WinBlueSoft Malware Help

Status
Not open for further replies.
C

Corynx

Solid State Member
Messages
7
So I have this virus thing that's trying to sell me a product called WinBlueSoft. It won't let me do anythign and the computer auto-shuts off in 15 mins. Whenever I try opening something it cancels the process. I've tried downloading PCdoctor and malwarebytes but it cancels the process too. I've tried recovering but it won't work. It shuts off the pc before I can do it. Help. I'm running Vista Basic and on a laptop if that helps.
 
This is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:36 PM, on 6/1/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173496249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\LaunchDM.exe OS_STARTUP
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [85754508906137904831826390516623] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: blocker.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6825 bytes
 
Remove

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [85754508906137904831826390516623] C:\Program Files\Antivirus 2009\av2009.exe

O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe

O20 - AppInit_DLLs: blocker.dll

Then post a new log. See if you can download Malwarebytes and combofix, if you can, run combofix first them malwarebytes and post their logs with a new hijackthis log
 
My computer is running normally now. Here is the new log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:46 PM, on 6/1/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\aol\1173496249\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Philips\SA19XX\Philips Device Manager\bin\DeviceManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG8\avgfrw.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173496249\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PhilipsDM\SA1916] C:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\LaunchDM.exe OS_STARTUP
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7112 bytes
 
For Combofix:

