WinBlueSoft

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:22 AM, on 20/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Aisha\Downloads\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Tester] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{986993C9-A134-4950-9011-F19F0850B9E8}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9606 bytes

i ended up downloading that malware programe but it wont open when i double click it.

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O4 - HKCU\..\Run: [Tester] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
  O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
  O17 - HKLM\System\CCS\Services\Tcpip\..\{986993C9-A134-4950-9011-F19F0850B9E8}: NameServer = 85.255.112.227,85.255.112.166
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
  O17 - HKLM\System\CS1\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

did you want the whole combo-fix log?
its too big to send at once, should i split it?

thanks for bearing with me, although im sure your used to the computer illiterate by now.

oh god, i totally spaced on the 'Hijack This' thing you were talking about.
where is that?

oh wait, i found it.
god im embarrassing myself here

If you have done the HijackThis instructions can you please post the ComboFix log, if its too big, split the log into two posts or more if required.

ComboFix 09-06-18.02 - Aisha 20/06/2009 1:35.1 - NTFSx86
Microsoft Windows Vista Home Basic 6.0.6000.0.1252.61.1033.18.1013.365 [GMT 10:00]
Running from: c:\users\Aisha\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1320262128-2629484264-1044633116-500
c:\$recycle.bin\S-1-5-21-574531670-2627101763-1657913589-500
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\$recycle.bin\S-1-5-21-1320262128-2629484264-1044633116-500\desktop.ini
c:\$recycle.bin\S-1-5-21-574531670-2627101763-1657913589-500\desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
c:\windows\1009wozm6a5.ocx
c:\windows\10585spy94z.cpl
c:\windows\10691viz5s204.exe
c:\windows\109z0not-a-5irus7bb.ocx
c:\windows\11333hacktoo9z15.cpl
c:\windows\11393z9y5fa5.cpl
c:\windows\113z9wor559f.dll
c:\windows\11449own5oader6z6.bin
c:\windows\115bdownz59der771.dll
c:\windows\1225s9ywaze3015.dll
c:\windows\1225z9r374.cpl
c:\windows\122dbackdoo9z5.dll
c:\windows\12329hacktooz5159.exe
c:\windows\12594no9-a-viruszac.bin
c:\windows\12949t5oz103.cpl
c:\windows\12953hacktoo9z91.cpl
c:\windows\13022trz56809.ocx
c:\windows\13855tz9jf2.exe
c:\windows\13ffaddwzre94535.bin
c:\windows\13z65n95-a-virus42e.exe
c:\windows\13z979ro5472.ocx
c:\windows\1429not5a-viruz1e0.cpl
c:\windows\145539irus9z.dll
c:\windows\14559szam9ot55b.ocx
c:\windows\15372z5y98f.dll
c:\windows\154059orm1caz.ocx
c:\windows\154515acktzol7f9.bin
c:\windows\15464tzo5519.exe
c:\windows\15730t9ojzf9.dll
c:\windows\1575wozm696.ocx
c:\windows\15835zp9775.bin
c:\windows\15905not-a-virus2ez.dll
c:\windows\15993vi5us300z.cpl
c:\windows\15a2spzware9719.dll
c:\windows\16111zpamb59550.dll
c:\windows\166609ackto5l2fz.dll
c:\windows\167565ot-a-viruz4969.exe
c:\windows\1694z5orm3ae.cpl
c:\windows\1709vir5z75.dll
c:\windows\1738z9orm325.exe
c:\windows\17931h5cktooz34b.exe
c:\windows\17964noz-a-v5rus2ce.cpl
c:\windows\17ffdow95zader405.ocx
c:\windows\17z56v95us18.dll
c:\windows\1853zh9ef1458.ocx
c:\windows\18611z9ambot5d65.dll
c:\windows\18z349acktoolce5.dll
c:\windows\19003spa5bot775z.exe
c:\windows\1905do5nloader2581z.cpl
c:\windows\19153v9rzs76.exe
c:\windows\1924195y6f6z.exe
c:\windows\196825z9335.exe
c:\windows\19751s5azbot19c.ocx
c:\windows\1986z5irusad.cpl
c:\windows\19959zp56a.bin
c:\windows\19b3sparse155z9.dll
c:\windows\1c14t95ef1z40.cpl
c:\windows\1c28s9eal2z585.ocx
c:\windows\1e96azd9are5117.dll
c:\windows\1eb9bazkdo5r315.ocx
c:\windows\1ezesp5ware9604.ocx
c:\windows\1z5dsp59are54.dll
c:\windows\1z899s5ambot1d7.exe
c:\windows\1z95do9nloader1195.ocx
c:\windows\2049spa5se1z87.bin
c:\windows\20e5downzoader27859.dll
c:\windows\21427haczt9o55f4.ocx
c:\windows\21455hacktool1z09.exe
c:\windows\21559not-a-virusz99.ocx
c:\windows\2155ztroj9b5.cpl
c:\windows\21813s9y38z5.ocx
c:\windows\21957spam95tz3e.dll
c:\windows\21z10v59us501.cpl
c:\windows\22159troz9f9.bin
c:\windows\22175notz5-9irus660.bin
c:\windows\22365pazbot3159.exe
c:\windows\228055r9j1z2.bin
c:\windows\229345r9jz79.bin
c:\windows\229505irus492z.dll
c:\windows\23406szambot5f09.bin
c:\windows\237459z371.bin
c:\windows\2374t9zea525685.cpl
c:\windows\238z7vi9u554.exe
c:\windows\23925troj778z.cpl
c:\windows\239athzeat930455.dll
c:\windows\23z97wor513a.cpl
c:\windows\24233hacktzo59cd.dll
c:\windows\24389spz2d59.dll
c:\windows\24668wo5z5019.bin
c:\windows\24851wo9m52z.cpl
c:\windows\25090no5za-v9rus78f.cpl
c:\windows\250aaddwar968z.exe
c:\windows\25128spy920z.dll
c:\windows\251755acktoo93z2.exe
c:\windows\2526zviru55e9.cpl
c:\windows\255449iz5s424.cpl
c:\windows\25550v5rusz97.ocx
c:\windows\25681hacktozl495.exe
c:\windows\25715zp9mbot146.dll
c:\windows\259zvi53187.cpl
c:\windows\25azvir5229.dll
