Help, done everything for winbluesoft

So i have purchased and downloaded spyhunter. When i scanned my pc it found some Dll and some rogue files of winbluesoft...but its still on my comp. I ran an adaware scan but errors keep occuring when i perform them.

I have removed winblusoft in "add/remove" i have also ran msconfig to stop it from starting up but still the virus has not subsided...wut else can i do


thanks

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

my Hijack This wont open up. I get the option of installing it...but after that nothing pops up. I click the desktop icon and still nothing occurs

i have the choice of either Run or Save when i click the link you gave me to download it

Guess the blocker.dll is present here. Lets try this out on it, see if it knows about IceSword yet.

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. When IceSword opens, it will randomly rename itself, so the malware shouldn't notice it.
   
4. Does it stay open? let me know. Don't do anything with it just yet.
   

god daym this winbluesoft is a little b****

i extracted it, when i did though it didnt change the name it stayed as iceswrd and when i opened it it gave a message

intialized failed, error code 3

Hello.
I need to know what OS your running. There is two versions of IceSword. One for XP, another for Vista.

If your running Vista, I've given you the wrong link.

I'm running windows xp

Darn.

Please download the Pocket Killbox from HERE

1. Open the Killbox.
2. Does it stay open?

yes it stays open thank god lol

gives me and option to Full path of file to delete

I know.

2. Under "Full path of file to delete", copy and paste in the following:

C:\Windows\system32\blocker.dll

3. Then switch the option from "Standard file kill", to "Delete on reboot"
4. Press the Red X to delete the file.
5. It will ask if you want to make a backup of the file we deleted, select Yes to the prompt.
6. Now it will ask to reboot, so please do so.

Then after reboot, run Hijack This

Alrigh i'm able to do all of that except its not asking me to create a back up file. but i am able to delete on reboot and reboot my comp but i stopped the reboot before to make sure if i cant create a back up file is a problem

Okay, doesn't matter anyway, I know the file is malicious.
Reboot the machine so Killbox can delete the file.

kk i deleted on reboot, my compter didnt reboot it told me

"pendingFileRenameOperations Registery data has been removed by external process"

Hmm.
Reboot anyway, see if you can run programs like normal now.

If not, re-run the Killbox, but don't stop the reboot this time.

i Still have the security alerts for winbluesoft saying my comp is infected..i re-ran the kill box but again when i clikc the option delte on reboot and press the RED X button it gave me the same message as b4..kinda looks like an error msg saying PeningFileRename Operations Regiustry Data has been removed by external process. I have a choice in the kill box to do single files or all files? Again my PC didnt auto restart after pressing the RED X button

well fake security alert

Lets see if this will run.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.

This is what it gave me

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Aim6" = ""C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp" ["AOL LLC"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]
"ares vista" = ""C:\Program Files\Ares Vista\AresVista.exe" -h" ["Ares Vista"]
"setup2.exe" = "C:\WINDOWS\system32\setup2.exe" [null data]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" ["Hewlett-Packard Company"]
"HPHUPD08" = "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" ["Hewlett-Packard"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SpyHunter Security Suite" = ""C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"" ["Enigma Software Group USA, LLC."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AVG Safe Search"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll" ["Google Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

heres the notepad info i get when i extract the files

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Aim6" = ""C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp" ["AOL LLC"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]
"ares vista" = ""C:\Program Files\Ares Vista\AresVista.exe" -h" ["Ares Vista"]
"setup2.exe" = "C:\WINDOWS\system32\setup2.exe" [null data]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run" ["Hewlett-Packard Company"]
"HPHUPD08" = "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" ["Hewlett-Packard"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" ["Apple Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SpyHunter Security Suite" = ""C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"" ["Enigma Software Group USA, LLC."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AVG Safe Search"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgssie.dll" ["AVG Technologies CZ, s.r.o."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll" ["Google Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DBFB267C-334F-4F19-A304-63B7130C20C7}" = "MediaCenter Property Page"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "arpower.dll" ["Microsoft"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG8 Shell Extension"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"
-> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG8 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG8 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\AVG\AVG8\avgse.dll" ["AVG Technologies CZ, s.r.o."]

NOTEPAD Cont..

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Shaheen.POURFALLAH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\space.scr" [MS]


Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------

D:\
<> D:\AUTORUN.INF -> "ShellExecute=Info.exe protect.ed 480 480" ["XSS"]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

EHomeMusicDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}"
-> {HKLM...CLSID} = "EHomeMusicDropTarget Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomePhotosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}"
-> {HKLM...CLSID} = "EHomePhotosHandler Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideoDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}"
-> {HKLM...CLSID} = "EHomeVideoDropTarget Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}"
-> {HKLM...CLSID} = "EHomeVideosHandler Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

HPUnloadAutoplay\
"Provider" = "HP Transfer and Quick Print"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "c:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

IviDVDEventHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "playDVD"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\playDVD\command\(Default) = ""C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1" ["InterVideo Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

muveeVideoCameraArrival\
"Provider" = "muvee autoProducer 4.0"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\muvee Technologies\muvee autoProducer 4.0 - HPD\muveeapp.exe" /RECORD"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

SonicMyCreateProject\
"Provider" = "Sonic MyDVD"
"InvokeProgID" = "Sonic.MyDVD"
"InvokeVerb" = "CreateProject"
HKLM\SOFTWARE\Classes\Sonic.MyDVD\shell\CreateProject\Command\(Default) = "c:\Program Files\Sonic\MyDVD\MyDVD.EXE /AutoPlayCreateProject %L" ["Sonic Solutions"]

SonicSCAudioCDTask\
"Provider" = "Sonic RecordNow Audio"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\AudioCDTask\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {EBD22732-1CC3-4CD7-9A45-B8D98DA0E784}" [null data]

SonicSCCopyCD\
"Provider" = "Sonic RecordNow Copy"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]

SonicSCCopyDisc\
"Provider" = "Sonic RecordNow Copy"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]

SonicSCDataProject\
"Provider" = "Sonic RecordNow Data"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataGuide\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch Data" [null data]

SonicSCDataTask\
"Provider" = "Sonic RecordNow Data"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataTask\Command\(Default) = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {0BAC5C34-DF45-4C0F-8D64-8E92DCCF007D}" [null data]

SonicVideoCameraArrival\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = "new"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
-> {HKLM...CLSID} = "MyDVDAPHandler Class"
\LocalServer32\(Default) = "c:\PROGRA~1\Sonic\MyDVD\MyDVD.EXE -autoplay" ["Sonic Solutions"]

SonicVideoCameraArrivalDirect\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = ""c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {3563B7B4-E6D4-4360-8E38-64E008F52C5C}"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
-> {HKLM...CLSID} = "MyDVDAPHandler Class"
\LocalServer32\(Default) = "c:\PROGRA~1\Sonic\MyDVD\MyDVD.EXE -autoplay" ["Sonic Solutions"]

Final Notepad Cont...

Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]
"{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}" -> launches: "C:\WINDOWS\TEMP\tempo-10626921.tmp" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2D4D26B-0180-43A4-B05F-462D6D54C789}\
"ButtonText" = "Connection Help"
"MenuText" = "Connection Help"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

Missing lines (compared with English-language version):
[Strings]: 2 lines

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<> "InPrivate" = "res://ieframe.dll/inprivate.htm" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]
ARSVC, ARSVC, "C:\WINDOWS\arservice.exe" ["Microsoft"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG8 E-mail Scanner, avg8emc, "C:\PROGRA~1\AVG\AVG8\avgemc.exe" ["AVG Technologies CZ, s.r.o."]
AVG8 WatchDog, avg8wd, "C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe" ["AVG Technologies CZ, s.r.o."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Juniper Network Connect Service, dsNcService, "C:\Program Files\Juniper Networks\Common Files\dsNcService.exe" ["Juniper Networks"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE" ["HP"]


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <> "arkbcfltr" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" [file not found]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


---------- (launch time: 2009-06-13 17:31:03)
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 94 seconds, including 44 seconds for message boxes)

Hmm, not enough information really. Lets see if this will run.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS Notepad 1

DDS (Ver_09-05-14.01) - NTFSx86
Run by Shaheen at 18:09:29.23 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.425 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\setup2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ps2.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shaheen.POURFALLAH\Local Settings\Temporary Internet Files\Content.IE5\10Y38H41\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uLocal Page = \blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ares vista] "c:\program files\ares vista\AresVista.exe" -h
uRun: [setup2.exe] c:\windows\system32\setup2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter3.exe"
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.safelnk.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: NameServer = 85.255.112.173,85.255.112.122
TCP: {8DC0BAB8-C0E1-425A-8007-1388C8E230D9} = 85.255.112.173,85.255.112.122
TCP: {FEF010B8-4F30-436C-B497-30DA2D8770C3} = 85.255.112.173,85.255.112.122
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

DDS Notepad cont...

