6545troj9z8.bin
c:\windows\6545v9ruz675.cpl
c:\windows\6608no9-a5viruz1ee.cpl
c:\windows\6609viz5337.dll
c:\windows\665zaddwar92127.bin
c:\windows\674thr5a93600z.bin
c:\windows\68c5dow9loader2941z.dll
c:\windows\68ccszea95494.dll
c:\windows\6914thr5at13z289.bin
c:\windows\694cbzckdoor5154.cpl
c:\windows\6975addwa5ez899.cpl
c:\windows\6995addzare3585.exe
c:\windows\6995backzoor24839.dll
c:\windows\6b9a5dwzre3091.cpl
c:\windows\6bd9oznload5r1950.ocx
c:\windows\6d5zvir32905.cpl
c:\windows\6ddcstez91075.exe
c:\windows\6e9backd5oz1916.ocx
c:\windows\6e9zvir539.exe
c:\windows\6f6as59rse1z58.ocx
c:\windows\7109spz5bot702.cpl
c:\windows\7111v5r894z.cpl
c:\windows\7199download5r443z.bin
c:\windows\72a45p9wzre2668.exe
c:\windows\72f9thzef1519.bin
c:\windows\73b99te5l6z6.exe
c:\windows\73d45t9al2043z.cpl
c:\windows\7409hack95oz693.cpl
c:\windows\745zs9eal1061.bin
c:\windows\759sparze1689.dll
c:\windows\75aast9az255.cpl
c:\windows\75f0dzwnloader9556.ocx
c:\windows\763cthi591655z.exe
c:\windows\7655download9r2184z.dll
c:\windows\7694spar5e109z.bin
c:\windows\7760zi9us75a.bin
c:\windows\776h5cktool491z.bin
c:\windows\7839hre5t26z85.exe
c:\windows\7922threa5z4145.dll
c:\windows\7956szy6db.ocx
c:\windows\7995downloazer1651.dll
c:\windows\79d2backdoor15z7.exe
c:\windows\79e7ste5lz01.dll
c:\windows\79ezt5ief1696.exe
c:\windows\7a1az5r2942.dll
c:\windows\7c11do9zlo5der1743.cpl
c:\windows\7c55spzw59e2382.bin
c:\windows\7c7azi51179.dll
c:\windows\7dezspa5s93051.exe
c:\windows\7e43threzt265269.exe
c:\windows\7f3th5ez9025.dll
c:\windows\7f9fs9ars52z84.bin
c:\windows\7fb0vir94z5.exe
c:\windows\84715pa9bot26fz.dll
c:\windows\8514h5cktool6z89.bin
c:\windows\8807vi5uz6939.cpl
c:\windows\8998wo9z3d5.cpl
c:\windows\90545tzoj4765.cpl
c:\windows\9054vizus151.cpl
c:\windows\90925pambot691z.exe
c:\windows\915zh9ck5ool677.bin
c:\windows\91855zpy59.dll
c:\windows\9196s5y53fz.ocx
c:\windows\9257hacktoo9399z.bin
c:\windows\9257spa5bot22z.ocx
c:\windows\9320stezl533.bin
c:\windows\9393zt5oj33f.cpl
c:\windows\93zethi5f1962.ocx
c:\windows\94787tro52b4z.dll
c:\windows\9486woz524a.bin

PART 2 OF LOG:
c:\windows\9531troz75f.dll
c:\windows\95578spambot28z.bin
c:\windows\9559s5z1fc.cpl
c:\windows\9568s5y5fbz.ocx
c:\windows\9580threaz20659.ocx
c:\windows\95a5zteal836.dll
c:\windows\95b9vir2z63.dll
c:\windows\95z79troj59e.bin
c:\windows\96059t5oj1z6.ocx
c:\windows\968worm2z85.ocx
c:\windows\9705thzef2003.dll
c:\windows\97z8worm753.bin
c:\windows\980tzreat960725.cpl
c:\windows\98163hzcktool4f5.bin
c:\windows\99259z5m4ee.bin
c:\windows\9935sz9mbot83.dll
c:\windows\995dtzreat13532.ocx
c:\windows\99z7spy580.ocx
c:\windows\9d1thr59t1z737.cpl
c:\windows\9dbthi5f6z5.dll
c:\windows\9f1fthzef2650.ocx
c:\windows\9f82bac5doorz309.bin
c:\windows\9fd9ddwarz2735.bin
c:\windows\9z5aspyware364.ocx
c:\windows\9z84viru548a.exe
c:\windows\bbfbackzoor56979.bin
c:\windows\bc5szars93257.ocx
c:\windows\c149t5al3z6.dll
c:\windows\c95steaz1352.ocx
c:\windows\dcaa9dware5975z.cpl
c:\windows\e45tzrea520995.bin
c:\windows\efesparsz2519.exe
c:\windows\fe5backdo5r162z9.ocx