c:\windows\25zdth5eat5976.ocx
c:\windows\261zt9ief5010.dll
c:\windows\26509zroj665.dll
c:\windows\26ccs9ezl253.exe
c:\windows\26z93spambot9ee5.bin
c:\windows\27549worz669.bin
c:\windows\2758zspy6ab9.bin
c:\windows\27761no5-a-9irus36cz.cpl
c:\windows\279055ot-a-virus2bz.dll
c:\windows\28572troz59.exe
c:\windows\285b9hiez399.dll
c:\windows\29090hzc5tool2c0.bin
c:\windows\2915859y7cz.ocx
c:\windows\2929troj5z2.exe
c:\windows\293cv5z366.exe
c:\windows\29694vzru5399.exe
c:\windows\297075zrmeb.ocx
c:\windows\29765szy5d8.exe
c:\windows\2977zs59725.ocx
c:\windows\29839w9rmzc25.dll
c:\windows\29879t5oj41z.cpl
c:\windows\298z9w5r952a.exe
c:\windows\2995spyz5r91024.exe
c:\windows\299no5-9zvirus653.ocx
c:\windows\29f6downloadzr1536.ocx
c:\windows\29zwo5m643.dll
c:\windows\2a52z9ief1548.exe
c:\windows\2a93threat963z55.exe
c:\windows\2b95spzw9re31565.bin
c:\windows\2d9cs5ywarez535.exe
c:\windows\2e6dzown95ader3138.cpl
c:\windows\2fa2zhi9f1521.cpl
c:\windows\2z23addwa5e2429.ocx
c:\windows\2z259wo5m492.bin
c:\windows\2z699s5y251.bin
c:\windows\2zb9steal2512.ocx
c:\windows\301539zrus485.cpl
c:\windows\30529hackt5oz789.bin
c:\windows\30z97vi9us35f.bin
c:\windows\31199spamb5tz61.exe
c:\windows\3183t59j8z.bin
c:\windows\3192s9ea5574z.exe
c:\windows\31d9v9z518.dll
c:\windows\325569py5z5.cpl
c:\windows\32573v5r9sb9z.ocx
c:\windows\326z9troj95.bin
c:\windows\32905spz27b.dll
c:\windows\331zvir56629.dll
c:\windows\335zthr95t31209.exe
c:\windows\3375azdwa9e2996.exe
c:\windows\33985owzload9r3182.exe
c:\windows\351bzackdoor2967.cpl
c:\windows\358ddown9o5der104z.dll
c:\windows\3594spars9z742.dll
c:\windows\3609zir915.bin
c:\windows\36ffthzef5829.ocx
c:\windows\3859v9z600.cpl
c:\windows\3895tzal572.exe
c:\windows\3897ad9waze23815.ocx
c:\windows\3899s954z9.cpl
c:\windows\396zw5rm625.ocx
c:\windows\39c8b5ckdoor3z9.ocx
c:\windows\3b29vi516z8.ocx
c:\windows\3d51spaz9e519.bin
c:\windows\3e95threaz20365.dll
c:\windows\3f35spywarz5619.bin
c:\windows\3fdzv5r596.exe
c:\windows\3z22w5rm629.dll
c:\windows\3z359tro5f6.ocx
c:\windows\3z509hreat17185.cpl
c:\windows\3z61troj5459.dll
c:\windows\3z8c9p5rse1344.exe
c:\windows\3za85ackd9or2227.dll
c:\windows\3zedthrea529525.exe
c:\windows\4051spzrse9460.ocx
c:\windows\4453d9wnzoader754.dll
c:\windows\450zdownloa9er20.dll
c:\windows\4535wor919z.ocx
c:\windows\4559sparse1z.exe
c:\windows\45z4sparse28759.exe
c:\windows\4624spzw9r52988.cpl
c:\windows\4733tzre5t21119.exe
c:\windows\47z69roj5d1.bin
c:\windows\4855th5ezt210299.ocx
c:\windows\4972stezl1055.ocx
c:\windows\4980spars5989z.dll
c:\windows\4985pambotzc29.bin
c:\windows\4z2fthr5at98917.dll
c:\windows\4z56thre9t17696.cpl
c:\windows\5009s5arse12z.ocx
c:\windows\5056s9ambotz40.exe
c:\windows\51292spy7z.dll
c:\windows\512bbac5door3993z.ocx
c:\windows\51461tro9e0z.dll
c:\windows\5195sp9rse1926z.bin
c:\windows\52285no9-a-virus7bz.dll
c:\windows\5229hacktool55z.ocx
c:\windows\527zt9o57ec.dll
c:\windows\528fbackdoor3195z.cpl
c:\windows\532169acktzol767.exe
c:\windows\53359szambot299.bin
c:\windows\533fspywa5z32029.ocx
c:\windows\53439v9zus4d3.exe
c:\windows\541zaddwa9e2825.exe
c:\windows\54a35oznloade92810.dll
c:\windows\5555thiefz9029.cpl
c:\windows\5569w9rmbz.cpl
c:\windows\55b7ba9kdzor35.bin
c:\windows\55spamzot92e.ocx
c:\windows\5645b9c5dozr1269.bin
c:\windows\567279ot-a-virus17z.ocx
c:\windows\567ste5l2699z.bin
c:\windows\57849hzeat50380.exe
c:\windows\57d5v9r24z3.dll
c:\windows\57f69hreatz3954.bin
c:\windows\5801worm25z9.ocx
c:\windows\5834zpywar91599.bin
c:\windows\5849not-a9viru5z4a.exe
c:\windows\58538h9ckzool56a.ocx
c:\windows\5857zteal9610.bin
c:\windows\5859spyware2362z.dll
c:\windows\5908vir5901z.exe
c:\windows\5920addwzre552.exe
c:\windows\5947threat9z70.cpl
c:\windows\59572hacktool5z7.cpl
c:\windows\5957sparse615z.cpl
c:\windows\5959spyz75.cpl
c:\windows\5968not-z-virus5ac.ocx
c:\windows\59advir98z0.ocx
c:\windows\5a1vi950z7.bin
c:\windows\5a27sparsez995.ocx
c:\windows\5aa95p9wzre515.exe
c:\windows\5b3zt9ief27465.ocx
c:\windows\5b8backd5oz5929.ocx
c:\windows\5bz2sparse15179.cpl
c:\windows\5c5stealz149.bin
c:\windows\5ca6bac9door278z.exe
c:\windows\5d96v9r74z.cpl
c:\windows\5e79sp9waze459.exe
c:\windows\5fca9z51483.dll
c:\windows\5z4thr9at31033.exe
c:\windows\5z549troj52d.dll
c:\windows\5z955virus50d.bin
c:\windows\5z9fs9yware1501.ocx
c:\windows\5zvir2965.dll
c:\windows\6157doznlo59er413.dll
c:\windows\6241b9ckdoor2z85.ocx
c:\windows\6259steaz2958.dll
c:\windows\6295acktozl670.dll
c:\windows\62dedo9nloazer21595.ocx
c:\windows\64c49hizf3526.exe
c:\windows\64f7t5zef390.ocx
c:\windows\6549tzreat22090.ocx
c:\windows\65d7z9eal936.cpl
c:\windows\664a5ddzare893.dll
c:\windows\6758zparse1297.bin
c:\windows\67z6a9dware23615.ocx
c:\windows\6905sparze1415.dll
c:\windows\695dvir59z9.bin
c:\windows\699fthief5z84.dll
c:\windows\69bztea52166.bin
c:\windows\69e5steal255z.bin
c:\windows\6c87addw59e1191z.cpl
c:\windows\6c96backzo5r86.cpl
c:\windows\6cc5s9arsez9825.exe
c:\windows\6e59thrza51670.cpl
c:\windows\6z9eaddware1555.dll
c:\windows\7151s9azse300.exe
c:\windows\7165worz5e9.bin
