winbluesoft hijack this logfile given..pls help

View previous topic View next topic Go down

winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 4:34 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:27 PM, on 6/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [googletalk] C:\Users\Adithya\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Adithya\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14932 bytes

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 4:53 am

hi guys
sorry for the lack of txt. after the logfile. in the prev message
i tried malwarebytes quick scan once and it did detect some errors that it fixed ..but the same problem reappeared upon restart in normal mode..growing desperate now bcoz i have important thesis material on my laptop!!
would be grateful for any assistance in this late hour!

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by Belahzur on Tue Jun 02, 2009 9:10 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 11:34 pm

Hi Belazur
Thanks a lot for that!!! Heres the log file.hope we can squash this problem soon~!

ComboFix 09-06-01.03 - Adithya 06/02/2009 18:18.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1468 [GMT -5:00]
Running from: c:\users\Adithya\Contacts\Combo-Fix.exe
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10064zpy529.ocx
c:\windows\10308hazktoo559d.bin
c:\windows\10835spz9bot181.cpl
c:\windows\1090hazktoo55b5.ocx
c:\windows\10969not-a-virz966b5.ocx
c:\windows\10982not-z-9irus5b0.dll
c:\windows\109bac5doo9620z.cpl
c:\windows\109z9s5ambot5ff.bin
c:\windows\1133s9e5l1638z.cpl
c:\windows\11390sp548z9.ocx
c:\windows\11503szamb9t40.dll
c:\windows\11698nzt-5-virus65d.ocx
c:\windows\1224zo9-a5virus516.exe
c:\windows\12455t9oj1z8.cpl
c:\windows\124fdo9zlo5der2847.ocx
c:\windows\12851s9yz5.dll
c:\windows\129955orm20cz.dll
c:\windows\1368zha5k9ool5ed.cpl
c:\windows\13913zpa9bot7655.bin
c:\windows\13936tr954z0.bin
c:\windows\13999sz59ed.bin
c:\windows\14050n9t-a-virzs1f9.exe
c:\windows\14464not9a-virus5zf5.dll
c:\windows\15420hac9tool5z5.cpl
c:\windows\15537not-a-virzs599.exe
c:\windows\15569v5rus3az.ocx
c:\windows\15659troj7z5.dll
c:\windows\157bsteal569z.cpl
c:\windows\15902szy1d1.exe
c:\windows\1594ba9kdoor4z9.dll
c:\windows\15995troj715z.ocx
c:\windows\15999w5rz668.ocx
c:\windows\159estealz726.cpl
c:\windows\15a3s95zse1260.ocx
c:\windows\15zdspyware1259.bin
c:\windows\1609s9yz95.dll
c:\windows\1628tzreat50319.dll
c:\windows\163z2tr5jb9.exe
c:\windows\16981tr5jz489.bin
c:\windows\16bzaddw9r52362.ocx
c:\windows\17189v5rus33z9.ocx
c:\windows\17242nz95a-virus2a6.exe
c:\windows\17280s5a9bot306z.exe