c:\windows\jestertb.dll
c:\windows\system32\10031not-a9vzr5s757.bin
c:\windows\system32\1086659t-a-virzs621.ocx
c:\windows\system32\10920viru539z.ocx
c:\windows\system32\11550wor970z.ocx
c:\windows\system32\120495py9cz.bin
c:\windows\system32\1247zspy559.exe
c:\windows\system32\12629nzt-a-virus3355.exe
c:\windows\system32\12bdt9ief1z54.dll
c:\windows\system32\12e99hzef5026.cpl
c:\windows\system32\1369zvi9us5f0.ocx
c:\windows\system32\136z8spam59t87.cpl
c:\windows\system32\1390s5arsz2253.dll
c:\windows\system32\13e4b5ck9oorz22.bin
c:\windows\system32\1429zspy53c5.ocx
c:\windows\system32\1461059rz675.ocx
c:\windows\system32\152z5troj598.ocx
c:\windows\system32\1547spamzot97c.cpl
c:\windows\system32\15532zot-a-virus97c.cpl
c:\windows\system32\1590sp59aze1478.dll
c:\windows\system32\1598not-a9vizus198.dll
c:\windows\system32\159z9troj44b.dll
c:\windows\system32\159zthief3191.ocx
c:\windows\system32\15z34s5ambo946f.cpl
c:\windows\system32\15zav9r509.cpl
c:\windows\system32\164779ormz15.bin
c:\windows\system32\1691dow9zoa5er2897.ocx
c:\windows\system32\16967zi9us59.exe
c:\windows\system32\17039tr5j49z.dll
c:\windows\system32\170665zt-a-virus79c.cpl
c:\windows\system32\1725bzc5door909.bin
c:\windows\system32\17325z9ambot2eb.ocx
c:\windows\system32\17990nzt-9-viru522.bin
c:\windows\system32\17e0addwaze9588.exe
c:\windows\system32\183cvi52z399.exe
c:\windows\system32\18795ot-a-9irus59bz.exe
c:\windows\system32\1918addw5re316z.dll
c:\windows\system32\19472hazktool25e.cpl
c:\windows\system32\1958stealz9.ocx
c:\windows\system32\19938spam5zt3b6.bin
c:\windows\system32\19eazdd5are2833.dll
c:\windows\system32\19z06v9rus359.cpl
c:\windows\system32\1a85backzoo92913.ocx
c:\windows\system32\1b6aad9wa5e2z06.ocx
c:\windows\system32\1f95bazkd5or1734.cpl
c:\windows\system32\1z150hacktool93.ocx
c:\windows\system32\1z15spyware9205.bin
c:\windows\system32\1z497spambot5059.bin
c:\windows\system32\1z593virus376.exe
c:\windows\system32\1z599spy5da.bin
c:\windows\system32\1z69spywa5e2817.bin
c:\windows\system32\1z965virus67.exe
c:\windows\system32\20253hacktzol5f9.ocx
c:\windows\system32\20283n9t-a-viru5690z.exe
c:\windows\system32\2049a9zware1045.dll
c:\windows\system32\20512virzs963.bin
c:\windows\system32\20804hackto9l385z.ocx
c:\windows\system32\21098not-a-9iz5s4a8.cpl
c:\windows\system32\21629trz9f85.dll
c:\windows\system32\218dst9al3z45.cpl
c:\windows\system32\21951hzc5tool2b9.ocx
c:\windows\system32\21992wo5z399.ocx
c:\windows\system32\219z9virus502.dll
c:\windows\system32\22699h5cktooz635.bin
c:\windows\system32\2299spyz05.cpl
c:\windows\system32\230c5hiez17199.dll
c:\windows\system32\23807s9yzd5.dll
c:\windows\system32\23c1d9wnlzader959.exe
c:\windows\system32\23z50viru51199.ocx
c:\windows\system32\24131sp56d9z.dll
c:\windows\system32\24229not-a-vzr5s7899.dll
c:\windows\system32\24450hack9ool3zc.exe
c:\windows\system32\244bs5arze9146.dll
c:\windows\system32\24504v9ruz592.exe
c:\windows\system32\2512t9rzat5098.exe
c:\windows\system32\25159zot-a-virus42f5.ocx
c:\windows\system32\2520downlo9z5r1364.dll
c:\windows\system32\25342t95j1az.bin