c:\windows\7299thr5at1477z.dll
c:\windows\72f49zea52916.exe
c:\windows\72z8ad9w5re3147.ocx
c:\windows\73z1thief91645.bin
c:\windows\7404notza-viru91a5.ocx
c:\windows\7499s9ywaze5102.bin
c:\windows\753spyz0c9.ocx
c:\windows\7545zorm1995.dll
c:\windows\7552sparsz22299.ocx
c:\windows\7564spzware5397.dll
c:\windows\7569noz-95virus642.dll
c:\windows\75d85ownloa9er1374z.cpl
c:\windows\75zestea92753.cpl
c:\windows\7671st9al5257z.bin
c:\windows\770az9ea52351.bin
c:\windows\7798d5wnloaderz74.bin
c:\windows\78915ir1603z.cpl
c:\windows\789dbzck5oor1850.exe
c:\windows\78b9sp5r9z2550.cpl
c:\windows\791zhacktool50f.bin
c:\windows\7933spyw9re1659z.cpl
c:\windows\793thief299z5.cpl
c:\windows\7994spyw5re1404z.dll
c:\windows\79965ownlozder1204.ocx
c:\windows\79e7dowzloader2521.exe
c:\windows\79sp5r9z2124.bin
c:\windows\7a5ea9dware195z.exe
c:\windows\7c1b9zckdoor5320.dll
c:\windows\7d65do9nzoad5r3193.bin
c:\windows\7eb1a5dw9re278z.ocx
c:\windows\7fbfszea56169.cpl
c:\windows\7z25ste9l19.exe
c:\windows\7z50hac9tool75d.exe
c:\windows\809thi5z3084.exe
c:\windows\8331ha9kto5l5fz.exe
c:\windows\8550h9ckzool625.ocx
c:\windows\8b9stealz955.bin
c:\windows\8fes5ywzre2089.ocx
c:\windows\91243trojzf75.exe
c:\windows\915765zrm2cf.dll
c:\windows\9162vizus54.bin
c:\windows\91z95irus3d4.cpl
c:\windows\9243zwo5m2a8.cpl
c:\windows\9260downloa5zr369.ocx
c:\windows\931tr9jze5.ocx
c:\windows\9356zpy297.bin
c:\windows\93ddthzeat56197.bin
c:\windows\94085wormz885.dll
c:\windows\943asteal1045z.ocx
c:\windows\946zsteal15875.ocx
c:\windows\9573szy3479.cpl
c:\windows\96513s5yz9.exe
c:\windows\96543nzt-a5virus12e.exe
c:\windows\96635viruszcf.cpl
c:\windows\97665worm4ez.bin
c:\windows\9895spycz.cpl
c:\windows\9924s9569cz.cpl
c:\windows\993viruz5d3.exe
c:\windows\99581troj38z5.bin
c:\windows\995backdoorz251.cpl
c:\windows\9961no5za-v9rus61c.ocx
c:\windows\9c3fv5r3233z.dll
c:\windows\9c5vir1z535.bin
c:\windows\9z19s9am5ot5ad.bin
c:\windows\bc85tealz923.exe
c:\windows\bef5zarse179.bin
c:\windows\c54threaz287869.dll
c:\windows\c99threzt4050.dll
c:\windows\d32addz5re1999.cpl
c:\windows\d52vir3z929.ocx
c:\windows\dcadownz9ader1550.exe
c:\windows\e17s9ar5z6.bin
c:\windows\ebcthi9f255z.exe
c:\windows\f95stezl918.dll
c:\windows\f9stea54z6.exe
c:\windows\system32\1066d95nloadzr1935.cpl
c:\windows\system32\10857spazbot5b9.dll
c:\windows\system32\11150hack5ool195z.bin
c:\windows\system32\115185roj319z.bin
c:\windows\system32\1185not-a-virz95b1.exe
c:\windows\system32\1188ba9k5oor3z04.cpl
c:\windows\system32\12580zp91705.exe
c:\windows\system32\12650zp93a8.cpl
c:\windows\system32\1268a5dware199z.cpl
c:\windows\system32\129zt9rea51215.dll
c:\windows\system32\130azhief1945.dll
c:\windows\system32\1311zp95e.cpl
c:\windows\system32\13859t9zj7ec5.ocx
c:\windows\system32\14094z9oj275.cpl
c:\windows\system32\14224haczt9ol55.bin
c:\windows\system32\142905py62dz.bin
c:\windows\system32\14585virus94z.bin
c:\windows\system32\14685w5r93zc.dll
c:\windows\system32\14793szamb5t29d.bin
c:\windows\system32\14853wormz19.bin
c:\windows\system32\149619ot-a-viruz255.dll
c:\windows\system32\151799izus31.dll
c:\windows\system32\15274sp95zf.exe
c:\windows\system32\152z9hacktool4589.bin
c:\windows\system32\15389nzt-a-vi9us3f35.bin
c:\windows\system32\15450w9rz187.bin
c:\windows\system32\1568zvirus795.ocx
c:\windows\system32\15739hacztool569.bin
c:\windows\system32\15991troz553.bin
c:\windows\system32\15b09hief83z.exe
c:\windows\system32\16005hacktool5z9.bin
c:\windows\system32\16595worm2z7.bin
c:\windows\system32\16938vzr5s639.cpl
c:\windows\system32\16953spy6za.cpl
c:\windows\system32\16958spy50dz.dll
c:\windows\system32\16azsparse13975.exe
c:\windows\system32\16b2thi951066z.bin
c:\windows\system32\16z92w5rm549.cpl
c:\windows\system32\170155orm599z.dll
c:\windows\system32\1780spamz9523e.exe
c:\windows\system32\17862notza-v9rus5aa.cpl
c:\windows\system32\17946not5a-vizu958a.dll
c:\windows\system32\17z35v9rus5a1.ocx
c:\windows\system32\18952spa5bot14z.cpl
c:\windows\system32\18c9spy5arez229.bin
c:\windows\system32\191z9s9y595.exe
c:\windows\system32\19475zr591d5.cpl
c:\windows\system32\19525szy569.ocx
c:\windows\system32\19569virzs710.dll
c:\windows\system32\19650trzj5d.dll
c:\windows\system32\198z5troj5af5.bin
c:\windows\system32\19924spambz5569.dll
c:\windows\system32\19997troj350z.exe
c:\windows\system32\19bz5teal2674.dll
c:\windows\system32\1a9dtzief14495.dll
c:\windows\system32\1b58szyw9re2951.dll
c:\windows\system32\1b5za9dware81.dll
c:\windows\system32\1b9c9i5274z.dll
c:\windows\system32\1c7edownlza5er915.ocx
c:\windows\system32\1cz5thief50549.dll
c:\windows\system32\1fe3addware1595z.dll
c:\windows\system32\1z455hack9ool361.dll
c:\windows\system32\1z584h9ckto5l25f.exe
c:\windows\system32\1z957not-a-viru54fa.ocx
c:\windows\system32\1z9aaddwa5e2551.cpl
c:\windows\system32\1za9thre5t9149.ocx
c:\windows\system32\1ze995dware453.dll
c:\windows\system32\20086not-a5v9ruszd6.ocx
c:\windows\system32\20592sp5zbot1f5.exe
c:\windows\system32\20848hacztool59.dll
c:\windows\system32\209zsp9rs5749.bin