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shahee~1.pou\applic~1\mozilla\firefox\profiles\cjxdeobm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-13 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-1 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-14 26824]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-6 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-6 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-1 76040]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-7-13 22784]
S2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-7-22 12032]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-13 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-13 1096584]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-20 24652]

=============== Created Last 30 ================

2009-06-13 16:31 --d----- C:\!KillBox
2009-06-13 15:52 --d----- c:\program files\Trend Micro
2009-06-13 15:08 --d----- c:\program files\Adware Professional
2009-06-13 14:16 335 a------- C:\spyhunter.fix
2009-06-13 14:16 --d----- c:\program files\Enigma Software Group
2009-06-13 13:44 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-13 13:44 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-13 13:44 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-13 13:44 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-13 13:44 --d----- c:\program files\common files\PC Tools
2009-06-13 13:44 --d----- c:\program files\Spyware Doctor
2009-06-13 13:44 --d----- c:\docume~1\shahee~1.pou\applic~1\PC Tools
2009-06-13 13:44 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-13 03:40 16,780 a------- c:\windows\16675virus5z79.exe
2009-06-12 15:34 17,170 a------- c:\windows\17656not-a5vzr9s406.dll
2009-06-11 06:22 --dsh--- c:\documents and settings\shaheen.pourfallah\PrivacIE
2009-06-10 15:16 --dsh--- c:\documents and settings\shaheen.pourfallah\IETldCache
2009-06-10 13:30 -cd-h--- c:\windows\ie8
2009-06-10 00:46 10,898 a------- c:\windows\57e5threz916776.exe
2009-06-09 15:58 16,063 a------- c:\windows\15076not-a-vir9s5cfz.ocx
2009-06-09 15:37 15,777 a------- c:\windows\system32\1667859t-a-virus117z.cpl
2009-06-09 15:14 12,581 a------- c:\windows\system32\7195sp9rsz10.ocx
2009-06-09 02:21 6,484 a------- c:\windows\255fstzal2509.ocx
2009-06-09 01:12 6,797 a------- c:\windows\system32\989zth5ef2699.cpl
2009-06-08 14:47 16,443 a------- c:\windows\1841viru95z.bin
2009-06-05 19:27 16,292 a------- c:\windows\9357zhacktool57.bin
2009-06-05 18:42 3,705 a------- c:\windows\system32\248z2ha9kt5ol201.ocx
2009-06-05 13:26 10,346 a------- c:\windows\5156zi9u5617.ocx
2009-06-05 02:58 14,800 a------- c:\windows\system32\1995sparse15z1.ocx
2009-06-04 12:32 17,478 a------- c:\windows\5224a9dwaze1232.cpl
2009-06-03 14:39 15,982 a------- c:\windows\4519troj51z.dll
2009-06-02 12:36 8,190 a------- c:\windows\system32\5583zack9oor3176.ocx
2009-06-02 07:52 9,696 a------- c:\windows\2002859rmzc9.bin
2009-06-01 18:30 4,391 a------- c:\windows\14132nzt-a-v9rus50a5.ocx
2009-06-01 07:52 15,691 a------- c:\windows\25620s5y2c9z.bin
2009-06-01 07:10 17,453 a------- c:\windows\system32\743bthr9at30z265.cpl
2009-05-27 08:07 14,858 a------- c:\windows\266z9spy255.dll
2009-05-26 17:43 --d----- c:\docume~1\shahee~1.pou\applic~1\GARMIN
2009-05-26 17:42 --d----- c:\program files\Garmin GPS Plugin
2009-05-26 17:42 --d----- c:\program files\Garmin
2009-05-26 16:09 --d----- c:\program files\Ares Vista
2009-05-24 09:20 11,447 a------- c:\windows\4999sparse18z5.dll
2009-05-22 12:20 3,635 a------- c:\windows\30733spamz5t459.bin
2009-05-21 22:02 10,072 a------- c:\windows\system32\75ea9hie532z5.exe
2009-05-20 05:29 17,415 a------- c:\windows\49dbzhief753.cpl
2009-05-20 03:43 17,840 a------- c:\windows\system32\9a1zackdoor5502.ocx
2009-05-19 15:05 8,752 a------- c:\windows\7b0cd5wnlzader3914.dll
2009-05-19 13:00 11,400 a------- c:\windows\system32\1c25d9wnzoader1632.exe
2009-05-17 10:08 14,317 a------- c:\windows\9a55dzwnloa5er997.bin
2009-05-16 20:03 12,376 a------- c:\windows\8070spamzot5a79.bin
2009-05-14 23:36 9,433 a------- c:\windows\9062h59ktooz3fc.dll

==================== Find3M ====================

2009-06-13 03:40 16,069 a------- c:\windows\3ac6spywar950z1.exe
2009-06-13 03:38 1,262,080 a------- c:\windows\system32\setup2.exe
2009-05-12 13:31 12,297 a------- c:\windows\1f5bspyw9re1829z.exe
2009-05-11 09:57 5,398 a------- c:\windows\z0ath9e5529.dll
2009-05-10 18:09 12,218 a------- c:\windows\613zs5arse398.dll
2009-05-07 00:05 9,491 a------- c:\windows\system32\4e525ownloadez949.dll
2009-05-06 23:14 7,452 a------- c:\windows\55348ha9ktool64z.exe
2009-05-06 17:40 9,266 a------- c:\windows\21499not-a-virus29z5.dll
2009-05-04 13:30 6,772 a------- c:\windows\system32\25azadd9are1123.dll
2009-05-02 02:37 6,543 a------- c:\windows\699fthr9at518z5.bin
2009-05-01 09:55 10,216 a------- c:\windows\system32\2a49addwaze5089.dll
2009-04-27 05:49 18,314 a------- c:\windows\6109threat15850z.exe
2009-04-27 01:26 16,586 a------- c:\windows\2233s9arsez512.bin
2009-04-26 18:14 16,026 a------- c:\windows\cd5backdozr739.dll
2009-04-26 06:08 13,629 a------- c:\windows\system32\7334downzoad5r27369.exe
2009-04-24 15:47 8,411 a------- c:\windows\14109parse21z85.dll
2009-04-24 06:47 2,610 a------- c:\windows\z560n5t-9-virus76.dll
2009-04-23 11:40 5,558 a------- c:\windows\system32\15z97not-a-9irus25c.bin
2009-04-21 11:03 7,397 a------- c:\windows\4454vir1z09.exe
2009-04-18 22:51 14,724 a------- c:\windows\system32\29017vi5usz59.bin
2009-04-14 14:36 15,390 a------- c:\windows\system32\66z79hrea53569.dll
2009-04-12 23:32 9,982 a------- c:\windows\5b59addware150z.dll
2009-04-12 07:45 6,654 a------- c:\windows\system32\4az9sp5rse2621.dll
2009-04-08 01:06 5,455 a------- c:\windows\system32\6ff5bazkdoor579.bin
2009-04-07 09:56 3,604 a------- c:\windows\system32\5a0ethizf1924.dll
2009-03-28 15:50 14,991 a------- c:\windows\system32\4056addz9re552.exe
2009-03-28 13:40 2,620 a------- c:\windows\system32\189635acztoo959b.exe
2009-03-26 19:21 13,510 a------- c:\windows\system32\28z5pambo9357.dll
2009-03-25 20:30 3,302 a------- c:\windows\1918downloaderz569.dll
2009-03-25 06:58 12,106 a------- c:\windows\146499i5uz247.bin
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-18 10:25 6,846 a------- c:\windows\2f99bazkdoo5779.dll
2008-12-01 00:47 168 a------- c:\docume~1\shahee~1.pou\applic~1\wklnhst.dat
2008-09-18 23:45 409,695 ac------ c:\program files\Uninstall Fun Web Products.dll
2008-04-14 09:30 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

============= FINISH: 18:10:35.67 ===============

No blocker file, only the fake alert setup.exe file.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ares"=-
  "ares vista"=-
  "setup2.exe"=-
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Then reboot.