c:\windows\system32\25543worm409z.exe
c:\windows\system32\25564spy9z3.bin
c:\windows\system32\25590notza-vir59649.exe
c:\windows\system32\256athr5a926556z.exe
c:\windows\system32\2580no5-a-9irusz14.cpl
c:\windows\system32\25947wozm6ea.dll
c:\windows\system32\25951zp5mb9t771.cpl
c:\windows\system32\25963virzs549.ocx
c:\windows\system32\259z2spy50c.dll
c:\windows\system32\26144trz92415.exe
c:\windows\system32\26787not-a-viru5295z.bin
c:\windows\system32\269475acktzol425.exe
c:\windows\system32\2694threa580z79.dll
c:\windows\system32\2738s9ywar56z3.dll
c:\windows\system32\27409vizus5529.bin
c:\windows\system32\27619viruz4995.dll
c:\windows\system32\27895trzj273.cpl
c:\windows\system32\279este5l181z.exe
c:\windows\system32\28242not9a5vizus19a.exe
c:\windows\system32\2876z5irus2a9.ocx
c:\windows\system32\28z5ba5kd9or2445.ocx
c:\windows\system32\2903zpa59ot2d7.ocx
c:\windows\system32\29113v9ruszf5.cpl
c:\windows\system32\29369not-a-virus5ze.ocx
c:\windows\system32\29568hackt9oz2f0.exe
c:\windows\system32\29599viruszd7.exe
c:\windows\system32\29661w9rm36z5.ocx
c:\windows\system32\296bthie5172z.exe
c:\windows\system32\298z5troj14.dll
c:\windows\system32\29952trojffz.exe
c:\windows\system32\29z60tro59a1.cpl
c:\windows\system32\2a9steaz1658.exe
c:\windows\system32\2b5cbackd95rz07.exe
c:\windows\system32\2b99zir5182.cpl
c:\windows\system32\2cz8d5wnloader9579.exe
c:\windows\system32\2d87t59efz63.exe
c:\windows\system32\2e265ownloader9556z.cpl
c:\windows\system32\2f979pars513z9.dll
c:\windows\system32\2z006tr59183.bin
c:\windows\system32\2z597troj309.exe
c:\windows\system32\2z649ddware1598.dll
c:\windows\system32\2z920sp5108.exe
c:\windows\system32\2z953wo597cf.cpl
c:\windows\system32\2zb4th9e5t28443.ocx
c:\windows\system32\31536vzrus7195.exe
c:\windows\system32\3169no5-a-virusz64.ocx
c:\windows\system32\31794zacktoo958a.ocx
c:\windows\system32\32z95oj34e.dll
c:\windows\system32\33ccspzr9e135.cpl
c:\windows\system32\3400hackt5oz29b.exe
c:\windows\system32\3518threat11z069.dll
c:\windows\system32\356zspywar91112.dll
c:\windows\system32\35cthie9135z.exe
c:\windows\system32\3681down9z5der2999.bin
c:\windows\system32\3737z9r5s7f7.dll
c:\windows\system32\3793spa5se107z.exe
c:\windows\system32\39580nzt-a-vi5us6ca.cpl
c:\windows\system32\395zdownloader1345.ocx
c:\windows\system32\3969spyw5rz1679.ocx
c:\windows\system32\39dzv5r3097.ocx
c:\windows\system32\39z6sp9mbot55c.cpl
c:\windows\system32\3a9cba5kdooz9285.ocx
c:\windows\system32\3czcdown9oa5er1779.ocx
c:\windows\system32\3da1ad9warz5780.dll
c:\windows\system32\3dz55ir2894.exe
c:\windows\system32\3f22dozn9oader5513.exe
c:\windows\system32\3z5c9ir3520.cpl
c:\windows\system32\3z700not-a-5irus396.ocx
c:\windows\system32\4079sp5rse1234z.bin
c:\windows\system32\4147spa5boz37b9.cpl
c:\windows\system32\42b4back5oor890z.cpl
c:\windows\system32\4316tz95f2568.ocx
c:\windows\system32\43389ot-a-vir5s626z.bin
c:\windows\system32\4349v95uz5b3.bin
c:\windows\system32\43e9addwa5e2694z.cpl
c:\windows\system32\4415sz5r9e607.dll
c:\windows\system32\458eadd95re1z94.bin