c:\windows\system32\21129spy2az5.ocx
c:\windows\system32\21291not9a-vir5szd9.bin
c:\windows\system32\21533hzcktool2c9.bin
c:\windows\system32\2155viru910z.exe
c:\windows\system32\2197spyz595.cpl
c:\windows\system32\21ffsparse1z559.cpl
c:\windows\system32\22060zroj559.exe
c:\windows\system32\220865pzmbot90.exe
c:\windows\system32\2280vir9sz95.bin
c:\windows\system32\22929not-a5virus1z.ocx
c:\windows\system32\234849py53fz.dll
c:\windows\system32\2355595rmzcb.bin
c:\windows\system32\236069pzb5.exe
c:\windows\system32\2363thie9z5155.dll
c:\windows\system32\23690szy5a1.exe
c:\windows\system32\23833noz-a-vir9s5785.cpl
c:\windows\system32\23892vi5u9dfz.exe
c:\windows\system32\23e85zd9are2425.bin
c:\windows\system32\24649tz593dd.ocx
c:\windows\system32\24aaaddwzre9159.exe
c:\windows\system32\drivers\MSIVXoolbgvfsbodsivgpnfabdjvvsppneexu.sys
c:\windows\system32\KBL.LOG
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXfiiacdnbbnkervwbctapwaqukurfbosi.dll
c:\windows\system32\MSIVXmnocrowdoqmibfvfpocxemvgcrkicvdp.dll
c:\windows\system32\setup2.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z02635ot-a-virus92f.exe
c:\windows\z05hacktoo9b9.bin
c:\windows\z0659h9cktool82.exe
c:\windows\z0965spy2985.cpl
c:\windows\z1e5addwa5e119.cpl
c:\windows\z398threa525926.dll
c:\windows\z3e95ir3125.cpl
c:\windows\z535vir19569.ocx
c:\windows\z5473virus5905.dll
c:\windows\z5909s9y229.dll
c:\windows\z5abac9door641.exe
c:\windows\z6a8sp59se973.exe
c:\windows\z7062w5r973e.cpl
c:\windows\z8470v9rus6995.dll
c:\windows\z88255ro911a.dll
c:\windows\z89cvir5117.cpl
c:\windows\z9183vi5us1fb.cpl
c:\windows\z950addware2214.exe
c:\windows\z9648vir5sba.ocx
c:\windows\z980troj1e5.ocx
c:\windows\z999spy45a.dll
c:\windows\zb49addwa5e611.dll
c:\windows\zb98download5r1753.exe
c:\windows\zcb8v5r1919.ocx
c:\windows\ze5dbackdo5r2495.dll
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-12-22 06:23 . 2009-12-22 06:23 11066 ----a-w- c:\windows\system32\4511ste9lz399.dll
2009-12-19 04:21 . 2009-12-19 04:21 4807 ----a-w- c:\windows\system32\56155pambot595z.bin
2009-12-17 09:50 . 2009-12-17 09:50 13751 ----a-w- c:\windows\system32\3859thzeat2989.bin
2009-12-17 01:22 . 2009-12-17 01:22 14894 ----a-w- c:\windows\system32\2517backd9or27z4.exe
2009-12-13 23:56 . 2009-12-13 23:56 15418 ----a-w- c:\windows\system32\4294sp5rze549.exe
2009-12-09 05:58 . 2009-12-09 05:58 10662 ----a-w- c:\windows\system32\300595a9ktool58z.dll
2009-12-06 13:18 . 2009-12-06 13:18 8332 ----a-w- c:\windows\system32\24e39zy5are1560.dll
2009-12-03 07:40 . 2009-12-03 07:40 7961 ----a-w- c:\windows\system32\5505v9rus120z.bin
2009-11-28 17:57 . 2009-11-28 17:57 18402 ----a-w- c:\windows\system32\5efbvir15z29.dll
2009-11-25 18:43 . 2009-11-25 18:43 8308 ----a-w- c:\windows\system32\69c3zteal5944.dll
2009-11-25 16:40 . 2009-11-25 16:40 3419 ----a-w- c:\windows\system32\5965downloader86z.bin
2009-11-25 12:07 . 2009-11-25 12:07 15508 ----a-w- c:\windows\system32\z4f4sparse57409.dll
2009-11-13 14:03 . 2009-11-13 14:03 11753 ----a-w- c:\windows\system32\z94595roj74b.bin
2009-11-05 19:10 . 2009-11-05 19:10 2705 ----a-w- c:\windows\system32\29592hack9ozl605.dll
2009-11-04 20:38 . 2009-11-04 20:38 17752 ----a-w- c:\windows\system32\5821spywaze3988.exe
2009-10-22 17:29 . 2009-10-22 17:29 10287 ----a-w- c:\windows\system32\514dsteal9069z.dll
2009-10-20 23:19 . 2009-10-20 23:19 2754 ----a-w- c:\windows\system32\56679hacktoolz88.exe
2009-10-17 02:33 . 2009-10-17 02:33 16469 ----a-w- c:\windows\system32\3z4d5ownl9ader2834.exe
2009-10-15 04:31 . 2009-10-15 04:31 10678 ----a-w- c:\windows\system32\z304n95-a-virus5fb.dll
2009-10-08 15:46 . 2009-10-08 15:46 17641 ----a-w- c:\windows\system32\2759d5wnloader1175z.exe
2009-10-06 14:46 . 2009-10-06 14:46 2648 ----a-w- c:\windows\system32\639cthief54z9.dll
2009-10-03 05:58 . 2009-10-03 05:58 9853 ----a-w- c:\windows\system32\2929zp5rs92851.bin
2009-09-13 00:39 . 2009-09-13 00:39 9023 ----a-w- c:\windows\system32\5401zir1975.dll
2009-09-10 09:31 . 2009-09-10 09:31 10984 ----a-w- c:\windows\system32\z72aaddw5re1900.bin
2009-08-25 17:57 . 2009-08-25 17:57 6037 ----a-w- c:\windows\system32\27485v95us54z.bin
2009-08-21 09:39 . 2009-08-21 09:39 13777 ----a-w- c:\windows\system32\f3f9i5732z.dll
2009-07-28 03:07 . 2009-07-28 03:07 14236 ----a-w- c:\windows\system32\z72459ief2674.exe
2009-07-27 05:41 . 2009-07-27 05:41 7939 ----a-w- c:\windows\system32\3392thr5at3z135.exe
2009-07-21 15:53 . 2009-07-21 15:53 11511 ----a-w- c:\windows\system32\25420spamzot497.exe
2009-07-18 04:04 . 2009-07-18 04:04 5436 ----a-w- c:\windows\system32\z50s9y514.dll
2009-07-09 07:12 . 2009-07-09 07:12 6245 ----a-w- c:\windows\system32\3a059tezl2473.exe
2009-07-08 08:31 . 2009-07-08 08:31 5809 ----a-w- c:\windows\system32\70bthr5z925592.bin
2009-07-05 05:05 . 2009-07-05 05:05 6434 ----a-w- c:\windows\system32\4584szyware985.dll
2009-06-27 04:58 . 2009-06-27 04:58 18361 ----a-w- c:\windows\system32\5ecdszar9e12855.bin
2009-06-23 05:51 . 2009-06-23 05:51 4326 ----a-w- c:\windows\system32\45d7sparsz985.dll
2009-06-19 19:55 . 2009-06-19 19:55 6373 ----a-w- c:\windows\system32\7547ste9lz65.dll
2009-06-19 15:44 . 2009-06-19 15:45 -------- d-----w- c:\users\Aisha\AppData\Local\temp
2009-06-19 15:08 . 2009-06-17 01:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\programdata\Malwarebytes
2009-06-19 15:08 . 2009-06-17 01:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 14:03 . 2009-06-19 14:03 9401 ----a-w- c:\windows\system32\fcfdownlo9der13z5.bin
2009-06-19 14:03 . 2009-06-19 14:03 4716 ----a-w- c:\windows\system32\7434zhi5f1957.bin
2009-06-19 14:03 . 2009-06-19 14:03 11949 ----a-w- c:\windows\system32\5092troz1c59.dll
2009-06-19 14:03 . 2009-06-19 14:03 7952 ----a-w- c:\windows\system32\3059worm1ez.dll
2009-06-19 14:03 . 2009-06-19 14:03 5964 ----a-w- c:\windows\system32\31415hac9tool11z.exe
2009-06-19 14:03 . 2009-06-19 14:03 13109 ----a-w- c:\windows\system32\58z44spy6ae9.bin
2009-06-19 14:03 . 2009-06-19 14:03 12194 ----a-w- c:\windows\system32\552c5a9kzoor260.dll
2009-06-19 14:03 . 2009-06-19 14:03 11332 ----a-w- c:\windows\system32\321z5spamb9t1d8.dll
2009-06-19 14:03 . 2009-06-19 14:03 10254 ----a-w- c:\windows\system32\596zs5arse2961.dll
2009-06-18 04:06 . 2009-06-19 14:15 -------- d-----w- c:\program files\ezt