c:\windows\176z0spam5ot9d4.exe
c:\windows\18006sp9m5ot754z.ocx
c:\windows\18935sza9bot9b5.exe
c:\windows\19031spazbo9572.bin
c:\windows\1909sp59zre441.bin
c:\windows\19441spyz59.dll
c:\windows\194tz5ef9951.exe
c:\windows\19728spz5c9.ocx
c:\windows\1995backdoor1z959.dll
c:\windows\1996z5irus5e1.ocx
c:\windows\199zaddw5re638.bin
c:\windows\19dbsteal550z.bin
c:\windows\1azas5ywar91537.dll
c:\windows\1b4zpyw9re2599.exe
c:\windows\1b98thre5t2234z.bin
c:\windows\1f9evir1z59.cpl
c:\windows\1z250sp948c.cpl
c:\windows\1z549teal75.cpl
c:\windows\1z669sp9mbot59d.bin
c:\windows\1zd6spywar592.ocx
c:\windows\2016zspambot5995.ocx
c:\windows\20919noz-a-virus155.bin
c:\windows\20cdza95door1749.dll
c:\windows\20e9thzea58999.dll
c:\windows\21036spam59t56z.exe
c:\windows\21098wo5m4az.exe
c:\windows\212z9worm598.exe
c:\windows\21dfspywa5e9725z.ocx
c:\windows\224threz5243249.ocx
c:\windows\22591s5amb9t1z2.cpl
c:\windows\225935pambotzb9.cpl
c:\windows\2265zwn9oader2462.bin
c:\windows\22794s952cbz.cpl
c:\windows\24254wzrm139.ocx
c:\windows\2452tr9z150.bin
c:\windows\24z84spa5bo92a7.cpl
c:\windows\2545b5ck9ooz1425.bin
c:\windows\254z9ackdoor5243.bin
c:\windows\25604s596cz.bin
c:\windows\25675not-a-virusz449.dll
c:\windows\2570zpy69d.cpl
c:\windows\2582v9r1z23.exe
c:\windows\25911zp91d6.cpl
c:\windows\259z9spy525.ocx
c:\windows\25ed5hr9at29z40.dll
c:\windows\25z6thief679.exe
c:\windows\26173sp9mb5t225z.ocx
c:\windows\2651695rus25z.exe
c:\windows\2658viru9zb5.cpl
c:\windows\26z50spambo93e5.exe
c:\windows\270z15o9m55a.bin
c:\windows\272579ot-a5zirus49.exe
c:\windows\2795zwor52ed.dll
c:\windows\27992z9t5a-virus523.ocx
c:\windows\285z3spam9ot453.dll
c:\windows\2862zor5669.exe
c:\windows\29078nzt-a-9irus252.bin
c:\windows\29102t5oj210z.cpl
c:\windows\2952wz5m15f.ocx
c:\windows\2965zt5oj699.bin
c:\windows\2993zsp5591.ocx
c:\windows\29z31spy5d4.ocx
c:\windows\2ae99pywarz5475.exe
c:\windows\2cf55i912z1.ocx
c:\windows\2d69spar5e9z18.bin
c:\windows\2dc9thizf5774.cpl
c:\windows\2e45spy9arez322.bin
c:\windows\2ef99ir1595z.cpl
c:\windows\2fc0addware25z9.exe
c:\windows\2z554w9rmc3.bin
c:\windows\3005s9eal2556z.bin
c:\windows\30262v5rz973c.dll
c:\windows\30800z9c5tool105.dll
c:\windows\30z95hreat4738.exe
c:\windows\31785ha9ktozl169.dll
c:\windows\31805sp935ez.cpl
c:\windows\31871no5-a-9irus7z1.cpl
c:\windows\32184zir5s92c.ocx
c:\windows\32424spamb954zb.exe
c:\windows\32459sp553z.ocx
c:\windows\325809rojz5e.bin
c:\windows\3266zown9oa5er1909.ocx
c:\windows\326z5spy95e.cpl
c:\windows\3393spyzare1458.ocx
c:\windows\33efsp95arz931.dll
c:\windows\3435spzmbot619.dll
c:\windows\3525zt9a52490.exe
c:\windows\36a5dowzlo9der218.exe