c:\windows\system32\45ce5ackzoor22589.cpl
c:\windows\system32\4669zhief1550.bin
c:\windows\system32\46e7ad9ware1265z.cpl
c:\windows\system32\47549zt-a-vi5uscd.dll
c:\windows\system32\4855sparsz319.exe
c:\windows\system32\4900th5eaz6524.cpl
c:\windows\system32\4929sp97z5.cpl
c:\windows\system32\494fzpar5e15969.bin
c:\windows\system32\4990zir558.cpl
c:\windows\system32\4a779ow5zoader1379.bin
c:\windows\system32\4b25zownloader994.cpl
c:\windows\system32\4b9czhi5f1107.cpl
c:\windows\system32\4c7dsp5rse19z.bin
c:\windows\system32\4cze5hief8879.exe
c:\windows\system32\4fzaaddw9re625.cpl
c:\windows\system32\4z149hreat25324.bin
c:\windows\system32\4z389i52598.cpl
c:\windows\system32\4z5fthie92983.dll
c:\windows\system32\501zv5r659.ocx
c:\windows\system32\50536spy96z.cpl
c:\windows\system32\5060s9ywarz784.cpl
c:\windows\system32\50883zroj9b6.bin
c:\windows\system32\50902zirus594.dll
c:\windows\system32\50z3spyb39.dll
c:\windows\system32\510z9pyware2995.dll
c:\windows\system32\5195i9uz317.exe
c:\windows\system32\52245spz9f2.dll
c:\windows\system32\5239spzmbot452.bin
c:\windows\system32\523zth9ef411.cpl
c:\windows\system32\52czad9ware1550.ocx
c:\windows\system32\5325zacktool6b9.ocx
c:\windows\system32\53z9vir3198.dll
c:\windows\system32\54d8zdd9are1154.cpl
c:\windows\system32\5539hazktool9f05.dll
c:\windows\system32\555b9aczdoor2723.bin
c:\windows\system32\55899hacktozl9e5.bin
c:\windows\system32\55989zrm5e9.dll
c:\windows\system32\559zspars92490.dll
c:\windows\system32\564659rm27z.bin
c:\windows\system32\56495pywa9e253z.ocx
c:\windows\system32\5658not-a-9irus53z.bin
c:\windows\system32\56865ackd9or172z.bin
c:\windows\system32\5712thz9f5916.exe
c:\windows\system32\574esp9w5re6z2.dll
c:\windows\system32\5755sp92dz.dll
c:\windows\system32\5857viru94z5.cpl
c:\windows\system32\591zbackdoo5653.cpl
c:\windows\system32\5925trojz5.ocx
c:\windows\system32\59594zirus2ac.ocx
c:\windows\system32\595vir122z.exe
c:\windows\system32\5982not9a-virusc5z.cpl
c:\windows\system32\5998virzs61.bin
c:\windows\system32\59z1vir156.exe
c:\windows\system32\5b02t5iez9415.exe
c:\windows\system32\5b39pywarez5.cpl
c:\windows\system32\5b9ethre9t539z0.dll
c:\windows\system32\5bbespar9e7z45.bin
c:\windows\system32\5bd5downlo9der232z.dll
c:\windows\system32\5c59spazse584.cpl
c:\windows\system32\5c70dozn9oader946.bin
c:\windows\system32\5c7zth5e9t11293.exe
c:\windows\system32\5cazv5r922.cpl
c:\windows\system32\5cc49o5nloaderz977.ocx
c:\windows\system32\5cebzhief829.ocx
c:\windows\system32\5d1zvir25169.ocx
c:\windows\system32\5d5dsp9z5re2137.ocx
c:\windows\system32\5d9ezac5door1136.ocx
c:\windows\system32\5db6addware1z09.cpl
c:\windows\system32\5f83addware95z5.cpl
c:\windows\system32\5z33st9al1506.ocx
c:\windows\system32\6039nzt-a5viru92e3.bin
c:\windows\system32\6091h5zktool524.dll
c:\windows\system32\619c5hiefz033.exe
c:\windows\system32\6409thief1573z.bin
c:\windows\system32\652eszyw9re26.ocx
c:\windows\system32\65809orm485z.bin
c:\windows\system32\6675tzr9at15255.dll
c:\windows\system32\6780trzj6d59.dll
c:\windows\system32\6839v5z516.bin