2009-06-17 15:04 . 2009-06-17 15:04 5963 ----a-w- c:\windows\system32\6z16spy5are29459.exe
2009-06-15 17:11 . 2009-06-15 17:11 11971 ----a-w- c:\windows\system32\4693bazk5oor2943.exe
2009-06-15 11:50 . 2009-06-15 11:50 -------- d-----w- c:\program files\DivxFree
2009-06-14 23:15 . 2009-06-14 23:15 6778 ----a-w- c:\windows\system32\5116zvir9s722.exe
2009-06-13 15:10 . 2009-06-13 15:10 9322 ----a-w- c:\windows\system32\54ezhief2391.exe
2009-06-11 03:02 . 2009-06-11 03:02 3603 ----a-w- c:\windows\system32\91436vir5s1dz.exe
2009-06-08 12:44 . 2007-12-03 07:32 8536 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
2009-06-08 12:44 . 2007-12-05 07:11 10088 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll
2009-06-08 12:41 . 2008-10-17 05:52 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll
2009-06-08 12:41 . 2007-11-21 07:30 9096 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2009-06-08 12:41 . 2007-12-03 07:33 9048 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-05 01:42 . 2009-06-05 01:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 01:42 . 2009-06-05 01:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 03:44 . 2009-06-03 03:44 2863 ----a-w- c:\windows\system32\5990hazktool69.bin
2009-06-02 00:34 . 2008-09-28 20:09 1290584 ----a-w- c:\programdata\Symantec\SyKnAppS\Freezer\NCO\SyKnAppS.dll
2009-06-01 07:01 . 2009-06-15 09:00 -------- d-----w- c:\users\Aisha\AppData\Local\Adobe
2009-06-01 05:01 . 2009-06-01 05:01 -------- d-----w- c:\users\Aisha\AppData\Local\Mozilla
2009-06-01 04:53 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 04:53 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 04:53 . 2009-06-01 04:53 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\program files\iTunes
2009-06-01 04:51 . 2009-06-01 04:51 -------- d-----w- c:\program files\Bonjour
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\users\Aisha\AppData\Local\Apple
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 04:45 . 2009-06-01 04:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 04:45 . 2009-06-18 04:10 -------- d-----w- c:\programdata\Apple
2009-06-01 04:22 . 2009-06-15 12:55 -------- d-----w- c:\users\Aisha\AppData\Local\Google
2009-06-01 04:21 . 2009-06-01 04:22 -------- d-----w- c:\program files\Google
2009-05-28 05:46 . 2009-05-28 05:46 15005 ----a-w- c:\windows\system32\45cz9parse506.dll
2009-05-23 12:50 . 2009-05-23 12:50 2668 ----a-w- c:\windows\system32\65ezpyw5re2952.bin
2009-05-21 10:12 . 2009-05-21 10:12 14846 ----a-w- c:\windows\system32\3626sp5mbzt99a.exe
2009-05-20 16:06 . 2009-05-20 16:06 14036 ----a-w- c:\windows\system32\62abthie59z6.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 07:18 . 2008-09-06 02:39 -------- d-----w- c:\users\Aisha\AppData\Roaming\Apple Computer
2009-06-08 13:01 . 2007-11-22 10:05 -------- d-----w- c:\program files\Norton Internet Security
2009-06-08 13:01 . 2007-11-22 10:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 12:48 . 2007-11-22 10:04 -------- d-----w- c:\program files\Symantec
2009-06-08 12:48 . 2007-11-22 10:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-08 12:48 . 2007-11-22 10:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-08 12:48 . 2007-11-22 10:04 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-08 12:44 . 2007-11-22 10:04 -------- d-----w- c:\programdata\Symantec
2009-06-01 04:53 . 2008-09-06 02:30 -------- d-----w- c:\program files\iPod
2009-06-01 04:51 . 2008-09-06 02:38 -------- d-----w- c:\program files\QuickTime
2009-06-01 04:50 . 2008-09-06 02:32 -------- d-----w- c:\programdata\Apple Computer
2009-05-17 15:36 . 2009-05-17 15:36 9957 ----a-w- c:\windows\system32\5f1avi91z20.exe
2009-05-16 06:18 . 2009-05-16 06:18 17537 ----a-w- c:\windows\system32\978edo5nloadez2623.exe
2009-05-11 17:40 . 2009-05-11 17:40 3862 ----a-w- c:\windows\system32\69z5tro91e.exe
2009-05-08 15:05 . 2009-05-08 15:05 7446 ----a-w- c:\windows\system32\z9496not-a-virus6b5.bin
2009-04-27 06:09 . 2008-05-09 01:18 -------- d-----w- c:\programdata\WildTangent
2009-04-27 05:33 . 2008-09-06 03:03 -------- d-----w- c:\users\Aisha\AppData\Roaming\CyberLink
2009-04-26 11:46 . 2009-04-26 11:46 18021 ----a-w- c:\windows\system32\zba9i51010.bin
2009-04-19 05:17 . 2009-04-19 05:17 5551 ----a-w- c:\windows\system32\294z7wor5c9.exe
2009-04-06 14:42 . 2009-04-06 14:42 9212 ----a-w- c:\windows\system32\5869dowzloader3108.dll
2009-04-03 13:38 . 2009-04-03 13:38 11762 ----a-w- c:\windows\system32\9629no5-a-v9rus591z.dll
2009-04-02 18:00 . 2009-04-02 18:00 16911 ----a-w- c:\windows\system32\939viz5685.bin
2009-04-02 06:29 . 2009-04-02 06:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-22 14:42 . 2009-03-22 14:42 17976 ----a-w- c:\windows\system32\b88t5rea919z60.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-01 68592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{699BBAB6-F545-414D-BE21-1EC36E99D783}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4007D3AD-515F-428F-A7E6-CE9FF5626974}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C0A1D6DF-B778-4BAF-BAF6-C0CC3EDCF218}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{43A1E5FF-18A3-49E9-BC6C-1FDEEFE1A756}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{24F40E89-B8D2-4E86-8560-E0A3ED8DACE3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4E3E10A4-46D1-4F1D-AD81-EFFE9E21FA21}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69BE310D-6329-4D4F-96D6-7CE87948B159}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3DEBD11E-E82E-4460-8995-1DD55E9E3092}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [22/11/2007 8:08 PM 180272]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/06/2009 10:41 PM 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [15/04/2006 4:07 AM 28933976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/11/2007 8:59 PM 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 1:31 PM 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aisha.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 00:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\6kwpor5p.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 01:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-19 1:46
ComboFix-quarantined-files.txt 2009-06-19 15:46