c:\windows\372zt59eat18520.exe
c:\windows\3796spz92c5.dll
c:\windows\3799not-a-v5ruz665.cpl
c:\windows\37e05ackd9oz649.exe
c:\windows\39443troj25bz.dll
c:\windows\3952znot-5-virus13b.exe
c:\windows\395bthr9at257z6.exe
c:\windows\39z3hacktool945.cpl
c:\windows\39z65spambot126.ocx
c:\windows\3a299z5ware1943.bin
c:\windows\3d4fbazkdo5r3359.cpl
c:\windows\3d63s95warez732.exe
c:\windows\3d8zspywa5e2999.cpl
c:\windows\3dbbaczd59r2977.bin
c:\windows\409dspyware1z625.exe
c:\windows\40b1threat5z99.ocx
c:\windows\44fzt5reat3994.cpl
c:\windows\45249pywarez571.ocx
c:\windows\45995ackdoor10z5.ocx
c:\windows\459fzteal4369.cpl
c:\windows\459zvir1924.exe
c:\windows\465fvir9z085.bin
c:\windows\4756not-az9ir5s17d.cpl
c:\windows\48459cktool445z.cpl
c:\windows\488at95eaz23323.bin
c:\windows\496dzhreat52591.exe
c:\windows\499dsp5wzr92533.cpl
c:\windows\4a25zi92273.cpl
c:\windows\4aa0spyw9re785z.dll
c:\windows\4b78downlo9der560z.cpl
c:\windows\4c2addwarz5948.cpl
c:\windows\4c5addwz9e3086.cpl
c:\windows\4cz6threa519835.ocx
c:\windows\4d19steal9z58.dll
c:\windows\4d39zp5rse9829.ocx
c:\windows\4d43downloa59r2966z.dll
c:\windows\4e95vi52z26.exe
c:\windows\4z2fvir9835.dll
c:\windows\4z95virus95b.bin
c:\windows\4zd9thief3954.cpl
c:\windows\503b9ckzoor562.dll
c:\windows\515v9rz789.exe
c:\windows\515zvir5029.ocx
c:\windows\5209backdoor2z7.cpl
c:\windows\5252ba9kdoor234z.bin
c:\windows\5257sparsez889.bin
c:\windows\52z5sp9rse3008.exe
c:\windows\5360hackto9z4b8.dll
c:\windows\53899ac5tool66z.cpl
c:\windows\538z7hacktool7bc9.ocx
c:\windows\5390spa5bo95ez.dll
c:\windows\5403hz9kto5l5f2.exe
c:\windows\545cs9azse1034.exe
c:\windows\546threa931015z.bin
c:\windows\54aad9ware2z05.dll
c:\windows\54bz9hreat25744.exe
c:\windows\5513backdooz2039.ocx
c:\windows\55168spyz119.cpl
c:\windows\55299hzef349.dll
c:\windows\5595threaz5596.exe
c:\windows\559z3wo9m5d7.ocx
c:\windows\55d9addwarz579.exe
c:\windows\560z9troj982.cpl
c:\windows\56389sz9mbot160.bin
c:\windows\5651t9rea5322z3.ocx
c:\windows\566bvir500z9.ocx
c:\windows\567zsp5ware26019.cpl
c:\windows\5694z9ief1455.cpl
c:\windows\5698h5cktool1z9.exe
c:\windows\56z4vir9105.ocx
c:\windows\5757zddware1696.cpl
c:\windows\578sp9rse1z97.cpl
c:\windows\5814vi539z5.cpl
c:\windows\5825adzware9506.dll
c:\windows\5826hackzo5l38c9.cpl
c:\windows\58290szy652.exe
c:\windows\5851threat1z90.ocx
c:\windows\587athie9z562.bin
c:\windows\5967spar5ez691.exe
c:\windows\5976downloader1446z.bin
c:\windows\5977spar59247z.exe
c:\windows\59f9thr5az26842.exe
c:\windows\5ae7spzw9r5633.ocx
c:\windows\5b04thiez2976.cpl
c:\windows\5b4ast9al35z5.dll
c:\windows\5b8threaz32599.bin
c:\windows\5b919ddzare562.cpl