Try running Hijack This after reboot.

kk i did the fig.reg and selected yes, i rebooted my system, i tried to start Hijack but it woudn't load again

Still receiving fake alerts...unfortuantly

thanks for all this help

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

i Dont know wut Anti-Virus system im using, i have norton but it isnt on, think i have to renew...all my spyware protection is close, i think it might be just the windows firewall preventing it?

Combo Fix Log

ComboFix 09-06-13.03 - Shaheen 06/13/2009 18:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.590 [GMT -7:00]
Running from: c:\documents and settings\Shaheen.POURFALLAH\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adware Professional
c:\program files\ecurit~1
c:\program files\Adware Professional\Adware Professional.exe
c:\program files\Adware Professional\noadware4_061309.na
c:\program files\Adware Professional\nutilities.dll
c:\program files\Adware Professional\unins000.dat
c:\program files\Adware Professional\unins000.exe
c:\program files\Adware Professional\UninstlDll.dll
c:\program files\Uninstall Fun Web Products.dll
c:\windows\105395iru9zf9.bin
c:\windows\10808wormz599.cpl
c:\windows\1083thre5tz3965.ocx
c:\windows\10998hazk5ool9c.bin
c:\windows\110asparz5793.cpl
c:\windows\11493hack9o5l6za.exe
c:\windows\11579h9cktzol587.cpl
c:\windows\117db5ckd9zr2261.ocx
c:\windows\1189th9eaz14450.bin
c:\windows\1248spz9se2549.exe
c:\windows\125ath9efz357.dll
c:\windows\12bes9azse2395.ocx
c:\windows\134zthi9f735.cpl
c:\windows\137215ackzool4f99.dll
c:\windows\1394795za5.ocx
c:\windows\13c5s9arze1106.ocx
c:\windows\14109parse21z85.dll
c:\windows\14132nzt-a-v9rus50a5.ocx
c:\windows\1429h5zf810.bin
c:\windows\14454troj139z.exe
c:\windows\146499i5uz247.bin
c:\windows\146615p9mbotz9e.dll
c:\windows\15076not-a-vir9s5cfz.ocx
c:\windows\1508359rm6zd.dll
c:\windows\15359hacztool59b.dll
c:\windows\155249ormz09.dll
c:\windows\15756ha5ktoo9zd7.bin
c:\windows\15z99worm659.cpl
c:\windows\16326hac9zool5f7.dll
c:\windows\16675virus5z79.exe
c:\windows\16855h5cktoolz1e9.cpl
c:\windows\1695sp59bot449z.dll
c:\windows\1729zv5ru96bd.exe
c:\windows\1759baczdoor2130.ocx
c:\windows\17656not-a5vzr9s406.dll
c:\windows\17994zot-a-9i5us149.cpl
c:\windows\1800downl9ad5z1465.exe
c:\windows\1841viru95z.bin
c:\windows\18987spzmb592f5.cpl
c:\windows\19143vzrus4225.bin
c:\windows\1918downloaderz569.dll
c:\windows\19273zirus655.dll
c:\windows\19493woz522a9.exe
c:\windows\1951vi5us2z2.exe
c:\windows\1953zspambot235.bin
c:\windows\196z3v9rus755.exe
c:\windows\19790ha9ktzol395.exe
c:\windows\19988tzo5440.ocx
c:\windows\19a45ir2552z.ocx
c:\windows\19b6ba5zdoor595.exe
c:\windows\19e9spar5z1559.exe
c:\windows\19fdspyw5ze9069.dll
c:\windows\1a39back5ozr515.exe
c:\windows\1bczdo9nloa5er2884.bin
c:\windows\1ce9spywarz5349.cpl
c:\windows\1dd7do5nloaze925.ocx
c:\windows\1ezaback5oor9344.ocx
c:\windows\1f5bspyw9re1829z.exe
c:\windows\1fc5sp9wa5e307z.ocx
c:\windows\1z294hackto9l6d5.cpl
c:\windows\1z4975irus759.ocx
c:\windows\2002859rmzc9.bin
c:\windows\20096spamb5tz79.cpl
c:\windows\201caddzare1959.exe
c:\windows\2045addwaze3239.cpl
c:\windows\205bsparse59z5.cpl
c:\windows\212499r5z71e.cpl
c:\windows\21262z952af.cpl
c:\windows\21499not-a-virus29z5.dll
c:\windows\2167zha9kt5ol7bc.dll
c:\windows\2233s9arsez512.bin
c:\windows\232359zoj85.cpl
c:\windows\23493hacktooz2cc5.dll
c:\windows\23538wor97zb.cpl
c:\windows\23552no5z9-virus52e.cpl
c:\windows\23719not5azvirus71f9.dll
c:\windows\23952ha5ktool6z99.cpl
c:\windows\2395backd9z53006.exe
c:\windows\23c5szy5are290.exe
c:\windows\2429z95y1df.ocx
c:\windows\24334sp9585z.ocx
c:\windows\24395szy5a2.ocx
c:\windows\24425wozm7ad9.cpl
c:\windows\24470noz5a-v9rus459.dll
c:\windows\245es9arze2122.dll
c:\windows\24661sp5559z.bin
c:\windows\2519zviru97e3.dll
c:\windows\25330szambot499.bin
c:\windows\25519trojz95.cpl
c:\windows\25564vzrus7cc9.ocx
c:\windows\25585spamzo5942.cpl
c:\windows\255fstzal2509.ocx
c:\windows\25620s5y2c9z.bin
c:\windows\25913not-a-viru9z52.ocx
c:\windows\25z9vir2057.ocx
c:\windows\26055not-a-virusz69.exe
c:\windows\26195s5ambzt541.cpl
c:\windows\262eth5e9t83z8.bin
c:\windows\26585sp9647z.cpl
c:\windows\266z9spy255.dll
c:\windows\2704down9oa5er77z.cpl
c:\windows\2739zh5cktool4bd.cpl
c:\windows\27757spazb9549d.dll
c:\windows\2779spa5ze1737.dll
c:\windows\27943spambot5bz5.ocx
c:\windows\27c8zownload9r2455.exe
c:\windows\281zthie91555.exe
c:\windows\28634trzj1195.ocx
c:\windows\28845ddwzr92820.bin
c:\windows\29165not9a-virus5ebz.cpl
c:\windows\29259virzs2ad.bin
c:\windows\29289sp57z0.ocx
c:\windows\29493not-9zvirus653.ocx
c:\windows\29545not-a9vir5z592.cpl
c:\windows\29575sp95z9.cpl
c:\windows\29699sp53z9.dll
c:\windows\29845szambot537.bin
c:\windows\29957spa5bot4a8z.ocx
c:\windows\29997viru5z.bin
c:\windows\29zdd5wnlo9der3194.cpl
c:\windows\2bffdowzlo9der18175.bin
c:\windows\2c23backd5o9280z.bin
c:\windows\2c25p9wzre514.exe
c:\windows\2cc49hreat16566z.exe
c:\windows\2e9dz5r119.bin
c:\windows\2f99bazkdoo5779.dll
c:\windows\2z521wor5953.bin
c:\windows\2z6bste5l19969.bin
c:\windows\2z756s5am9ot6f9.cpl
c:\windows\2z795ddware2964.cpl
c:\windows\2zd8d9wnloade52516.dll
c:\windows\30294not-a-virus5z9.cpl
c:\windows\305795dware997z.bin
c:\windows\305z8spamb59668.bin
c:\windows\306eaz95are1420.cpl
c:\windows\30733spamz5t459.bin
c:\windows\30859aczdoor2068.cpl
c:\windows\30949sp94zf5.ocx
c:\windows\3094st5al611z.bin
c:\windows\311945zckto9l253.exe
c:\windows\31194virusz59.exe
c:\windows\31z23s9a5bot75c.ocx
c:\windows\32025s9amzot2da.exe
c:\windows\32096nzt-5-virus7d6.exe
c:\windows\3238spa5bzt190.exe
c:\windows\32522wzr9495.exe
c:\windows\32939wor515fz.exe
c:\windows\34b9viz5757.dll
c:\windows\35119zr2939.cpl
c:\windows\351fbaz5door2793.ocx
c:\windows\3556szeal2967.bin
c:\windows\35zdvir924.ocx
c:\windows\362fspazse5919.cpl
c:\windows\36b0ba9zd5or154.bin
c:\windows\38685iz9s163.dll
c:\windows\3896wormz57.cpl
c:\windows\389bt5reat2z300.ocx
c:\windows\3952backzoor153.bin
c:\windows\395b5aczdoor2724.bin
c:\windows\3965zspy65b.cpl
c:\windows\39769zr2564.cpl
c:\windows\3ac6spywar950z1.exe
c:\windows\3ac8spar9e15z9.ocx
c:\windows\3d5a9ownlo5der243z.ocx
c:\windows\3z29download5r2699.cpl
c:\windows\3z35sp59are625.dll