c:\windows\system32\685sp5zbot19f.ocx
c:\windows\system32\6863dow5loa9erz2.dll
c:\windows\system32\688995z3003.cpl
c:\windows\system32\68a9addwarez885.dll
c:\windows\system32\6946bac5door5z.bin
c:\windows\system32\6998t5oj6z9.dll
c:\windows\system32\69e9backdoo51z8.ocx
c:\windows\system32\6b55threz925059.exe
c:\windows\system32\6bf5v9r50z5.ocx
c:\windows\system32\6e9vzr2056.dll
c:\windows\system32\6z7thr95t3293.exe
c:\windows\system32\6zff5p9rse3136.dll
c:\windows\system32\7053hacktzo995.bin
c:\windows\system32\7077no9-a-5irus236z.bin
c:\windows\system32\737d5pywarz3948.ocx
c:\windows\system32\73b5th9ef28z5.cpl
c:\windows\system32\7559threaz22807.bin
c:\windows\system32\7598not-z-vi9us289.ocx
c:\windows\system32\7901hacktoolzb5.ocx
c:\windows\system32\7941vir2395z.cpl
c:\windows\system32\7953hack5ozl599.bin
c:\windows\system32\7956sparsez959.ocx
c:\windows\system32\7959vir14z5.ocx
c:\windows\system32\796et5reat14086z.exe
c:\windows\system32\79c35irz21.ocx
c:\windows\system32\7c98vzr16135.cpl
c:\windows\system32\7cefsp5zs9658.dll
c:\windows\system32\7d5b59ealz901.cpl
c:\windows\system32\7fzf9ir1958.dll
c:\windows\system32\7z09sp5rs92560.dll
c:\windows\system32\7z2dth9ef1857.cpl
c:\windows\system32\7z54spy9are339.dll
c:\windows\system32\7z5asteal9486.dll
c:\windows\system32\7zd0spa5se3189.ocx
c:\windows\system32\8486not-a95izus13e.cpl
c:\windows\system32\859795y7z9.dll
c:\windows\system32\8769s5y79z.cpl
c:\windows\system32\91255zi5us503.exe
c:\windows\system32\9140vi9u56z2.exe
c:\windows\system32\91460vzr5s345.ocx
c:\windows\system32\91532zor5448.ocx
c:\windows\system32\91a5z5r2438.ocx

PART 3 OF LOG:
c:\windows\system32\921825acktoolze.dll
c:\windows\system32\9225tro922z.bin
c:\windows\system32\924zhreat25996.bin
c:\windows\system32\92563worz232.dll
c:\windows\system32\9429nzt-a-viru95bd5.cpl
c:\windows\system32\9441sp9115z.dll
c:\windows\system32\94610w5rz63f.bin
c:\windows\system32\95011worz439.cpl
c:\windows\system32\95085zpambot7c95.ocx
c:\windows\system32\9527tro951z.exe
c:\windows\system32\954dthrz5t23587.dll
c:\windows\system32\95569spambztcf5.cpl
c:\windows\system32\9556zteal210.dll
c:\windows\system32\95922ziru55e8.dll
c:\windows\system32\9595vizus437.exe
c:\windows\system32\95ezvir25445.dll
c:\windows\system32\95z3troj185.exe
c:\windows\system32\96cdbackdzor10465.ocx
c:\windows\system32\96z9r5197.bin
c:\windows\system32\97d4downloader1z59.dll
c:\windows\system32\9805viru9z5.cpl
c:\windows\system32\984wozm52a.bin
c:\windows\system32\987av5rz289.cpl
c:\windows\system32\99126hacktooz4a5.bin
c:\windows\system32\99275py759z.dll
c:\windows\system32\99513tr5jfaz.dll
c:\windows\system32\99dthi95z8.ocx
c:\windows\system32\9a37thze5t27952.cpl
c:\windows\system32\9a5virz995.dll
c:\windows\system32\9a835pazse1296.bin
c:\windows\system32\9a96zi5831.ocx
c:\windows\system32\9az1addwar5599.cpl
c:\windows\system32\9cf3sp5ware130z.bin
c:\windows\system32\9d4ddo5nlzader1249.exe
c:\windows\system32\9d6thiz515.ocx
c:\windows\system32\9e50virz559.ocx
c:\windows\system32\9feztea59559.exe
c:\windows\system32\9z562wor56e7.ocx