ComboFix 09-05-31.06 - Bob 06/01/2009 14:25.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1526.1127 [GMT -6:00]
Running from: c:\users\Bob\Desktop\ComboFix2.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10686t59jz00.exe
c:\windows\107z2s9ambot78c5.dll
c:\windows\10966hacztool549.ocx
c:\windows\11200wor954z.bin
c:\windows\11495not-a-vir9z56b.exe
c:\windows\11910wormz295.exe
c:\windows\11z95spy9e3.exe
c:\windows\12037wo95z09.cpl
c:\windows\122z95roj294.dll
c:\windows\12404s9zm5ot173.ocx
c:\windows\124z7s9y7495.exe
c:\windows\12891not-a-vir5s7fez.cpl
c:\windows\12954spzmbo9100.exe
c:\windows\13165not-a-z9rus58e.dll
c:\windows\13792not-a-viru9550z.ocx
c:\windows\13976v5rus5z89.exe
c:\windows\13z465pamb9t132.bin
c:\windows\1414v9rus574z.cpl
c:\windows\14655spamboz795.dll
c:\windows\14699n5t-9-virzs1eb.cpl
c:\windows\14815nzt-a-9irus33e.exe
c:\windows\1488spzmb9t5d1.bin
c:\windows\1495zsp9505.cpl
c:\windows\15383t9zj3ba.ocx
c:\windows\1551zvi59s1af.ocx
c:\windows\15598spy559z.ocx
c:\windows\15824virus6z19.dll
c:\windows\1582spzrs522909.cpl
c:\windows\1592zwo592cd.cpl
c:\windows\15959teal110z.exe
c:\windows\15z795orm582.bin
c:\windows\15z90sp543a.dll
c:\windows\16195hacztoo9655.cpl
c:\windows\16418sp9mboz5e75.exe
c:\windows\1696stza51239.dll
c:\windows\176z4tr5j499.ocx
c:\windows\18291szy358.exe
c:\windows\1844d5wz9oader2547.dll
c:\windows\18475not-z-vir95231.cpl
c:\windows\18516tro968z.ocx
c:\windows\187add9ar531z6.ocx
c:\windows\18851trzj945.cpl
c:\windows\1954s5ywa9e340z.ocx
c:\windows\196425py9ze.bin
c:\windows\19882spz495.dll
c:\windows\19885wormz2d9.exe
c:\windows\1993spam5zt13f.bin
c:\windows\19espazse2995.cpl
c:\windows\1b1c9zr5647.ocx
c:\windows\1czc5hi9f1888.bin
c:\windows\1d59addware1z81.bin
c:\windows\1dbead5wzr9532.dll
c:\windows\1e29s9azse5064.ocx
c:\windows\1e87thr9at1z2955.ocx
c:\windows\1ez5backdo951746.bin
c:\windows\1fdzthie93576.ocx
c:\windows\1z4365py915.cpl
c:\windows\1z9asp59are633.exe
c:\windows\2008v5rzs3f9.dll
c:\windows\201fstealz995.exe
c:\windows\20344spa5boz719.dll
c:\windows\2049w59m3e4z.ocx
c:\windows\208509orm3f0z.bin
c:\windows\20991z5y2a9.ocx
c:\windows\211z65ot-a-virus79.exe
c:\windows\21317w5r955bz.bin
c:\windows\21508zr5976.dll
c:\windows\21729pz55.bin
c:\windows\21856szy109.cpl
c:\windows\21e9spywar51064z.ocx
c:\windows\21z44spy4c95.cpl
c:\windows\221athreat9z95.bin
c:\windows\23099ha5ktoolz59.dll
c:\windows\235z4troj539.ocx
c:\windows\24168z59m765.cpl
c:\windows\247185irus9fz.cpl
c:\windows\24zfst95l950.dll
c:\windows\250519or56z2.dll
c:\windows\250z5virus93f.bin
c:\windows\255129roz557.exe
c:\windows\25559hrea51575z.exe
c:\windows\25574spzm9ot7215.bin
c:\windows\25612tro95ez.cpl
c:\windows\2599stealz479.cpl
c:\windows\259virusz9d.dll
c:\windows\25c2downloz9er2575.bin
c:\windows\260zs5yware9978.bin
c:\windows\26327hz9ktool5155.dll
c:\windows\26596hacktzol5bf.dll
c:\windows\26715wo9z524.exe
c:\windows\267809ozm985.dll
c:\windows\26855szam9ot6b8.dll
c:\windows\26995hacktzol29e.dll
c:\windows\269ctzreat27956.dll
c:\windows\27015zor5947.bin
c:\windows\271379py590z.dll
c:\windows\272419ackzool4f5.dll
c:\windows\274zba9kdoor29505.cpl
c:\windows\28154w9rmc3z.dll
c:\windows\2818not-a-v5ru9778z.dll
c:\windows\28558tro579bz.ocx
c:\windows\28686nz5-9-virus290.bin
c:\windows\28982trz5695.dll
c:\windows\29257zot-a-v5rus2a9.dll
c:\windows\29436spam5ot4f9z.dll
c:\windows\2948spywa5ez206.cpl
c:\windows\29534trojz95.ocx
c:\windows\29584worm6z5.dll
c:\windows\2958worm7c8z.dll
c:\windows\296z7wormf5.bin
c:\windows\29915hacktoolz4.bin
c:\windows\29d1spazse1573.ocx
c:\windows\29zcs59rse1162.cpl
c:\windows\2ab2spywar52729z.dll
c:\windows\2d7fbackd5orz927.exe
c:\windows\2z0spambo5589.dll
c:\windows\2z231tr9j65.exe
c:\windows\2zd5ad9ware455.dll
c:\windows\2zddste9l355.cpl
c:\windows\30095wor540ez.cpl
c:\windows\30305zor93b8.exe
c:\windows\3043thr9zt28656.exe
c:\windows\30458n9t-5-vzrus5e.exe
c:\windows\308175ot-az9irus5a7.dll
c:\windows\3119z5eal877.bin
c:\windows\31586t9oj5d3z.cpl
c:\windows\317z5s9ambot57.dll
c:\windows\320585iru92z7.dll
c:\windows\3274zspam9o517f.dll