Combo Fix log cont..

c:\windows\3za3vi54379.cpl
c:\windows\3zb0s5ywar91310.ocx
c:\windows\40195hreat974z.exe
c:\windows\4093a9dwzre5486.bin
c:\windows\4141zhr5at148139.ocx
c:\windows\414daddw95e3072z.dll
c:\windows\41eczteal1959.bin
c:\windows\42zs9ywar51514.ocx
c:\windows\4395s5ezl1908.cpl
c:\windows\4454vir1z09.exe
c:\windows\4495sparse1351z.bin
c:\windows\4519troj51z.dll
c:\windows\451zs9eal2478.cpl
c:\windows\452fszeal2912.ocx
c:\windows\458zstea91138.cpl
c:\windows\45d9vir135z9.bin
c:\windows\45dbaddwaze5829.dll
c:\windows\4719az5war92081.cpl
c:\windows\4775sparze8499.cpl
c:\windows\4819baczdoor657.cpl
c:\windows\4852h9cktool28z.bin
c:\windows\495csparsz902.bin
c:\windows\495d9tealz232.ocx
c:\windows\4999sparse18z5.dll
c:\windows\49dbzhief753.cpl
c:\windows\49z7stea5399.exe
c:\windows\4a95downloadez5494.bin
c:\windows\4ab1add5ar92z.dll
c:\windows\4adddownloazer9458.ocx
c:\windows\4b5a9pywzre23675.bin
c:\windows\4bc3thzeat532939.dll
c:\windows\4e95ste5l293z.cpl
c:\windows\4edca5dwar967z.ocx
c:\windows\4f49spyza5e2053.ocx
c:\windows\4fa5backdzo92075.bin
c:\windows\4z9steal3955.ocx
c:\windows\5010zvi9us5b8.ocx
c:\windows\50fcbackd9or315z.cpl
c:\windows\5156zi9u5617.ocx
c:\windows\51eetz9eat20257.bin
c:\windows\51zebackdoor5189.bin
c:\windows\5224a9dwaze1232.cpl
c:\windows\52509zirus185.exe
c:\windows\5256zsp948.ocx
c:\windows\52f5z9r817.exe
c:\windows\5437t9reat2528z5.dll
c:\windows\54593noz-a-virus293.ocx
c:\windows\5476thiz9568.ocx
c:\windows\551e5ackdoo91z91.dll
c:\windows\55348ha9ktool64z.exe
c:\windows\55440z9y7e8.dll
c:\windows\5567sp9654z.cpl
c:\windows\558639orm77z.ocx
c:\windows\5591spywzre2369.dll
c:\windows\55992spy5fdz.ocx
c:\windows\5614sp9w5rz603.cpl
c:\windows\5630s9yzc.ocx
c:\windows\56979spy2dz9.dll
c:\windows\56z5thie92771.exe
c:\windows\5715zir8689.dll
c:\windows\5788st9al2562z.cpl
c:\windows\57e5threz916776.exe
c:\windows\58495zwn9oader86.bin
c:\windows\587zs5yw9re2567.dll
c:\windows\59109ownloadzr502.bin
c:\windows\5925vi5110z.ocx
c:\windows\596fviz594.cpl
c:\windows\596z0not-a-virusdc9.cpl
c:\windows\599dspa5se2259z.cpl
c:\windows\59zad9ware892.ocx
c:\windows\5a6dzpywar9514.cpl
c:\windows\5b07zownloader91255.dll
c:\windows\5b0ds9arse2683z.exe
c:\windows\5b59addware150z.dll
c:\windows\5c6spy9are2740z.dll
c:\windows\5c8zs9arse1135.dll
c:\windows\5d0f5iz25389.bin
c:\windows\5e94thief555z.dll
c:\windows\5e99zddware3034.ocx
c:\windows\5eae5i91z8.cpl
c:\windows\5f51vzr9573.cpl
c:\windows\5fbaspz5are14949.cpl
c:\windows\5z094s9ambot5b0.ocx
c:\windows\5z395hacktool982.ocx
c:\windows\5zecs9yware10345.ocx
c:\windows\5zf5threat131199.bin
c:\windows\6109threat15850z.exe
c:\windows\613zs5arse398.dll
c:\windows\619abac9doo527z5.exe
c:\windows\6215s9eal302z.cpl
c:\windows\62zdownl5ader14609.ocx
c:\windows\639azhi5f1916.cpl
c:\windows\63b6zi59324.cpl
c:\windows\63z3t95j171.bin
c:\windows\6491bzckdo5r2964.exe
c:\windows\64dasp9rs59z8.dll
c:\windows\6578dzw9loader1350.bin
c:\windows\659threaz17443.bin
c:\windows\6608zpa9b5t4e.dll
c:\windows\669cd95zloader2989.exe
c:\windows\678zsteal956.ocx
c:\windows\6796t5reatz0449.bin
c:\windows\692ds9eal5z12.cpl
c:\windows\699fthr9at518z5.bin
c:\windows\69azste5l1571.ocx
c:\windows\6bb95ir38z.cpl
c:\windows\6c6zddw95e49.dll
c:\windows\6z42wo9m15b.exe
c:\windows\6zbcdownloader5794.dll
c:\windows\6ze6a5dware3902.dll
c:\windows\707bstz5l1199.dll
c:\windows\72e1bazkdoor7549.dll
c:\windows\72no9-a-zir5s55a.cpl
c:\windows\72zd9hreat29545.ocx
c:\windows\758ztr9524.cpl
c:\windows\75e9spywzre2217.exe
c:\windows\7847t9rea58048z.bin
c:\windows\7930spamb5tza1.dll
c:\windows\7936d5wnl9zder1305.dll
c:\windows\7a5et9iefz703.bin
c:\windows\7b0cd5wnlzader3914.dll
c:\windows\7b395ddwarz2620.cpl
c:\windows\7b7zpywa952760.dll
c:\windows\7c98th5zat7897.exe
c:\windows\7e65thzef9735.dll
c:\windows\7ebfspa9sz2540.bin
c:\windows\7f89s9ywzre2154.ocx
c:\windows\7z579hief16505.ocx
c:\windows\8070spamzot5a79.bin
c:\windows\8348t59z33d.cpl
c:\windows\8359tz9j35e.exe
c:\windows\83z99roj1a65.dll
c:\windows\84bv95z714.exe
c:\windows\85z9troj92.cpl
c:\windows\90520spyzc5.exe
c:\windows\9062h59ktooz3fc.dll
c:\windows\91f2threa55z19.cpl
c:\windows\92842trzj35e.ocx
c:\windows\929asparze30985.dll
c:\windows\9355wzrm5b29.cpl
c:\windows\9357zhacktool57.bin
c:\windows\9376thizf525.exe
c:\windows\94085wo5mzdf.exe
c:\windows\94557hacztool530.ocx
c:\windows\951fszarse2484.bin
c:\windows\958thizf1425.dll
c:\windows\989zwo5m469.cpl
c:\windows\99dthrez518988.ocx
c:\windows\9a55dzwnloa5er997.bin
c:\windows\9a69z5wnloader2185.ocx
c:\windows\9ae7vi5z950.ocx
c:\windows\9d2zsteal5966.exe
c:\windows\9eb5threat11z79.cpl
c:\windows\9ez0sp5rse1552.bin
c:\windows\9fe9spa5ze1281.cpl
c:\windows\ab8zownl5ad9r1994.cpl
c:\windows\bd5v9rz552.dll
c:\windows\bef9pzw5re2009.dll
c:\windows\c9zs5yware1289.exe
c:\windows\cd5backdozr739.dll
c:\windows\d32s9arsz3055.dll
c:\windows\e56adzware1986.cpl
c:\windows\kb913800.exe
c:\windows\system32\10z905irus2a9.ocx
c:\windows\system32\1108spyw9rz2590.bin
c:\windows\system32\11093zp5mbot2d4.dll
c:\windows\system32\112159zambot725.ocx
c:\windows\system32\11404wo5m90z.dll
c:\windows\system32\11z39tr5j96.dll
c:\windows\system32\12551spz4a9.bin
c:\windows\system32\131695ormcz.exe
c:\windows\system32\132d9par5z3272.exe
c:\windows\system32\133z9hack5ool43d.cpl
c:\windows\system32\13993zirus511.dll
c:\windows\system32\140bsp5war9z641.cpl
c:\windows\system32\14594sp57z1.ocx
c:\windows\system32\15051spz9botec.ocx
c:\windows\system32\15293zot-a-9irus5c3.exe
c:\windows\system32\1530hackzool956.exe
c:\windows\system32\15359hacztoo5e2.bin
c:\windows\system32\153z25r9j299.dll
c:\windows\system32\1552szyware9048.bin
c:\windows\system32\1559threat2z216.ocx
c:\windows\system32\1564sp97z4.ocx
c:\windows\system32\157359ot-a-ziru54cf.cpl
c:\windows\system32\15863spamboz569.ocx
c:\windows\system32\1592addwarz3270.ocx
c:\windows\system32\15933virus514z.ocx
c:\windows\system32\15957spamboz378.bin
c:\windows\system32\15z529py295.exe
c:\windows\system32\15z97not-a-9irus25c.bin
c:\windows\system32\1631zp5rse9740.exe
c:\windows\system32\164bvirz59.exe
c:\windows\system32\16591spyz6d.cpl
c:\windows\system32\1667859t-a-virus117z.cpl
c:\windows\system32\16966t5o91bz.bin
c:\windows\system32\17256h5ck9ool2z6.bin
c:\windows\system32\18389trz598c.ocx
c:\windows\system32\18927t95j6z1.cpl
c:\windows\system32\189635acztoo959b.exe
c:\windows\system32\19197s5y71az.exe
c:\windows\system32\194789aczto5l1b6.bin
c:\windows\system32\19549hacktool715z.bin
c:\windows\system32\1956downloader129z.exe
c:\windows\system32\19806zroj5e3.bin
c:\windows\system32\1995sparse15z1.ocx
c:\windows\system32\1adbbaz9door26925.bin
c:\windows\system32\1ae1b5ck9oor3125z.bin
c:\windows\system32\1b37dow9loaze52656.cpl
c:\windows\system32\1c21zownload5r2779.bin
c:\windows\system32\1c25d9wnzoader1632.exe
c:\windows\system32\1c5zthreat9942.dll
c:\windows\system32\1d5adown59azer525.exe
c:\windows\system32\1d7f5ac9zoor2360.ocx
c:\windows\system32\1de1spyw9re85z5.dll
c:\windows\system32\1f85doznlo5de9441.ocx
c:\windows\system32\1z349virus55c9.ocx
c:\windows\system32\1z8125o9m5da.dll
c:\windows\system32\1z95add9a5e1556.dll
c:\windows\system32\20420v5rusz269.bin
c:\windows\system32\20520no5-a-vizus198.exe
c:\windows\system32\205abackdzo92123.bin
c:\windows\system32\207zro5199.exe
c:\windows\system32\2095tro5z5.cpl
c:\windows\system32\20979not-a-zirus6925.exe
c:\windows\system32\20z92wor52c4.cpl
c:\windows\system32\215215z94b9.ocx
c:\windows\system32\22197virzs595.ocx