c:\windows\system32\9z69spy55a.cpl
c:\windows\system32\9z700n5t-a-virus32f.cpl
c:\windows\system32\9z88spy5b6.cpl
c:\windows\system32\db9zownloader2855.dll
c:\windows\system32\e369pywarz552.bin
c:\windows\system32\e52addw59ez07.bin
c:\windows\system32\f51downloadzr3197.bin
c:\windows\system32\f5z9hief2479.bin
c:\windows\system32\gxvxccounter
c:\windows\system32\setup2.exe
c:\windows\system32\z0395worm75a.exe
c:\windows\system32\z10499ir5s273.bin
c:\windows\system32\z129addwa5e2288.exe
c:\windows\system32\z1a2dow5loa9er1090.ocx
c:\windows\system32\z215spambot539.cpl
c:\windows\system32\z225wo5m19b.exe
c:\windows\system32\z415worm6df9.exe
c:\windows\system32\z4563sp5mbo95a0.bin
c:\windows\system32\z65015orm2879.dll
c:\windows\system32\z654v5r27469.exe
c:\windows\system32\z67fth59at9513.cpl
c:\windows\system32\z759spa9bot444.ocx
c:\windows\system32\z7952spy6d0.ocx
c:\windows\system32\z879vir2445.bin
c:\windows\system32\z8899hacktoo53fa.ocx
c:\windows\system32\z959troj57.ocx
c:\windows\system32\z9952virus393.exe
c:\windows\system32\z9976virus6e5.dll
c:\windows\system32\zc60thre9t1395.dll
c:\windows\system32\zf9edownloader5199.bin
c:\windows\z0591not-a5virus5c9.ocx
c:\windows\z090n5t-a-virus47d.dll
c:\windows\z1059hack5ool565.cpl
c:\windows\z159wo5m13c.bin
c:\windows\z185stea9997.ocx
c:\windows\z193h9ckt5ol364.cpl
c:\windows\z2289tro545a9.ocx
c:\windows\z3765hackt5o9396.bin
c:\windows\z4806sp59bote7.exe
c:\windows\z58459rus1c4.exe
c:\windows\z5bedownloa9er1377.exe
c:\windows\z5dcd9wnload5r216.ocx
c:\windows\z6290s5y17c.ocx
c:\windows\z6832wo5m794.ocx
c:\windows\z6b659reat27778.exe
c:\windows\z835spamb9t2dd.dll
c:\windows\z8361s9y7cb5.cpl
c:\windows\z8c9addware1653.cpl
c:\windows\z9034spy5da.bin
c:\windows\z925downloader969.ocx
c:\windows\z9796tro55d0.cpl
c:\windows\z9989spy7e95.ocx
c:\windows\zbfasparse9975.cpl
c:\windows\zca79ackdo5r863.exe
c:\windows\zcdbackdoor9569.ocx
c:\windows\ze65thief1989.dll
c:\windows\zef5ba5k9oor2584.ocx
c:\windows\zf895hief1255.cpl
c:\windows\zf9f9ddwa5e2251.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-20 02:15 . 2009-06-20 02:15 -------- d-----w- c:\users\mardy\AppData\Local\temp
2009-06-19 21:59 . 2008-12-10 22:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-19 21:59 . 2009-04-03 01:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-19 21:59 . 2008-12-18 02:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-19 21:59 . 2009-06-19 21:59 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-19 21:59 . 2008-12-10 01:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-19 21:58 . 2009-06-19 22:17 -------- d-----w- c:\program files\Spyware Doctor
2009-06-19 21:58 . 2009-06-19 21:58 -------- d-----w- c:\users\mardy\AppData\Roaming\PC Tools
2009-06-19 21:58 . 2009-06-19 21:58 -------- d-----w- c:\progra~2\PC Tools
2009-06-19 21:58 . 2004-08-03 21:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-06-18 12:06 . 2009-06-18 12:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-18 12:06 . 2009-06-18 12:06 -------- d-----w- c:\program files\Java