c:\windows\345dsteal3z9.bin
c:\windows\3467dowzload951426.ocx
c:\windows\3491spy5are1944z.cpl
c:\windows\34a5zr494.exe
c:\windows\3506thze922195.ocx
c:\windows\3527hackto5l49z.ocx
c:\windows\3535downloazer29779.bin
c:\windows\35529hackzool469.bin
c:\windows\35899orm468z.dll
c:\windows\359cdownzoader2669.ocx
c:\windows\35zcsteal190.cpl
c:\windows\36z5virus5bf9.bin
c:\windows\37zhackt5ol399.cpl
c:\windows\38e8v5r21z99.bin
c:\windows\39276viruszf5.ocx
c:\windows\3994z5r515.exe
c:\windows\3b09back9oor250z.dll
c:\windows\3b3espyware305z9.bin
c:\windows\3c28zpyw5re25849.dll
c:\windows\3f0bba9kdooz18855.exe
c:\windows\3z235worm59e.bin
c:\windows\3zf5steal2419.cpl
c:\windows\4001dowzloader2589.exe
c:\windows\402downzoa59r41.dll
c:\windows\40559pam5oz726.dll
c:\windows\405spa5se8z39.exe
c:\windows\41259t5alz477.exe
c:\windows\4195sparse26z5.cpl
c:\windows\4252v59us41z.ocx
c:\windows\4296za5ktool4d8.dll
c:\windows\436estzal5091.dll
c:\windows\4511w9rm655z.bin
c:\windows\459spywaze9695.dll
c:\windows\461d5tz9l1977.ocx
c:\windows\4659downloade9z818.exe
c:\windows\4697th9zf29825.ocx
c:\windows\48579irus8z.dll
c:\windows\491bthizf9945.cpl
c:\windows\495fspywaze23065.bin
c:\windows\49fzspa5se2942.ocx
c:\windows\4a7ba9dw5rz3110.dll
c:\windows\4c05ad9waz52659.cpl
c:\windows\4c39ste95168z.cpl
c:\windows\4dbspywa5ez689.dll
c:\windows\4ef7dzwnload5r31189.dll
c:\windows\4f49s5arsez255.exe
c:\windows\4z5cs9eal5756.ocx
c:\windows\4z75sp9ware885.exe
c:\windows\502abzckdoor9985.ocx
c:\windows\50371wor9293z.cpl
c:\windows\503cthr5at1z394.dll
c:\windows\512backdoorz945.exe
c:\windows\5154b9ckdooz2265.bin
c:\windows\517zteal9228.cpl
c:\windows\5181troj499z.dll
c:\windows\5194zdd5are995.ocx
c:\windows\51c2tz9ef1725.bin
c:\windows\52c4addwarz198.bin
c:\windows\52z9threat15638.ocx
c:\windows\53265zy39c.dll
c:\windows\5356b59kdoor12z7.bin
c:\windows\5385spy1dz9.ocx
c:\windows\53f1bac59oor144z.cpl
c:\windows\53zsp5rs92170.ocx
c:\windows\54479w9rz542.dll
c:\windows\54798hzcktool2ee9.exe
c:\windows\54baddware1z429.cpl
c:\windows\54z1downloade9456.exe
c:\windows\5517tzoj729.ocx
c:\windows\553espywar59158z.exe
c:\windows\556789pz5d8.ocx
c:\windows\55759hie540z.ocx
c:\windows\55z97spyec.dll
c:\windows\55zesteal95615.bin
c:\windows\5633th5e9132z.ocx
c:\windows\5744zp5m9ot2a1.cpl
c:\windows\575c9irz94.dll
c:\windows\57ccad5wzre11799.cpl
c:\windows\590ddownloader256z.ocx
c:\windows\593ctzreat51795.exe
c:\windows\595cs5eal85z.cpl
c:\windows\59729ormz3e5.bin
c:\windows\59e8virz1.ocx
c:\windows\59zathreat50441.exe
c:\windows\59zdbackd5o9739.exe
c:\windows\5a90adzw5re3923.bin
c:\windows\5ab7zteal25869.exe
c:\windows\5baaspa95e70z.ocx
c:\windows\5c12s9eal1659z.ocx
c:\windows\5c30bazkdoo95608.cpl
c:\windows\5c5bszea92966.ocx
c:\windows\5d0fvirz559.exe
c:\windows\5d47b9czd5or1862.ocx
c:\windows\5e3downloaz9r158.cpl
c:\windows\5f1zthrea97561.dll
c:\windows\5fzdthief2599.exe
c:\windows\5z0cthre9t288555.dll
c:\windows\5zeca9d5are2195.dll
c:\windows\60849ddwzre31735.ocx
c:\windows\60eaaddwa5e3906z.ocx
c:\windows\6171za9kdo5r160.cpl
c:\windows\61c9sp5rse1802z.cpl
c:\windows\62479iruz365.exe
c:\windows\6271add5arz15259.dll
c:\windows\62z99a5ktool10c.bin
c:\windows\649e59ckdooz536.cpl
c:\windows\6543sz5mbo9535.cpl
c:\windows\6551spzm9ot41c5.ocx
c:\windows\65f5v9z870.bin
c:\windows\65f6spars59526z.ocx
c:\windows\6631s5ambot3z89.dll
c:\windows\665zb5ck9oor2740.cpl
c:\windows\66e4b95kdozr232.exe
c:\windows\6707back5oor3z499.dll
c:\windows\6941sza5bot15f9.dll
c:\windows\69badownloadez1051.bin
c:\windows\69bzspy5are1697.dll
c:\windows\69f5ddwarz1878.dll
c:\windows\6a09vir513z.bin
c:\windows\6a9aaddwzre5445.exe
c:\windows\6c48s9eal59z9.exe
c:\windows\6c795pyware1054z.bin
c:\windows\6dccs5arsz3093.cpl
c:\windows\6f94zhi95778.exe
c:\windows\7035szamb9545b.bin
c:\windows\709edoznload5r995.exe
c:\windows\7195virus7z9.exe
c:\windows\73035pambotzb9.bin
c:\windows\7460d5wnlozder941.exe
c:\windows\74b6vir56z39.bin
c:\windows\7514zpa5se950.cpl
c:\windows\751bs9yzare12905.bin
c:\windows\751downzoa5er17229.ocx
c:\windows\7549spywa9e2072z.ocx
c:\windows\765dsparse2965z.cpl
c:\windows\7891worm750z.exe