Combo Fix Log cont....

c:\windows\system32\2269z5rse2381.exe
c:\windows\system32\229z9tro5203.dll
c:\windows\system32\22e9t5i9f1z69.cpl
c:\windows\system32\22eeth95atz9775.cpl
c:\windows\system32\23099not-a-zirus553.ocx
c:\windows\system32\23197troz2895.ocx
c:\windows\system32\23288n9t-azv5rus7e7.cpl
c:\windows\system32\233cd5wn9oaderz7.exe
c:\windows\system32\23539t9zj623.dll
c:\windows\system32\239285pzmbota49.ocx
c:\windows\system32\24205wor9z28.dll
c:\windows\system32\24471notza-virus90a5.ocx
c:\windows\system32\2469s5z598.exe
c:\windows\system32\24798nzt-a-virus5975.ocx
c:\windows\system32\24896not-5zvirus493.dll
c:\windows\system32\248z2ha9kt5ol201.ocx
c:\windows\system32\24957zirus978.cpl
c:\windows\system32\24z98v5ru95d0.ocx
c:\windows\system32\2552stzal2569.dll
c:\windows\system32\2552zhie93156.bin
c:\windows\system32\25534sp51z9.ocx
c:\windows\system32\2556zhacktool98a.ocx
c:\windows\system32\25745virus93z.ocx
c:\windows\system32\25793spamb5t629z.cpl
c:\windows\system32\2587dzwnload9r3031.bin
c:\windows\system32\25898spamzot5895.ocx
c:\windows\system32\25955spy1az.bin
c:\windows\system32\25azadd9are1123.dll
c:\windows\system32\25b1sp9warez450.cpl
c:\windows\system32\26022viruz91a5.exe
c:\windows\system32\26226spa9bot54z.dll
c:\windows\system32\275559irus5z5.dll
c:\windows\system32\2783znot-a-v9r5s434.bin
c:\windows\system32\2796t5iefz998.dll
c:\windows\system32\28785not-5-vzrus391.exe
c:\windows\system32\2891s5arze356.ocx
c:\windows\system32\28z5pambo9357.dll
c:\windows\system32\29017vi5usz59.bin
c:\windows\system32\2902thre5t22z46.dll
c:\windows\system32\29156troj7zf.bin
c:\windows\system32\29157spz2c9.ocx
c:\windows\system32\29428troj4b5z.bin
c:\windows\system32\29504ha9kzool1b5.bin
c:\windows\system32\2985st95l108z.bin
c:\windows\system32\29901spy5z5.ocx
c:\windows\system32\29dzsteal2954.exe
c:\windows\system32\2a49addwaze5089.dll
c:\windows\system32\2a759pzrse165.exe
c:\windows\system32\2e05bazkdo5r2209.ocx
c:\windows\system32\2f09zown5oader559.dll
c:\windows\system32\2f69dow5loadez1954.exe
c:\windows\system32\2fbzdo9nloader5999.cpl
c:\windows\system32\2fecspywa5ez1689.bin
c:\windows\system32\2z16wo953a4.dll
c:\windows\system32\2z5519roj169.bin
c:\windows\system32\2z55thie93077.bin
c:\windows\system32\2z580tro95af.cpl
c:\windows\system32\2zfstea51928.bin
c:\windows\system32\30959trojz9c.dll
c:\windows\system32\30969hac5tool5za.ocx
c:\windows\system32\30z23viru53b9.bin
c:\windows\system32\31196zot-a-vi5us379.bin
c:\windows\system32\31556szy599.cpl
c:\windows\system32\31z41not-a9v5rus7f6.cpl
c:\windows\system32\3212zspy5c39.exe
c:\windows\system32\322595ruz3f2.ocx
c:\windows\system32\3249zwo9m4c55.dll
c:\windows\system32\327159zoj9d.cpl
c:\windows\system32\32924wor51az.ocx
c:\windows\system32\33155ac9tozl35b.ocx
c:\windows\system32\332dsp5rz91946.cpl
c:\windows\system32\3395parse2925z.cpl
c:\windows\system32\33zb9ownl5ader2774.ocx
c:\windows\system32\3469hac5tool55z.exe
c:\windows\system32\3592spzmbot4bd.ocx
c:\windows\system32\35945acktzol97.exe
c:\windows\system32\3595spamboz1a8.cpl
c:\windows\system32\359cth5ef2z389.dll
c:\windows\system32\35c95ackzoor930.exe
c:\windows\system32\35z84spam9ot5bb.ocx
c:\windows\system32\367t95z5d0.bin
c:\windows\system32\3708b5ckdozr9009.bin
c:\windows\system32\37535ack9ooz34e.ocx
c:\windows\system32\375dspywarz3905.bin
c:\windows\system32\37zfvir51269.cpl
c:\windows\system32\38509parze2526.ocx
c:\windows\system32\389fd5wnloazer819.dll
c:\windows\system32\390not-a-5irus3ze.bin
c:\windows\system32\39866hacktoo56fez.cpl
c:\windows\system32\39aa9py5arz1774.exe
c:\windows\system32\39dfaddwar53z39.dll
c:\windows\system32\3ad2backzoor29025.exe
c:\windows\system32\3bf5thz9a53907.exe
c:\windows\system32\3bz6s9a5se1444.exe
c:\windows\system32\3ec8szeal4159.ocx
c:\windows\system32\3fz9steal14045.bin
c:\windows\system32\3z9dvi52834.dll
c:\windows\system32\4006do5nload9z1498.exe
c:\windows\system32\4056addz9re552.exe
c:\windows\system32\41fas9za52628.exe
c:\windows\system32\4222hazkto5l595.ocx
c:\windows\system32\4534z9dware1581.dll
c:\windows\system32\454bsp5warez997.cpl
c:\windows\system32\470zad59are2304.cpl
c:\windows\system32\477zdow9loader2175.exe
c:\windows\system32\47885iruz7de9.exe
c:\windows\system32\479d5ddzar92531.exe
c:\windows\system32\4838spzrse3905.bin
c:\windows\system32\4924szy55b9.ocx
c:\windows\system32\49az5ddware2747.ocx
c:\windows\system32\4ac75ze9l235.cpl
c:\windows\system32\4az9sp5rse2621.dll
c:\windows\system32\4b8ct9ie511z3.bin
c:\windows\system32\4c2cspyzare55669.cpl
c:\windows\system32\4d95bzck5oor1560.cpl
c:\windows\system32\4dadadd5ar9327z.cpl
c:\windows\system32\4e525ownloadez949.dll
c:\windows\system32\4e5spyware188z9.bin
c:\windows\system32\4ebb95rz933.exe
c:\windows\system32\4f909ownlozd5r1518.exe
c:\windows\system32\4fd9sze5l16929.cpl
c:\windows\system32\4fe59zreat25928.exe
c:\windows\system32\4z07addwa59687.cpl
c:\windows\system32\4z20ha9ktoo5464.cpl
c:\windows\system32\4z2eaddw9re20025.bin
c:\windows\system32\5051sp9rse737z.ocx
c:\windows\system32\50b9z5r362.bin
c:\windows\system32\5101troz379.cpl
c:\windows\system32\5105spy59z.cpl
c:\windows\system32\512669ormdz.cpl
c:\windows\system32\513csp9warez165.ocx
c:\windows\system32\51f3ba9kdooz15305.bin
c:\windows\system32\520etzief599.ocx
c:\windows\system32\5247hzck5ool809.bin
c:\windows\system32\524tz5ef1396.dll
c:\windows\system32\529z5virus3af.ocx
c:\windows\system32\53270spa9bzt205.bin
c:\windows\system32\53440spa9boz3cd.exe
c:\windows\system32\5364thrzat93789.exe
c:\windows\system32\53a4bac95ozr1108.cpl
c:\windows\system32\5422zddwar91579.dll
c:\windows\system32\5459s9arse1z35.cpl
c:\windows\system32\548fspa9se266z.ocx
c:\windows\system32\5530sparse392z.dll
c:\windows\system32\5534addw95e37z.cpl
c:\windows\system32\5573baczdoor2952.ocx
c:\windows\system32\5583zack9oor3176.ocx
c:\windows\system32\55eesparsez929.bin
c:\windows\system32\55z0ad5wa9e2394.bin
c:\windows\system32\55z2troj2509.dll
c:\windows\system32\55z59rm127.bin
c:\windows\system32\5654thiefz7059.cpl
c:\windows\system32\5676wo9z76.cpl
c:\windows\system32\5692s9z207.exe