Pre-Run: 30,697,570,304 bytes free
Post-Run: 30,782,066,688 bytes free

711

i dont know how things are looking on the technical side of things, but im not being bombarded with faux spyware dangers anymore- which seems like a major step in the right direction.
soooo..am i done here? because its 2am here in Australia and i could catch some serious z's.
plus i dont want to leave without saying a major thankyou to you, my anonymous computer hero!

We have mostly everything under control, get some sleep we can do this tomorrow

actually, sleep seems kind of unlikely right now, i just made tea.
lets just commence?

..if you wouldnt mind that is

How did you get HijackThis onto your computer Younana? Can you connect to the internet or did you download it from another computer and install it through a USB drive or CD??

Ok then lets commence:



Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\4511ste9lz399.dll
c:\windows\system32\56155pambot595z.bin
c:\windows\system32\56155pambot595z.bin
c:\windows\system32\2517backd9or27z4.exe
c:\windows\system32\4294sp5rze549.exe
c:\windows\system32\300595a9ktool58z.dll
c:\windows\system32\24e39zy5are1560.dll
c:\windows\system32\5505v9rus120z.bin
c:\windows\system32\5efbvir15z29.dll
c:\windows\system32\69c3zteal5944.dll
c:\windows\system32\5965downloader86z.bin
c:\windows\system32\z4f4sparse57409.dll
c:\windows\system32\z94595roj74b.bin
c:\windows\system32\29592hack9ozl605.dll
c:\windows\system32\5821spywaze3988.exe
c:\windows\system32\514dsteal9069z.dll
c:\windows\system32\56679hacktoolz88.exe
c:\windows\system32\3z4d5ownl9ader2834.exe
c:\windows\system32\z304n95-a-virus5fb.dll
c:\windows\system32\2759d5wnloader1175z.exe
c:\windows\system32\639cthief54z9.dll
c:\windows\system32\2929zp5rs92851.bin
c:\windows\system32\5401zir1975.dll
c:\windows\system32\z72aaddw5re1900.bin
c:\windows\system32\27485v95us54z.bin
c:\windows\system32\f3f9i5732z.dll
c:\windows\system32\z72459ief2674.exe
c:\windows\system32\3392thr5at3z135.exe
c:\windows\system32\25420spamzot497.exe
c:\windows\system32\z50s9y514.dll
c:\windows\system32\3a059tezl2473.exe
c:\windows\system32\70bthr5z925592.bin
c:\windows\system32\4584szyware985.dll
c:\windows\system32\5ecdszar9e12855.bin
c:\windows\system32\45d7sparsz985.dll
c:\windows\system32\7547ste9lz65.dll
c:\windows\system32\fcfdownlo9der13z5.bin
c:\windows\system32\7434zhi5f1957.bin
c:\windows\system32\5092troz1c59.dll
c:\windows\system32\3059worm1ez.dll
c:\windows\system32\31415hac9tool11z.exe
c:\windows\system32\58z44spy6ae9.bin
c:\windows\system32\552c5a9kzoor260.dll
c:\windows\system32\321z5spamb9t1d8.dll
c:\windows\system32\596zs5arse2961.dll
c:\windows\system32\6z16spy5are29459.exe
c:\windows\system32\4693bazk5oor2943.exe
c:\windows\system32\5116zvir9s722.exe
c:\windows\system32\54ezhief2391.exe
c:\windows\system32\91436vir5s1dz.exe
c:\windows\system32\5990hazktool69.bin
c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\windows\system32\45cz9parse506.dll
c:\windows\system32\65ezpyw5re2952.bin
c:\windows\system32\3626sp5mbzt99a.exe
c:\windows\system32\62abthie59z6.exe
c:\windows\system32\5f1avi91z20.exe
c:\windows\system32\978edo5nloadez2623.exe
c:\windows\system32\69z5tro91e.exe
c:\windows\system32\z9496not-a-virus6b5.bin
c:\windows\system32\zba9i51010.bin
c:\windows\system32\294z7wor5c9.exe
c:\windows\system32\5869dowzloader3108.dll
c:\windows\system32\9629no5-a-v9rus591z.dll
c:\windows\system32\939viz5685.bin
c:\windows\system32\b88t5rea919z60.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
"AutoUpdateDisableNotify"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