c:\windows\7951spyware2881z.cpl
c:\windows\795avzr2953.dll
c:\windows\79a9s5arsz9780.cpl
c:\windows\79b1th5ef8z6.bin
c:\windows\7aa5dwaze9494.exe
c:\windows\7b49spywz5e23099.ocx
c:\windows\7be9zief9825.exe
c:\windows\7ddspar5z11309.ocx
c:\windows\7e51spazse2479.cpl
c:\windows\7fa0thr5a9247z1.ocx
c:\windows\8251sp917z.cpl
c:\windows\8609not-azvirus552.exe
c:\windows\8680not-a-z9rus542.dll
c:\windows\870z5o9m4ec.ocx
c:\windows\9052thiez526.dll
c:\windows\9146hzc5tool4969.dll
c:\windows\918es5arsz983.bin
c:\windows\91933zpam5ot531.ocx
c:\windows\91e5zhief25.bin
c:\windows\93115v5rus6az.bin
c:\windows\93c85ownloazer107.dll
c:\windows\940535acktooze7.exe
c:\windows\942z5parse3261.bin
c:\windows\9471spazse1225.bin
c:\windows\94z6viru97a85.ocx
c:\windows\9506not-a95zrus11d.dll
c:\windows\9509vizus565.ocx
c:\windows\95399r5j154z.bin
c:\windows\95935wormz5d.cpl
c:\windows\95zethief3522.dll
c:\windows\96346spambot61z5.ocx
c:\windows\9650spambot5faz.dll
c:\windows\96aespyzare1573.bin
c:\windows\96ds5e9l1z28.cpl
c:\windows\97565ot-a9vizus25a.cpl
c:\windows\9758back5oorz098.cpl
c:\windows\978spy550z.dll
c:\windows\97d8backdoor2z245.dll
c:\windows\98577hacktozlb7.cpl
c:\windows\98845spambozfd.cpl
c:\windows\990t5oj3cez.bin
c:\windows\997cthrezt12415.cpl
c:\windows\99887not-a-vzru5581.bin
c:\windows\99bzvir2599.dll
c:\windows\9b75thiefz5645.dll
c:\windows\9c34bzckdoor13035.cpl
c:\windows\9c4ethi5f3z92.dll
c:\windows\9eb7downloa5er14z3.dll
c:\windows\9fd3spz5se1565.ocx
c:\windows\9z605ir2694.cpl
c:\windows\9z64h5ckto9l6b6.cpl
c:\windows\9z75virus33c9.ocx
c:\windows\9zb1sparse27575.exe
c:\windows\9zbev5r431.ocx
c:\windows\b54spyw9rz1397.bin
c:\windows\c3azteal55509.dll
c:\windows\c89sparze2655.cpl
c:\windows\c95sparse196z5.exe
c:\windows\c98spyw9re3256z.dll
c:\windows\d99t5reat8z.dll
c:\windows\d9fad5ware29z5.cpl
c:\windows\df8t9iz52442.exe
c:\windows\e6est9az2754.ocx
c:\windows\ebaad5ware29z6.exe
c:\windows\fd7b59kzoor515.exe
c:\windows\system32\102865i9zs6b6.bin
c:\windows\system32\109csteal19z05.bin
c:\windows\system32\10c9spyzare5544.exe
c:\windows\system32\1107s5zmbot9d9.exe
c:\windows\system32\11489hzc95ool2a5.exe
c:\windows\system32\11726szy959.dll
c:\windows\system32\1176zspambot5f9.bin
c:\windows\system32\117935ot-a-vzrus533.dll
c:\windows\system32\11azsp5rse32429.dll
c:\windows\system32\11vir9526z.bin
c:\windows\system32\125199zy28d.cpl
c:\windows\system32\12770not9a-vzr5s578.cpl
c:\windows\system32\12776s5amb9tz72.bin
c:\windows\system32\12989spzmb5t695.bin
c:\windows\system32\13500worz169.ocx
c:\windows\system32\1398vi5uz95.exe
c:\windows\system32\14851ha9ktool65z.exe
c:\windows\system32\148z9virus759.exe
c:\windows\system32\15136hacktool4z9.ocx
c:\windows\system32\1519zparse1857.ocx
c:\windows\system32\1520sz5al692.ocx
c:\windows\system32\1525doz9loader2857.exe
c:\windows\system32\1529ztroj2d3.bin
c:\windows\system32\15443zi9us55b.dll
c:\windows\system32\155779rojz88.cpl
c:\windows\system32\15759hreat0z.exe
c:\windows\system32\159639py5z9.ocx
c:\windows\system32\15z56tro9119.ocx
c:\windows\system32\16188not-a-vi5us96z.ocx
c:\windows\system32\16865h5c9tooz29f.ocx
c:\windows\system32\17559zief1095.dll
c:\windows\system32\1792zsp5mb9t198.exe
c:\windows\system32\1799zworm4be5.exe
c:\windows\system32\179h5zktool110.dll
c:\windows\system32\17f9thie916z15.dll
c:\windows\system32\18102sp5m9otd2z.bin
c:\windows\system32\1822vi9z599.ocx
c:\windows\system32\18373tr591zb.bin
c:\windows\system32\1842doz95oader910.exe
c:\windows\system32\1853steal9z995.cpl
c:\windows\system32\18575not5a-v9rus1z0.ocx
c:\windows\system32\1865vi9195z.dll
c:\windows\system32\189spywa9526z8.cpl
c:\windows\system32\1901ha5kto9l6za.dll
c:\windows\system32\1918zhacktoo516c.ocx
c:\windows\system32\19207spambo5z83.exe
c:\windows\system32\19290not5a-vi9zs29b.ocx
c:\windows\system32\193z5hackt5ol996.ocx
c:\windows\system32\19649dzwa5e1501.cpl
c:\windows\system32\19954noz-a-vi9us62b.ocx
c:\windows\system32\19c9zi5278.ocx
c:\windows\system32\19cespyza5e1298.dll
c:\windows\system32\19cfsp9ware525z.cpl
c:\windows\system32\1a1a5d9are1703z.dll