c:\windows\system32\57519troz1ce.exe
c:\windows\system32\5752tzoj4dc9.exe
c:\windows\system32\57eabackdo9r35z9.cpl
c:\windows\system32\57fevzr9066.bin
c:\windows\system32\5891backzoor555.cpl
c:\windows\system32\59010tzojca.ocx
c:\windows\system32\5915spyz7a9.exe
c:\windows\system32\5920zhie52873.cpl
c:\windows\system32\593es95ware3z6.dll
c:\windows\system32\5972hacztool49f.exe
c:\windows\system32\5990vir23z6.dll
c:\windows\system32\59d4a9dware4z0.ocx
c:\windows\system32\59z1sparse3259.dll
c:\windows\system32\59z3t9reat1501.cpl
c:\windows\system32\59z64virus7b.ocx
c:\windows\system32\59z70virus3ce.cpl
c:\windows\system32\59z85ownloader1242.cpl
c:\windows\system32\5a0ethizf1924.dll
c:\windows\system32\5a4zth9ef1810.ocx
c:\windows\system32\5a8abackdzo9578.bin
c:\windows\system32\5ab9sparse1z2.cpl
c:\windows\system32\5b2est9alz192.cpl
c:\windows\system32\5b9zba5kdoor661.exe
c:\windows\system32\5b9zspyware1496.bin
c:\windows\system32\5baat5ie9z997.exe
c:\windows\system32\5bc9teaz5062.cpl
c:\windows\system32\5c06thze95611.cpl
c:\windows\system32\5d1ed5wnl9ader18z3.dll
c:\windows\system32\5d45vir969z.bin
c:\windows\system32\5dc99pywarez5805.cpl
c:\windows\system32\5e7cthre9516082z.bin
c:\windows\system32\5ef0s9ar5ez082.ocx
c:\windows\system32\5f54b5ck9oorz258.ocx
c:\windows\system32\5z5dsteal9045.dll
c:\windows\system32\5za3spa9se3218.dll
c:\windows\system32\5zd0s9ea52093.cpl
c:\windows\system32\61569irus146z.cpl
c:\windows\system32\621ct5iez17639.cpl
c:\windows\system32\62715ddware9z89.ocx
c:\windows\system32\6334wo5m9f8z.ocx
c:\windows\system32\6390dowzloader5094.dll
c:\windows\system32\645z5roj9b.bin
c:\windows\system32\6482ziru9895.bin
c:\windows\system32\6497a95ware1z95.ocx
c:\windows\system32\6556s9arze2283.exe
c:\windows\system32\659znot-a-virus9865.dll
c:\windows\system32\65d1spywaze9824.exe
c:\windows\system32\66z79hrea53569.dll
c:\windows\system32\6815thizf1965.dll
c:\windows\system32\69375ackdozr2378.dll
c:\windows\system32\6951not-z-5irus1aa.dll
c:\windows\system32\6965v9z3136.ocx
c:\windows\system32\6d95th9ez269.ocx
c:\windows\system32\6eebba9kdozr3145.dll
c:\windows\system32\6ff5bazkdoor579.bin
c:\windows\system32\709759zj7e7.dll
c:\windows\system32\710zsp96b05.exe
c:\windows\system32\7195sp9rsz10.ocx
c:\windows\system32\72f49hie52z91.exe
c:\windows\system32\7334downzoad5r27369.exe
c:\windows\system32\73599ackdozr1555.exe
c:\windows\system32\743bthr9at30z265.cpl
c:\windows\system32\749csteal2752z.dll
c:\windows\system32\74do95lzader814.cpl
c:\windows\system32\7594downlo9zer1593.bin
c:\windows\system32\75ea9hie532z5.exe
c:\windows\system32\76z1spy395.ocx
c:\windows\system32\7724not-a-virzs3995.cpl
c:\windows\system32\7739viz9s454.bin
c:\windows\system32\77za5ddware619.bin
c:\windows\system32\7930tzi951732.dll
c:\windows\system32\7969t5reat14z46.dll
c:\windows\system32\79f7spzrse5937.cpl
c:\windows\system32\7a9caddwar9z635.dll
c:\windows\system32\7b74bz5kdoor898.bin
c:\windows\system32\7b7cs9arsez925.bin
c:\windows\system32\7d9bthz9f5904.exe
c:\windows\system32\7f9caddwarz2859.bin
c:\windows\system32\8667worm5z19.dll
c:\windows\system32\8z25i9697.exe
c:\windows\system32\9008z5y44e.ocx
c:\windows\system32\906cv5r2z44.ocx
c:\windows\system32\90919spyzb5.bin
c:\windows\system32\913925azktool571.bin
c:\windows\system32\91970wor5548z.exe
c:\windows\system32\91985ir22z0.bin
c:\windows\system32\92344spamboz5a15.bin
c:\windows\system32\9245teal1z789.ocx
c:\windows\system32\9248tzo5315.bin
c:\windows\system32\92617vzrus50d.dll
c:\windows\system32\9281thizf5859.ocx
c:\windows\system32\9295noz-a-virus452.bin
c:\windows\system32\9465spzware2972.exe
c:\windows\system32\95036spambotz75.bin
c:\windows\system32\956fthzef11495.exe
c:\windows\system32\9594stzal1312.ocx
c:\windows\system32\95a5spzware243.exe
c:\windows\system32\95z4sparse3507.cpl
c:\windows\system32\9605iruszbd.ocx
c:\windows\system32\961vi5uz4499.dll
c:\windows\system32\9671h9cktz5l1c8.dll
c:\windows\system32\96aspywa5e690z.dll
c:\windows\system32\975fdownlozder608.exe
c:\windows\system32\975zspy5are513.exe
c:\windows\system32\97f4thzeat15170.ocx
c:\windows\system32\989zth5ef2699.cpl
c:\windows\system32\9935troj25bz.exe
c:\windows\system32\9954hackto9l5z5.cpl
c:\windows\system32\9959vir5s6z4.ocx
c:\windows\system32\99a4downloader555z.cpl
c:\windows\system32\99azv5r333.ocx
c:\windows\system32\9a1zackdoor5502.ocx
c:\windows\system32\9a61do5nloader255z.exe
c:\windows\system32\9b5addwaze1894.cpl
c:\windows\system32\9czddownlo5der869.bin
c:\windows\system32\9e8a5hzeat5260.cpl
c:\windows\system32\9zc7thief570.ocx
c:\windows\system32\a8e5i95z.dll
c:\windows\system32\af6bac5dzor2989.cpl
c:\windows\system32\bd1addwaze25189.cpl
c:\windows\system32\c59vir902z.bin
c:\windows\system32\drivers\MSIVXujnmhctvdlftiqmelxbwqpulvvjtmxel.sys
c:\windows\system32\ecazpa59e698.ocx
c:\windows\system32\fb29pyware30z5.bin
c:\windows\system32\fb7za9kd5or241.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkmkvjimenrphyyosivrjbapaerlrdfay.dll
c:\windows\system32\MSIVXvypuhrgxoyobqnyjskdsxwntjxfujoym.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z0706spa9bot758.bin
c:\windows\system32\z141995y332.bin
c:\windows\system32\z141spam5ot598.dll
c:\windows\system32\z16t59ef1950.exe
c:\windows\system32\z17ba5kdoor20589.bin
c:\windows\system32\z2c2ba5kdoor3981.ocx
c:\windows\system32\z3812no5-9-virus748.cpl
c:\windows\system32\z428hack5o9l8b.ocx
c:\windows\system32\z481s5ambot449.ocx
c:\windows\system32\z543vir8999.bin
c:\windows\system32\z549spy745.ocx
c:\windows\system32\z55addwar92255.ocx
c:\windows\system32\z5821spambot4389.exe
c:\windows\system32\z659teal31605.cpl
c:\windows\system32\z8259t9oj29d.ocx
c:\windows\system32\z988spyw5re502.cpl
c:\windows\system32\z996backdoor5073.cpl
c:\windows\system32\z9aeba5kdoor593.cpl
c:\windows\system32\z9f5thief2592.cpl
c:\windows\system32\za8thi9f952.cpl
c:\windows\system32\zfb5v9r5915.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z046sp5mbot5419.ocx
c:\windows\z097sp5rse3169.exe
c:\windows\z0ath9e5529.dll
c:\windows\z1e5t9reat54989.ocx
c:\windows\z2f5thief945.cpl