2009-06-10 10:35 . 2009-06-10 10:35 -------- d-----w- c:\windows\system32\IOSUBSYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 11:29 . 2009-01-07 09:49 -------- d-----w- c:\progra~2\avg8
2009-06-19 05:15 . 2009-02-15 09:48 -------- d-----w- c:\progra~2\NOS
2009-06-19 05:15 . 2009-02-15 09:48 -------- d-----w- c:\program files\NOS
2009-06-17 12:13 . 2009-01-09 12:02 -------- d-----w- c:\users\mardy\AppData\Roaming\uTorrent
2009-06-10 10:53 . 2009-01-18 02:07 -------- d-----w- c:\program files\Google
2009-06-10 10:53 . 2009-04-13 00:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-06 12:09 . 2009-01-25 01:42 -------- d-----w- c:\users\mardy\AppData\Roaming\VSO
2009-06-06 02:03 . 2009-01-13 10:16 -------- d-----w- c:\program files\AVIConverter
2009-05-27 06:06 . 2009-01-06 20:53 -------- d-----w- c:\users\mardy\AppData\Roaming\Nero
2009-05-14 05:42 . 2009-05-14 05:42 -------- d-----w- c:\program files\QuickTiming
2009-05-14 05:01 . 2009-01-19 10:36 -------- d-----w- c:\progra~2\Microsoft Help
2009-05-14 04:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-10 12:33 . 2009-05-10 12:33 -------- d-----w- c:\users\mardy\AppData\Roaming\Office-Kit.com
2009-05-10 12:33 . 2009-05-10 12:33 -------- d-----w- c:\progra~2\Office-Kit.com
2009-05-10 12:29 . 2009-05-10 12:29 -------- d-----w- c:\program files\OFFICE-KIT.COM
2009-05-08 05:48 . 2009-01-07 09:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 05:48 . 2009-01-07 09:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-08 05:48 . 2009-01-07 09:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-08 05:48 . 2009-02-03 21:01 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-06 10:36 . 2009-01-06 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-04 09:54 . 2009-05-04 09:54 92854 ----a-r- c:\users\mardy\AppData\Roaming\Microsoft\Installer\{11F66E7E-4865-4070-B289-A0DB052979E1}\NewShortcut2_5DA3E6B2BEC143748E1D1FBBA4DD86C3.exe
2009-05-04 09:54 . 2009-05-04 09:54 92854 ----a-r- c:\users\mardy\AppData\Roaming\Microsoft\Installer\{11F66E7E-4865-4070-B289-A0DB052979E1}\ARPPRODUCTICON.exe
2009-05-04 09:54 . 2009-05-04 09:54 135168 ----a-r- c:\users\mardy\AppData\Roaming\Microsoft\Installer\{11F66E7E-4865-4070-B289-A0DB052979E1}\NewShortcut1_9ED656646A58425EA489DD37B45C784C.exe
2009-05-04 09:54 . 2009-05-04 09:54 -------- d-----w- c:\program files\Hiro-Media
2009-05-04 09:54 . 2009-05-04 09:54 -------- d-----w- c:\progra~2\Hiro-Media
2009-05-02 13:49 . 2009-01-06 20:13 58896 ----a-w- c:\users\mardy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-02 13:48 . 2009-05-02 13:48 -------- d-----w- c:\progra~2\Office Genuine Advantage
2009-05-02 13:40 . 2009-01-19 10:38 -------- d-----w- c:\program files\Microsoft Works
.