Cont. In next post.
 
Combofix cont.

c:\windows\system32\1a56spazse9851.dll
c:\windows\system32\1babvi9z5385.ocx
c:\windows\system32\1ca3ad5warez2449.dll
c:\windows\system32\1cz9steal1495.cpl
c:\windows\system32\1d9dad9w5ze105.bin
c:\windows\system32\1e5eaddzare391.ocx
c:\windows\system32\1eb1zh9e53074.bin
c:\windows\system32\1z001hac9too576c.cpl
c:\windows\system32\1z1655pambot5b39.cpl
c:\windows\system32\1z55steal9697.cpl
c:\windows\system32\1z655spambot9b.cpl
c:\windows\system32\1z814n5t-a-9irus436.bin
c:\windows\system32\1z8845iru96bc.exe
c:\windows\system32\1zae59reat19814.ocx
c:\windows\system32\2020thr9a5244z3.cpl
c:\windows\system32\20586not-a-vi9zs5f.bin
c:\windows\system32\20609not-a-vzrusb5.ocx
c:\windows\system32\209bzpywa5e377.bin
c:\windows\system32\215495pambzt29d.bin
c:\windows\system32\21653not-a-5i9usc0z.cpl
c:\windows\system32\22035worm489z.bin
c:\windows\system32\2232zno5-a-vir9s4fd.dll
c:\windows\system32\2249bac5door2z69.exe
c:\windows\system32\224z25py9d9.dll
c:\windows\system32\22zfba5kdoor69.dll
c:\windows\system32\23045not-a-9i5us75z.cpl
c:\windows\system32\23294wozm15b.cpl
c:\windows\system32\23507s9y7z9.exe
c:\windows\system32\23891spa9bot615z.dll
c:\windows\system32\239z0s5y9a.dll
c:\windows\system32\23e5spyw9re2z28.exe
c:\windows\system32\23e5steal12z95.exe
c:\windows\system32\23z93s9y527.cpl
c:\windows\system32\241439acktoo526z.bin
c:\windows\system32\2439threat259z.exe
c:\windows\system32\24494wozm50a5.exe
c:\windows\system32\246zd9wnl5ader1729.dll
c:\windows\system32\2488downlo9der35z1.ocx
c:\windows\system32\25065ownloaze9504.dll
c:\windows\system32\25402spz1495.dll
c:\windows\system32\25444virus35z9.cpl
c:\windows\system32\255955roj28z.ocx
c:\windows\system32\25897zpyde.bin
c:\windows\system32\25904s5yz69.bin
c:\windows\system32\259e5zarse903.ocx
c:\windows\system32\25b59hief3255z.bin
c:\windows\system32\25e59ownloader113z.dll
c:\windows\system32\25z06tro93a.cpl
c:\windows\system32\25z5vir1559.exe
c:\windows\system32\2640z5p944d.dll
c:\windows\system32\2692spyware5z50.cpl
c:\windows\system32\26d0thie5179z.exe
c:\windows\system32\2755not-a-vi5us3z99.exe
c:\windows\system32\288fbackdooz9159.exe
c:\windows\system32\28zeste9l1345.cpl
c:\windows\system32\291zspa5se1349.ocx
c:\windows\system32\29275z9y614.bin
c:\windows\system32\29391virus2zb5.dll
c:\windows\system32\299eazdware2550.bin
c:\windows\system32\29ethre5t2z934.bin
c:\windows\system32\2aa6sparsz24295.dll
c:\windows\system32\2b96steaz2495.bin
c:\windows\system32\2c19sparsez35.dll
c:\windows\system32\2ca4steal9z51.exe
c:\windows\system32\2dz8sp5ware1489.ocx
c:\windows\system32\2e11sp5ware1095z.ocx
c:\windows\system32\2fd8spyw9ze1495.exe
c:\windows\system32\2z13vir53299.cpl
c:\windows\system32\2z293spa9bo5704.exe
c:\windows\system32\2z557not-a-9irus7f2.bin
c:\windows\system32\2z978virus6b05.exe
c:\windows\system32\301305azktool9e9.cpl
c:\windows\system32\30329hac9t5ol69z.dll
c:\windows\system32\305559irzs4b5.ocx
c:\windows\system32\30639ot-a-vir5s69z.cpl
c:\windows\system32\3065zvirus995.exe
c:\windows\system32\30993v5rus28z.cpl
c:\windows\system32\31502ha5ktooz49f.bin
c:\windows\system32\32261hazkto9l550.ocx
c:\windows\system32\329z85irus111.exe
c:\windows\system32\33c9a9dwzre2885.cpl
c:\windows\system32\3452hacktozl95a.cpl
c:\windows\system32\3533h95ztool16e.dll
c:\windows\system32\3591stzal592.bin
c:\windows\system32\35d2b9ckdoor2546z.bin
c:\windows\system32\35fezt9al2755.ocx
c:\windows\system32\35z6s5y60e9.ocx
c:\windows\system32\363dthief5z769.dll
c:\windows\system32\37d4tz9e5t31291.bin
c:\windows\system32\39253tzo53c3.exe
c:\windows\system32\39469hazkt5ol766.cpl
c:\windows\system32\395zvir738.dll
c:\windows\system32\3986st5az3035.exe
c:\windows\system32\39f6downlo9zer17525.dll
c:\windows\system32\3b3cb9ckzoor525.cpl
c:\windows\system32\3d20sparse25z79.exe
c:\windows\system32\3e95spazse2674.ocx
c:\windows\system32\3f97vir9z50.cpl
c:\windows\system32\3z65vir1699.bin
c:\windows\system32\40b5t9zeat31228.cpl
c:\windows\system32\41955h9ef91z.bin
c:\windows\system32\421ath9e5643z.exe
c:\windows\system32\4235t9o51z5.exe
c:\windows\system32\4271s954z9.exe
c:\windows\system32\43c7thzea958905.exe
c:\windows\system32\4405n9t-a-viruszbf5.cpl
c:\windows\system32\454fvi94z3.cpl
c:\windows\system32\457at5re9t2911z.exe
c:\windows\system32\4584stz592235.bin
c:\windows\system32\45b59ddwaze17185.dll
c:\windows\system32\45b8bzckdoor951.ocx
c:\windows\system32\45z5threat926965.cpl
c:\windows\system32\4649virzse5.bin
c:\windows\system32\4657steal9z7.ocx
c:\windows\system32\46a8s9ywarez645.dll
c:\windows\system32\46b25ir9503z.ocx
c:\windows\system32\471a5tealz945.bin
c:\windows\system32\479fvi510z1.ocx
c:\windows\system32\488zspyw9re5844.bin
c:\windows\system32\490fzteal3578.cpl