Combo Fix Log cont...

c:\windows\z560n5t-9-virus76.dll
c:\windows\z5972not5a-virus59c.cpl
c:\windows\z6245spambota59.cpl
c:\windows\z624wor950.dll
c:\windows\z6279not-a-vir5s696.exe
c:\windows\z638st9a569.exe
c:\windows\z6d8do9nlo5der3.dll
c:\windows\z759spars51410.ocx
c:\windows\z792vi9us755.ocx
c:\windows\z8565worm99.ocx
c:\windows\z92dspar5e18939.exe
c:\windows\z9811viru5619.ocx
c:\windows\zb9cthreat70245.ocx
c:\windows\zcd9backd5or9172.ocx
c:\windows\ze5b5py9are2645.bin
c:\windows\zf5bt9reat13846.exe
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-09-04 06:52 . 2009-09-04 06:52 10587 ----a-w- c:\windows\system32\51034szy9.bin
2009-06-13 23:31 . 2009-06-13 23:31 -------- d-----w- C:\!KillBox
2009-06-13 22:52 . 2009-06-13 22:52 -------- d-----w- c:\program files\Trend Micro
2009-06-13 21:16 . 2009-06-13 21:16 -------- d-----w- c:\program files\Enigma Software Group
2009-06-13 20:44 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-13 20:44 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-13 20:44 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-13 20:44 . 2009-06-13 20:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-13 20:44 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-13 20:44 . 2009-06-13 20:45 -------- d-----w- c:\program files\Spyware Doctor
2009-06-13 20:44 . 2009-06-13 20:44 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\PC Tools
2009-06-13 20:44 . 2009-06-13 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-13 08:21 . 2009-06-13 08:21 -------- d-sh--w- c:\documents and settings\Tammie.POURFALLAH\PrivacIE
2009-06-13 08:21 . 2009-06-13 08:21 -------- d-sh--w- c:\documents and settings\Tammie.POURFALLAH\IETldCache
2009-06-13 03:34 . 2009-06-13 03:34 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Local Settings\Application Data\MicroVision Applications
2009-06-11 13:22 . 2009-06-11 13:22 -------- d-sh--w- c:\documents and settings\Shaheen.POURFALLAH\PrivacIE
2009-06-10 22:16 . 2009-06-10 22:16 -------- d-sh--w- c:\documents and settings\Shaheen.POURFALLAH\IETldCache
2009-06-10 21:29 . 2009-06-10 21:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-10 20:30 . 2009-06-10 20:33 -------- dc-h--w- c:\windows\ie8
2009-06-08 19:34 . 2009-06-08 19:34 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Sonic
2009-06-08 19:34 . 2009-06-08 19:34 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Leadertech
2009-06-08 18:54 . 2009-06-08 18:54 152576 ----a-w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-27 00:43 . 2009-05-27 00:43 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\GARMIN
2009-05-27 00:42 . 2009-05-27 00:42 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-05-27 00:42 . 2009-05-27 00:42 -------- d-----w- c:\program files\Garmin
2009-05-26 23:09 . 2009-05-26 23:09 -------- d-----w- c:\program files\Ares Vista