uh im pretty sure i downloaded it from a link i found somewhere on this site.
sensing a disturbance in the force Master?

Hello.
People who don't have wear green/blue/red suits aren't supposed to post in this area unless they are the victim.
Please follow Origins instructions and run the CFScript

c:\windows\system32\6556hacktoo9zae.cpl
c:\windows\system32\65ezpyw5re2952.bin
c:\windows\system32\6863zac9do5r2417.bin
c:\windows\system32\68z7thi9f2550.bin
c:\windows\system32\693spywz5e64.dll
c:\windows\system32\69bcvzr5047.cpl
c:\windows\system32\69c3zteal5944.dll
c:\windows\system32\69ezs5yware3908.ocx
c:\windows\system32\69z5tro91e.exe
c:\windows\system32\6b0atz9ef975.dll
c:\windows\system32\6c1z9hi5f1782.bin
c:\windows\system32\6z16spy5are29459.exe
c:\windows\system32\6z95backdoor3509.bin
c:\windows\system32\70bthr5z925592.bin
c:\windows\system32\70f5ackdoor9z88.exe
c:\windows\system32\719bdo5n9oader638z.ocx
c:\windows\system32\71d9downlozd5r575.cpl
c:\windows\system32\734zh5e92199.cpl
c:\windows\system32\7397sp95are29z9.bin
c:\windows\system32\7434zhi5f1957.bin
c:\windows\system32\7547ste9lz65.dll
c:\windows\system32\75avirz59.ocx
c:\windows\system32\75d8s9arse3001z.cpl
c:\windows\system32\7602do5nlz9der229.cpl
c:\windows\system32\76e29ac5dzor1988.cpl
c:\windows\system32\7759virzs55a9.cpl
c:\windows\system32\7786szeal7569.bin
c:\windows\system32\784znot-9-virus352.cpl
c:\windows\system32\793e5pa9se1z02.cpl
c:\windows\system32\79c8s5arse8z3.cpl
c:\windows\system32\79z7steal755.exe
c:\windows\system32\79z9spyw95e1190.exe
c:\windows\system32\7d7eadzw5re9473.exe
c:\windows\system32\7e6caddwarz93745.ocx
c:\windows\system32\7e92ad9zare19775.cpl
c:\windows\system32\7f84z5reat60439.cpl
c:\windows\system32\7z3cspyware2595.bin
c:\windows\system32\7z4bdownloa5er9244.cpl
c:\windows\system32\7zfs5ar9e3235.ocx
c:\windows\system32\8162zor97b5.cpl
c:\windows\system32\8469trzj1925.ocx
c:\windows\system32\889ztroj357.ocx
c:\windows\system32\90421spy6bz5.dll
c:\windows\system32\9053backdoorz76.cpl
c:\windows\system32\905dspywa5z1354.dll
c:\windows\system32\90681v5rzseb.exe
c:\windows\system32\90684ha5ktooz693.ocx
c:\windows\system32\90795zief2369.cpl
c:\windows\system32\9090hacktool5z9.ocx
c:\windows\system32\91436vir5s1dz.exe
c:\windows\system32\924z5spy363.bin
c:\windows\system32\925z85orm1b9.cpl
c:\windows\system32\92856troz4fd.cpl
c:\windows\system32\939viz5685.bin
c:\windows\system32\93b1a5dwzre405.exe
c:\windows\system32\9455backdooz1186.cpl
c:\windows\system32\946spzrse13385.dll
c:\windows\system32\95b0steal1z73.exe
c:\windows\system32\9629no5-a-v9rus591z.dll
c:\windows\system32\9658virus395z.cpl
c:\windows\system32\9663ztr5j4c4.exe
c:\windows\system32\9668zspambot658.dll
c:\windows\system32\96953spazbot31b.cpl
c:\windows\system32\9712z5eal1618.ocx
c:\windows\system32\978edo5nloadez2623.exe
c:\windows\system32\97t5r9at28092z.cpl
c:\windows\system32\98245t5ozff.ocx
c:\windows\system32\9a91bz5kdoor320.dll
c:\windows\system32\9b5zspyware5761.ocx
c:\windows\system32\9bazvir1975.ocx
c:\windows\system32\9e06vir563z.bin
c:\windows\system32\9e3dow5loadez3221.bin
c:\windows\system32\9ed2zt5al1918.cpl
c:\windows\system32\9fd1downlozde5608.ocx
c:\windows\system32\9z86spyware115.dll
c:\windows\system32\a17down95zder118.dll
c:\windows\system32\ab8addw59e1z09.dll
c:\windows\system32\b55tzief9912.bin
c:\windows\system32\b88t5rea919z60.exe
c:\windows\system32\be5zddwa9e579.bin
c:\windows\system32\dabthief9952z.cpl
c:\windows\system32\eaf5azkdoo92300.ocx
c:\windows\system32\ec5steaz14955.cpl
c:\windows\system32\f3f9i5732z.dll
c:\windows\system32\fcfdownlo9der13z5.bin
c:\windows\system32\z2175hac95ool5d0.ocx
c:\windows\system32\z24779acktool7b5.ocx
c:\windows\system32\z3035pywa9e2919.exe
c:\windows\system32\z304n95-a-virus5fb.dll
c:\windows\system32\z3542virus298.cpl
c:\windows\system32\z3f2thre5t31929.dll
c:\windows\system32\z4f4sparse57409.dll
c:\windows\system32\z50s9y514.dll
c:\windows\system32\z54cvir2925.cpl
c:\windows\system32\z589sparse758.ocx
c:\windows\system32\z638do9nloa5er2592.ocx
c:\windows\system32\z72459ief2674.exe
c:\windows\system32\z72aaddw5re1900.bin
c:\windows\system32\z915spar9e1055.ocx
c:\windows\system32\z91ba9kdo5r776.bin
c:\windows\system32\z94595roj74b.bin
c:\windows\system32\z9496not-a-virus6b5.bin
c:\windows\system32\z95b59r2973.cpl
c:\windows\system32\z9b6spywa5e899.exe
c:\windows\system32\zb79t5ief982.cpl
c:\windows\system32\zba9i51010.bin
c:\windows\system32\zd53t9ief855.cpl
c:\windows\system32\zf86spar5e2899.ocx