c:\windows\system32\4994st5al1z19.cpl
c:\windows\system32\4999szam5ot1f6.bin
c:\windows\system32\4999th5e9tz3467.ocx
c:\windows\system32\4a0759wnlozder211.cpl
c:\windows\system32\4a64zir5797.exe
c:\windows\system32\4ad1d9w5loazer2783.exe
c:\windows\system32\4aed9wnloazer5165.exe
c:\windows\system32\4d1spzw95e2663.exe
c:\windows\system32\4z52virus7e9.exe
c:\windows\system32\4z79sparse28569.bin
c:\windows\system32\5076dowzloader19915.cpl
c:\windows\system32\51225o9m265z.ocx
c:\windows\system32\51spyw9rez000.ocx
c:\windows\system32\51zethi9f1512.ocx
c:\windows\system32\5259iruz693.bin
c:\windows\system32\526fsp9rse201z.ocx
c:\windows\system32\52z35spy339.cpl
c:\windows\system32\530zt59j179.ocx
c:\windows\system32\5350vz91526.exe
c:\windows\system32\5370h5cktzol690.ocx
c:\windows\system32\5454ziru9405.bin
c:\windows\system32\5455baczdoo595.cpl
c:\windows\system32\54a59ddzare1292.ocx
c:\windows\system32\5501thizf1099.cpl
c:\windows\system32\551z9spy493.bin
c:\windows\system32\554et9reaz5963.dll
c:\windows\system32\55705trojzc39.bin
c:\windows\system32\5595azdwa9e1021.ocx
c:\windows\system32\559fvir12z5.ocx
c:\windows\system32\55z0threat29249.cpl
c:\windows\system32\55z7sp9w5re907.exe
c:\windows\system32\5708spywaze965.bin
c:\windows\system32\5729spywarez909.dll
c:\windows\system32\57570hackto9l5z3.exe
c:\windows\system32\5769th5ef140z.ocx
c:\windows\system32\5789hac9tool56bz.cpl
c:\windows\system32\5791stezl1251.cpl
c:\windows\system32\57z19ir3260.dll
c:\windows\system32\583bd9wnlozder19545.ocx
c:\windows\system32\585s9yware11z9.ocx
c:\windows\system32\58659t9zj75b.cpl
c:\windows\system32\5868noz-a-viru9538.cpl
c:\windows\system32\5897ste5l3251z.cpl
c:\windows\system32\58bbsp9rse2247z.ocx
c:\windows\system32\58c4sparz91970.bin
c:\windows\system32\5940steaz1954.ocx
c:\windows\system32\594worz799.exe
c:\windows\system32\5957thief2z50.ocx
c:\windows\system32\5968zir7895.exe
c:\windows\system32\59aeaddware1572z.exe
c:\windows\system32\59z9vir2110.exe
c:\windows\system32\5a5bthi9z5844.cpl
c:\windows\system32\5adzs9ywa5e1313.dll
c:\windows\system32\5b1fthief9638z.exe
c:\windows\system32\5bbsparsez790.dll
c:\windows\system32\5be9stea915z4.cpl
c:\windows\system32\5d9zthief999.exe
c:\windows\system32\5de5a9dzare1380.dll
c:\windows\system32\5e829ownloa5erz018.exe
c:\windows\system32\5eazow9loader3557.dll
c:\windows\system32\5ef9spazse2746.cpl
c:\windows\system32\5f9fs5yw9re26z4.bin
c:\windows\system32\5fathizf2796.bin
c:\windows\system32\5z99virus5c5.exe
c:\windows\system32\60z5vi9us150.cpl
c:\windows\system32\618d9ownlo5der2z29.exe
c:\windows\system32\6199s5arze960.dll
c:\windows\system32\61bdaddwzre5901.ocx
c:\windows\system32\62zdspy9are1365.ocx
c:\windows\system32\6335v9rz152.exe
c:\windows\system32\63z9d9wnload5r1720.cpl
c:\windows\system32\64zbstea95176.ocx
c:\windows\system32\6535downloazer2949.bin
c:\windows\system32\65a9zir1098.cpl
c:\windows\system32\65z89ir18815.cpl
c:\windows\system32\65zste9l1690.bin
c:\windows\system32\6680bazkdo95402.bin
c:\windows\system32\6857addw9re516z.bin
c:\windows\system32\6863z5y6a9.exe
c:\windows\system32\68d2dow5lzader95.bin
c:\windows\system32\6900hacz9ool385.cpl
c:\windows\system32\693thr5at3013z.dll
c:\windows\system32\695cspy9arz1187.dll
c:\windows\system32\69f3addware1855z.exe
c:\windows\system32\69z45pa9se2246.bin
c:\windows\system32\6a59thr5at19517z.dll
c:\windows\system32\6b39szeal5727.dll
c:\windows\system32\6b4z9ownl5ader2650.exe
c:\windows\system32\6d1downlzader659.exe
c:\windows\system32\6d25z5r14559.cpl
c:\windows\system32\6d5b9hrezt3213.dll
c:\windows\system32\6e95threaz3986.exe
c:\windows\system32\6ea5zp9rse231.exe
c:\windows\system32\6f0f9hreat269z95.bin
c:\windows\system32\6f59sparz51339.exe
c:\windows\system32\709azparse54419.dll
c:\windows\system32\70bas9ezl5452.bin
c:\windows\system32\7150ad9warez090.cpl
c:\windows\system32\715edownl9ader78z.cpl
c:\windows\system32\71d9vir145z.exe
c:\windows\system32\7215zh9ef2756.dll
c:\windows\system32\722bthie59z0.exe
c:\windows\system32\7285backdo9rz82.dll
c:\windows\system32\7285s9ywa5e2048z.bin
c:\windows\system32\72c2spar95z078.dll
c:\windows\system32\72czt5ief1292.cpl
c:\windows\system32\7307spyzar927795.cpl
c:\windows\system32\735ctzreat19193.bin
c:\windows\system32\7461s5e9lz51.ocx
c:\windows\system32\7519ownloadez8165.exe
c:\windows\system32\7563no5-a-vzru93ef.dll
c:\windows\system32\7582ba9kdoor59z.ocx
c:\windows\system32\759downl9azer61.dll
c:\windows\system32\75e1spa9sz1333.dll
c:\windows\system32\75zds9arse2351.exe
c:\windows\system32\76z3spa5se897.bin
c:\windows\system32\7718spam9zt580.ocx
c:\windows\system32\7781troj95z.bin
c:\windows\system32\7795sparse31z5.bin
c:\windows\system32\78notza5vi9us53b.cpl
c:\windows\system32\7929sparze450.cpl
c:\windows\system32\7995hazktool6a4.ocx