PART 4 OF LOG:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 455968]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-05-28 380928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-12 1181576]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-20 6144000]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\mardy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hiro-Media Client.lnk - c:\program files\Hiro-Media\HiroClient\HiroClient.exe [2009-1-22 2860312]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\mardy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Hiro-Media Client.lnk - c:\program files\Hiro-Media\HiroClient\HiroClient.exe [2009-1-22 2860312]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9CC76019-1B2A-4ECC-B783-47C4055ACA60}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{AC2DF3F4-D9E2-4851-99CC-B5FF4C85FE5D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{84264E3C-3D44-458F-AC8F-D93C87F7442D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{01214D9D-7814-45B4-8DAE-696A7492F916}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B0AC8913-D59E-4C30-9513-58B9D6FE4348}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{30629B68-4FE3-4FD9-9B14-068BB3ADCEDC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{02E6D18E-BBAD-44B4-B4A0-9E9507EE0299}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A708E3A4-7AE7-4798-A297-E570AA49F999}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C264C4CC-8BB6-4AEF-BAC7-797DDDF24F14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D3BE5F32-8AFB-4D53-B5C3-1620A3168276}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2FA94DC7-7957-4478-9530-5911194C97F5}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [24/06/2008 8:21 AM 150568]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [20/06/2009 7:59 AM 130936]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/02/2009 7:01 AM 108552]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 7:59 AM 348752]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [7/01/2009 6:30 AM 47616]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/01/2009 7:49 PM 325896]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/01/2009 7:49 PM 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/01/2009 7:49 PM 298776]
S2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/01/2009 5:00 PM 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 6:08 PM 533360]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\System32\drivers\bfturboh.sys [5/02/2009 6:35 PM 17152]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: hiro - {50BA1131-168F-4c08-A69B-4012273F222E} - c:\program files\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
Handler: hirodownload - {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - c:\program files\Hiro-Media\HiroClient\HiroProtocolHandler.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\mardy\AppData\Roaming\Mozilla\Firefox\Profiles\xvuv08l8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 12:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-20 12:16
ComboFix-quarantined-files.txt 2009-06-20 02:16

Pre-Run: 186,232,782,848 bytes free
Post-Run: 188,138,962,944 bytes free

902 --- E O F --- 2009-05-14 05:01

Hi
do I now change my computer back from safe mode? Or is there something else I have to do?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?