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 16:51 . 2009-06-19 16:51 -------- d-----w- c:\users\Aisha\AppData\Local\temp
2009-06-19 15:08 . 2009-06-17 01:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\programdata\Malwarebytes
2009-06-19 15:08 . 2009-06-17 01:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 04:06 . 2009-06-19 14:15 -------- d-----w- c:\program files\ezt
2009-06-15 11:50 . 2009-06-15 11:50 -------- d-----w- c:\program files\DivxFree
2009-06-08 12:44 . 2007-12-03 07:32 8536 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
2009-06-08 12:44 . 2007-12-05 07:11 10088 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll
2009-06-08 12:41 . 2008-10-17 05:52 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll
2009-06-08 12:41 . 2007-11-21 07:30 9096 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2009-06-08 12:41 . 2007-12-03 07:33 9048 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-05 01:42 . 2009-06-05 01:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 01:42 . 2009-06-05 01:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-02 00:34 . 2008-09-28 20:09 1290584 ----a-w- c:\programdata\Symantec\SyKnAppS\Freezer\NCO\SyKnAppS.dll
2009-06-01 07:01 . 2009-06-15 09:00 -------- d-----w- c:\users\Aisha\AppData\Local\Adobe
2009-06-01 05:01 . 2009-06-01 05:01 -------- d-----w- c:\users\Aisha\AppData\Local\Mozilla
2009-06-01 04:53 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 04:53 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 04:53 . 2009-06-01 04:53 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\program files\iTunes
2009-06-01 04:51 . 2009-06-01 04:51 -------- d-----w- c:\program files\Bonjour
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\users\Aisha\AppData\Local\Apple
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 04:45 . 2009-06-01 04:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 04:45 . 2009-06-18 04:10 -------- d-----w- c:\programdata\Apple
2009-06-01 04:22 . 2009-06-15 12:55 -------- d-----w- c:\users\Aisha\AppData\Local\Google
2009-06-01 04:21 . 2009-06-01 04:22 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 07:18 . 2008-09-06 02:39 -------- d-----w- c:\users\Aisha\AppData\Roaming\Apple Computer
2009-06-08 13:01 . 2007-11-22 10:05 -------- d-----w- c:\program files\Norton Internet Security
2009-06-08 13:01 . 2007-11-22 10:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 12:48 . 2007-11-22 10:04 -------- d-----w- c:\program files\Symantec
2009-06-08 12:48 . 2007-11-22 10:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-08 12:48 . 2007-11-22 10:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-08 12:48 . 2007-11-22 10:04 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-08 12:44 . 2007-11-22 10:04 -------- d-----w- c:\programdata\Symantec
2009-06-01 04:53 . 2008-09-06 02:30 -------- d-----w- c:\program files\iPod
2009-06-01 04:51 . 2008-09-06 02:38 -------- d-----w- c:\program files\QuickTime
2009-06-01 04:50 . 2008-09-06 02:32 -------- d-----w- c:\programdata\Apple Computer
2009-04-27 06:09 . 2008-05-09 01:18 -------- d-----w- c:\programdata\WildTangent
2009-04-27 05:33 . 2008-09-06 03:03 -------- d-----w- c:\users\Aisha\AppData\Roaming\CyberLink
2009-04-02 06:29 . 2009-04-02 06:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-19_15.45.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-05 06:17 . 2009-06-19 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-05 06:17 . 2009-06-19 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-05 06:17 . 2009-06-19 15:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-05 06:17 . 2009-06-19 16:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-05 06:17 . 2009-06-19 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-05 06:17 . 2009-06-19 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-22 10:20 . 2009-06-19 15:42 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-22 10:20 . 2009-06-19 15:50 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-22 10:23 . 2009-06-19 15:50 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-22 10:23 . 2009-06-19 14:41 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-22 10:20 . 2009-06-19 15:43 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-22 10:20 . 2009-06-19 15:50 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-06-19 15:28 . 2009-06-19 16:43 5898240 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-06-19 15:28 . 2009-06-19 15:35 5898240 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-01 68592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{699BBAB6-F545-414D-BE21-1EC36E99D783}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4007D3AD-515F-428F-A7E6-CE9FF5626974}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C0A1D6DF-B778-4BAF-BAF6-C0CC3EDCF218}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{43A1E5FF-18A3-49E9-BC6C-1FDEEFE1A756}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{24F40E89-B8D2-4E86-8560-E0A3ED8DACE3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4E3E10A4-46D1-4F1D-AD81-EFFE9E21FA21}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69BE310D-6329-4D4F-96D6-7CE87948B159}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3DEBD11E-E82E-4460-8995-1DD55E9E3092}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [22/11/2007 8:08 PM 180272]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/06/2009 10:41 PM 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [15/04/2006 4:07 AM 28933976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/11/2007 8:59 PM 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 1:31 PM 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aisha.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 00:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\6kwpor5p.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 02:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-19 2:53
ComboFix-quarantined-files.txt 2009-06-19 16:52
ComboFix2.txt 2009-06-19 15:46

Pre-Run: 30,688,677,888 bytes free
Post-Run: 30,687,084,544 bytes free

456

Okay, this looks fine now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

like clockwork,
thanks a bunch.
have a goodnight..or a good day.
i dont know, just have general goodness.
thanks again

and sorry, didnt mean to send you the private messages.