Next post will conclude.
 
End of Conbofix log:

c:\windows\system32\799backdo5z342.bin
c:\windows\system32\79b1v9r5698z.dll
c:\windows\system32\79cddo5zloader1288.cpl
c:\windows\system32\79f05dd9are6z.ocx
c:\windows\system32\79z95orm709.dll
c:\windows\system32\7b57s9eal81z.dll
c:\windows\system32\7bdv5r1954z.cpl
c:\windows\system32\7c30add5zre9094.ocx
c:\windows\system32\7d9aaddwzr5658.ocx
c:\windows\system32\7d9daddwarz5908.dll
c:\windows\system32\7z449i52666.cpl
c:\windows\system32\7zfcadd9are13245.cpl
c:\windows\system32\85479ro55zf.dll
c:\windows\system32\8559virus5fz9.ocx
c:\windows\system32\8598s9y59z.bin
c:\windows\system32\89vizus115.cpl
c:\windows\system32\8cv59z22.exe
c:\windows\system32\9003s9zmb5t7c2.exe
c:\windows\system32\9025haczt9ol621.exe
c:\windows\system32\90392not-a-vir5s3z5.cpl
c:\windows\system32\9059szy5d7.dll
c:\windows\system32\9080hackto5l983z.cpl
c:\windows\system32\90z8sp5rse2371.bin
c:\windows\system32\9156zworm3575.dll
c:\windows\system32\93779spz5b2.bin
c:\windows\system32\94419v5rus507z.bin
c:\windows\system32\946z1spam5ot778.ocx
c:\windows\system32\94b9downlo5der1z63.cpl
c:\windows\system32\94zcvi51560.cpl
c:\windows\system32\952wor96z5.cpl
c:\windows\system32\9548szy395.bin
c:\windows\system32\956zspy695.ocx
c:\windows\system32\958dowzloa5er2264.dll
c:\windows\system32\95zbaddware3155.exe
c:\windows\system32\9642zha5ktool468.ocx
c:\windows\system32\9672szea52502.cpl
c:\windows\system32\9685worm9dz.exe
c:\windows\system32\968zhackt5ol2f3.exe
c:\windows\system32\97012z5rus32e.bin
c:\windows\system32\97bb5hiez2614.dll
c:\windows\system32\9836v5z2360.cpl
c:\windows\system32\983b5pzrse2028.bin
c:\windows\system32\98zfdown5oader763.dll
c:\windows\system32\99178v5rus9z.exe
c:\windows\system32\994785py3z.exe
c:\windows\system32\99557wozm376.ocx
c:\windows\system32\99954sza5bot28a.dll
c:\windows\system32\99bbackdozr5434.ocx
c:\windows\system32\9bc8sp5rze2951.ocx
c:\windows\system32\9c39a5dware12z6.dll
c:\windows\system32\9d8esp5rse2z77.dll
c:\windows\system32\9dz95ddware1223.dll
c:\windows\system32\9e0spzrse2995.cpl
c:\windows\system32\9e8abzckdoo52767.cpl
c:\windows\system32\9e92down5ozder1024.bin
c:\windows\system32\9fzstea52344.bin
c:\windows\system32\9z33vi51059.cpl
c:\windows\system32\a565iz995.dll
c:\windows\system32\a72stezl3985.cpl
c:\windows\system32\d3zs95al990.ocx
c:\windows\system32\dz0t5ief5909.exe
c:\windows\system32\ecbbackdzo91315.cpl
c:\windows\system32\setup2.exe
c:\windows\system32\x64
c:\windows\system32\z011st9a52865.exe
c:\windows\system32\z0344not-a-vi9us575.bin
c:\windows\system32\z1169orm520.bin
c:\windows\system32\z132viru9534.dll
c:\windows\system32\z1thief959.exe
c:\windows\system32\z2f95pyware1714.cpl
c:\windows\system32\z32539acktool2615.exe
c:\windows\system32\z353tro926a.exe
c:\windows\system32\z3790troj245.cpl
c:\windows\system32\z39945roja8.exe
c:\windows\system32\z4919spamb5t125.exe
c:\windows\system32\z53sparse1959.bin
c:\windows\system32\z596vir1055.bin
c:\windows\system32\z598v5rus6cf9.bin
c:\windows\system32\z655thief938.cpl
c:\windows\system32\z6ffth9ef2955.ocx
c:\windows\system32\z705ste592174.cpl
c:\windows\system32\z742t5oj905.cpl
c:\windows\system32\z7b8th9ef5255.dll
c:\windows\system32\z9049wo5m597.exe
c:\windows\system32\z913steal150.ocx
c:\windows\system32\z9209s5y5d6.exe
c:\windows\system32\z9502sp9404.dll
c:\windows\system32\z9a3addw9re6305.ocx
c:\windows\system32\z9b1th5ef679.exe
c:\windows\system32\z9d9th5ef438.exe
c:\windows\system32\zb129hief5159.cpl
c:\windows\system32\zc90s9arse550.cpl
c:\windows\system32\zd3ad5wa9e324.ocx
c:\windows\system32\zdedownloader19665.cpl
c:\windows\system32\ze87ba9k5oor543.cpl
c:\windows\z0139not-a-v5r9s4d7.bin
c:\windows\z0825pyware1983.cpl
c:\windows\z1029ir525.bin
c:\windows\z309t9ief1581.cpl
c:\windows\z42895irus91.exe
c:\windows\z49735roj63f.bin
c:\windows\z5105vir9s3b2.exe
c:\windows\z59cvir2449.ocx
c:\windows\z6416v95us396.ocx
c:\windows\z692vi52437.dll
c:\windows\z695t9ief932.cpl
c:\windows\z6b6backd5or22209.ocx
c:\windows\z76065or910.cpl
c:\windows\z77155o9-a-virus4cf.exe
c:\windows\z811s9eal11625.bin
c:\windows\z8953virus54c.dll
c:\windows\z9389spy4e45.dll
c:\windows\z97v5r9397.exe
c:\windows\z9935py129.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-09-14 11:50 . 2009-09-14 11:50 5585 ----a-w- c:\windows\system32\z9219not-a-vir5s1.exe
2009-06-01 20:30 . 2009-06-01 20:32 -------- d-----w- c:\users\Bob\AppData\Local\temp
2009-06-01 19:38 . 2009-06-01 19:38 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-01 19:38 . 2009-06-01 19:38 -------- d-----w- c:\windows\Sun
2009-06-01 19:18 . 2009-06-01 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 19:17 . 2009-06-01 19:17 -------- d-----w- c:\program files\Trend Micro
2009-06-01 19:15 . 2009-06-01 19:15 812344 ----a-w- c:\users\Bob\HJTInstall.exe
2009-06-01 19:13 . 2009-06-01 19:13 3371384 ----a-w- c:\users\Bob\mbam-setup.exe
2009-05-29 00:37 . 2009-05-29 00:37 102400 ----a-w- c:\windows\system32\blocker.dll
2009-05-29 00:37 . 2009-05-29 00:37 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-10 21:21 . 2009-02-13 07:26 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-10 21:21 . 2009-03-17 03:16 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-05-10 21:21 . 2009-03-17 03:16 25600 ----a-w- c:\windows\system32\amxread.dll
2009-05-10 21:21 . 2009-02-13 07:26 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-10 21:21 . 2009-02-13 07:26 7680 ----a-w- c:\windows\system32\lsass.exe
2009-05-10 21:17 . 2008-12-08 04:34 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-10 21:17 . 2008-06-05 04:50 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-10 21:17 . 2008-06-05 04:50 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-10 19:34 . 2009-05-10 19:34 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2009-05-10 19:34 . 2009-05-26 19:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-10 19:34 . 2009-05-26 19:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 19:34 . 2009-06-01 19:18 -------- d-----w- c:\programdata\Malwarebytes
2009-05-10 16:39 . 2009-05-10 16:39 410984 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 19:38 . 2008-07-01 12:34 34 ----a-w- c:\users\Bob\jagex_runescape_preferences.dat
2009-05-29 18:22 . 2008-09-15 04:05 -------- d-----w- c:\program files\ETS
2009-05-27 22:30 . 2008-05-03 16:51 680 ----a-w- c:\users\Bob\AppData\Local\d3d9caps.dat
2009-05-14 16:19 . 2006-12-07 04:19 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 16:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-10 16:39 . 2006-12-07 05:11 -------- d-----w- c:\program files\Java
2009-03-06 23:12 . 2008-01-20 21:16 21256 ----a-w- c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-05 18:29 . 2009-03-15 20:11 16648 ----a-w- c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"HostManager"="c:\program files\Common Files\AOL\1173496249\ee\AOLSoftware.exe" [2006-09-26 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"PhilipsDM\SA1916"="c:\program files\Philips\SA19XX\Philips Device Manager\Bin\LaunchDM.exe" [2008-05-11 47616]