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 01:22 . 2009-01-11 02:04 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\mIRC
2009-06-14 00:34 . 2009-01-11 02:04 -------- d-----w- c:\program files\mIRC
2009-06-13 23:52 . 2007-04-10 02:42 -------- d-----w- c:\program files\Steam
2009-06-13 22:16 . 2005-10-19 23:34 -------- d-----w- c:\program files\GemMaster
2009-06-13 21:57 . 2006-12-23 18:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-13 19:54 . 2008-12-20 09:59 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Skype
2009-06-13 10:59 . 2008-12-31 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-13 08:56 . 2008-05-01 07:13 -------- d-----w- c:\documents and settings\Tammie.POURFALLAH\Application Data\Juniper Networks
2009-06-12 23:13 . 2008-12-20 10:01 -------- d-----w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\skypePM
2009-06-10 19:00 . 2008-05-02 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 18:55 . 2005-10-19 23:40 -------- d-----w- c:\program files\Java
2009-05-27 00:42 . 2008-07-14 00:18 -------- d-----w- c:\program files\DIFX
2009-03-22 23:44 . 2009-03-22 23:44 51056 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-22 23:23 . 2009-03-22 23:23 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-22 00:36 . 2009-03-22 00:36 503808 ----a-w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-582ddd6c-n\msvcp71.dll
2009-03-22 00:36 . 2009-03-22 00:36 499712 ----a-w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-582ddd6c-n\jmc.dll
2009-03-22 00:36 . 2009-03-22 00:36 348160 ----a-w- c:\documents and settings\Shaheen.POURFALLAH\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-582ddd6c-n\msvcr71.dll
2009-03-17 12:29 . 2009-03-17 12:29 503808 ----a-w- c:\documents and settings\Bardia.POURFALLAH\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1d54f57b-n\msvcp71.dll
2009-03-17 12:29 . 2009-03-17 12:29 499712 ----a-w- c:\documents and settings\Bardia.POURFALLAH\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1d54f57b-n\jmc.dll
2009-03-17 12:29 . 2009-03-17 12:29 348160 ----a-w- c:\documents and settings\Bardia.POURFALLAH\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1d54f57b-n\msvcr71.dll
.

Combo Fix Log cont... Final part

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-20 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-03 864256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 2.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Steam\\steamapps\\atbs495\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Tammie.POURFALLAH\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ares Vista\\AresVista.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\atbs495\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/13/2009 1:44 PM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2008 6:33 PM 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/6/2008 9:23 PM 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/6/2008 9:23 PM 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2008 6:33 PM 76040]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [7/13/2008 5:17 PM 22784]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [7/22/2008 4:59 PM 12032]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/13/2009 1:44 PM 348752]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/20/2008 3:16 AM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-31 16:40]

2009-06-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-06-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uLocal Page = \blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-14 19:09
ComboFix-quarantined-files.txt 2009-06-14 02:09

Pre-Run: 215,159,259,136 bytes free
Post-Run: 217,214,717,952 bytes free

940 --- E O F --- 2009-06-10 20:33

Hello.
Before we remove the leftovers, I want to get an uninstall list.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

The uninstall list from Hijack

Ad-Aware 2007
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 8.1.3
Advanced WindowsCare Personal
Adware Professional v5.0
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AIM 6
Apple Mobile Device Support
Apple Software Update
Ares Vista 3.0.9.9002
ATI Catalyst Control Center
ATI Display Driver
Atomic Clock Sync
AVG Free 8.0
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Big Kahuna Reef from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
CCleaner (remove only)
CMN3
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from HP Media Center (remove only)
Digby's Donuts from HP Media Center (remove only)
Download Updater (AOL LLC)
Easy Internet Sign-up
FATE Demo from HP Media Center (remove only)
ffdshow [rev 1928] [2008-04-10]
Flip Words from HP Media Center (remove only)
Garmin Communicator Plugin
Garmin USB Drivers
GemMaster Mystic
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Game Console and games
HP Image Zone for Media Center PC
hp officejet g series - 2
HP Software Update
HP Tunes
HPTunesAddIn
Insaniquarium Deluxe from HP Media Center (remove only)
Intel(R) PRO Network Connections Drivers
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jewel Quest from HP Media Center (remove only)
Juniper Networks Network Connect 6.2.0
Mah Jong Quest from HP Media Center (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
MobileMe Control Panel
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
Office 2003 Tour
Otto
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2005
QuickTime
Razer DeathAdder(TM) Mouse
RealPlayer
Realtek High Definition Audio Driver
RegCure 1.5.0.1
RegistryFix v6.1
Ricochet Lost Worlds from HP Media Center (remove only)
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Skype 3.8
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpyHunter
Spyware Doctor 6.0
Steam
Super Granny from HP Media Center (remove only)
Swarm from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
Ventrilo Client
Viewpoint Media Player
WildTangent Web Driver
Windows Driver Package - Cypress (CyUsb) USB
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ares Vista 3.0.9.9002
J2SE Runtime Environment 5.0
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\51034szy9.bin

Folder::
C:\!KillBox
c:\program files\Ares Vista
c:\Program Files\Ares

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ares Vista\\AresVista.exe"=

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Alrigh i perform all things in that last msg you left me...still have the notes if you want

my internet explorer now though is telling me its running wit addons disbaled

When i open up I.E it gives me a window staing this

[b]This is an add-on that can cause I.E to stop responding or crash
The safe search for I.E add-on vertion 8.0.0.152 published by AVG tech is not compatible w/ I.E 8


I can either check online for updates

or

i can always open I.E w/o this add-on ...

If the add on is not compatible with that version of IE then its is recommended that you remove it so it can prevent IE from crashing.

kk ty

so belahzur, im i good wit everything? should i remove all the programs from my comp or?

Couple of things left to do,


Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Update Quick scan MBAM log file

Malwarebytes' Anti-Malware 1.37
Database version: 2279
Windows 5.1.2600 Service Pack 3

6/14/2009 2:44:04 PM
mbam-log-2009-06-14 (14-44-04).txt

Scan type: Quick Scan
Objects scanned: 165223
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\adwarealert\DataBaseNew.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Log\log_2006_05_09_23_46_29.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Log\log_2006_05_09_23_46_30.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\program files\adwarealert\Settings\Settings.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

so am i all set?

I'd say so, MBAM only found a rogue scanner.
How's the machine running?

Seems like its all running good.

Thanks for your help i coudn't find ny other thing to do to get that crap off my PC

All the programs i downloaded..is it safe just to uninstill/remove from the comp?

Yep.