c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2006-12-6 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{256891CE-EE40-4441-BA1E-338BBB9D220F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{09D76F07-AC1B-4F74-81F4-B32273F8C7EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73C03DAB-6E81-4F42-A139-B7B0FF4048E2}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{019418B7-AC27-4020-9812-B5C66470F9A3}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{256FE21D-658F-495D-86A2-61C9DCA31BE0}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{CD4D3643-9877-475F-9A67-9E967276DFD0}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{099B0517-F5E2-4FB2-98F1-E5D3057A57D8}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{22802DC8-0868-4F81-B7FC-BA68324CC441}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{C14CDE25-916F-4CB1-9080-7B1001087F08}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F7B363F6-149F-4EA5-B91C-428DDD0018DB}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{9383379B-CBA0-48A4-A5F3-F3119E944ECA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6AAC141D-F94F-492E-BBC2-942961D2434D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1A73AB93-3408-4940-8852-872EAE32DFC7}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7644926C-2090-4862-ABA4-96C0E5BD8391}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E599FB17-81FA-4ED1-AAF3-AE4A4D610438}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6709371A-B982-4918-9812-855AF139A004}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96FB740D-36FF-49B2-95AE-70F9E2D2E037}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{9BD14177-5544-4D4A-A449-15C387640D31}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{7C4160AF-8F42-4FB4-93C9-30DF04623D4C}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{6994EE07-1D96-459D-A24F-7186820CB9FA}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{2E666DF3-7EBA-42B8-8949-65E601DCAEBD}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{866BB341-CA7C-40E7-9BD8-552F6F66ADA5}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{7FAE853A-9BAA-46BC-8169-8B97362149F2}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{44C048CA-47E2-4719-8901-3186694EC9DF}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{CA4DC5B9-A63E-4DA9-918E-7F05ADD726AE}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B85397FC-4695-402E-9102-5DBC803B24A6}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{BFF1E16F-A55A-422F-BFEF-EEC4578B0C5D}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5390D733-7301-42AA-BB4E-F6F401893BBF}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{321D83AF-32FF-4E04-A484-CB530772718A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1CD435FE-DECA-42B6-8634-2F8EE877CB0E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B9E644D2-B255-44AC-BD3C-F3C3D2321C3D}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{A9424B44-D56F-49C0-9B67-237AD07CDF5B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2007-10-15 c:\windows\Tasks\HPCeeScheduleForBob.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-12-07 00:08]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-01 14:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2056)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Philips\SA19xx\Philips Device Manager\bin\DeviceManager.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-06-01 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 20:35

Pre-Run: 54,377,254,912 bytes free
Post-Run: 52,903,682,048 bytes free

926 --- E O F --- 2009-05-31 23:42
 
Status
Not open for further replies.

Similar threads

A
HELP!
Replies
0
Views
282
arncap
A
P
ComboFix Replacement
Replies
5
Views
519
PC_Cone
P
B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
445
Joe C
Joe C
R
gigabyte GA-H170M-D3H boot loop power issues , and no display
Replies
5
Views
1K
ripo66
R
H
My battle with WPSpamAIBot1gpt
Replies
3
Views
777
hamsheena
H
Back
Top Bottom