c:\windows\5b95azdware1036.cpl
c:\windows\5c1tzrea94751.bin
c:\windows\5c75downloazer1952.ocx
c:\windows\5cecsp59sez703.cpl
c:\windows\5cf8szars53994.dll
c:\windows\5d5495ief29z9.ocx
c:\windows\5d63down5oa9er27z8.ocx
c:\windows\5e69spywarez955.exe
c:\windows\5e90steaz229.ocx
c:\windows\5f56adzware759.dll
c:\windows\5f5edownloa9er2z31.exe
c:\windows\5f5zthief2970.dll
c:\windows\5z149s9y7e8.dll
c:\windows\5z19spyware29595.ocx
c:\windows\5z9athreat3687.cpl
c:\windows\61955orz7b9.dll
c:\windows\63259teaz603.bin
c:\windows\6333wo9558z.ocx
c:\windows\6345s95mbotze8.cpl
c:\windows\6384v5z2839.dll
c:\windows\648a9zr5at10696.dll
c:\windows\65f4thie9351z.dll
c:\windows\66dz5ownloader959.dll
c:\windows\6909sparze21535.ocx
c:\windows\6920spa5se38z.dll
c:\windows\6950worm56bz.exe
c:\windows\6976s9e5l313z.dll
c:\windows\6a2ebackdzor9475.dll
c:\windows\6a95spyz9re19015.ocx
c:\windows\6ba8threat355z49.exe
c:\windows\6c1zv5r31899.bin
c:\windows\6c7fvzr9355.exe
c:\windows\6f42ba5kdo9z500.cpl
c:\windows\6f5edo9zloader2186.bin
c:\windows\6z3abac5door9419.exe
c:\windows\7041not-z-vi9us665.exe
c:\windows\7043h5c9tzol4fc.exe
c:\windows\708zth9eat23156.ocx
c:\windows\7274s5ealz5619.bin
c:\windows\72dzback9oo53088.ocx
c:\windows\7336zackto5l4be9.bin
c:\windows\7369sparse5z96.exe
c:\windows\7372sp96za5.ocx
c:\windows\7456spa9botzb.bin
c:\windows\75155ozm7df9.cpl
c:\windows\7559wzrm461.exe
c:\windows\75809hief1852z.cpl
c:\windows\7629tr9z25f.exe
c:\windows\7735thi5f9z47.exe
c:\windows\7738ha9ztool25a.ocx
c:\windows\774cad9ware3z815.cpl
c:\windows\79d8addzare3265.ocx
c:\windows\7c9e5iz719.bin
c:\windows\7cczb9ckdoor31875.dll
c:\windows\7d6dthi9z3175.dll
c:\windows\7ez7spy9ar51795.bin
c:\windows\7f58zparse2297.ocx
c:\windows\7z62sp915b.exe
c:\windows\7ze79t5al46.bin
c:\windows\8269tz9j258.dll
c:\windows\82hacztoo5539.bin
c:\windows\8390viruz61a5.cpl
c:\windows\84z5troj9f8.ocx
c:\windows\8540sp925z.dll
c:\windows\899ste5l9625z.dll
c:\windows\90720vizus56a.cpl
c:\windows\90853worz105.cpl
c:\windows\91269zot-a-v5rus5d6.ocx
c:\windows\9185zirus733.dll
c:\windows\92158wzrm596.dll
c:\windows\92753zirus555.dll
c:\windows\9289spambot5z4.ocx
c:\windows\92z2w5r95c9.exe
c:\windows\94660hzcktoo5106.bin
c:\windows\9470zviru54e5.bin
c:\windows\9594t5reat10875z.cpl
c:\windows\95z5vir2875.cpl
c:\windows\9651t9oj5z4.cpl
c:\windows\965evzr219.bin
c:\windows\9667spar5ez09.cpl
c:\windows\97fzaddware5975.ocx
c:\windows\9845z5cktool715.ocx
c:\windows\9892sparse1z75.exe
c:\windows\98backd9o5z717.ocx
c:\windows\993zack5ool282.dll
c:\windows\9959zorm75a.cpl
c:\windows\995z25roj1c6.dll
c:\windows\996stzal1005.exe
c:\windows\9975hac5tool5f1z.dll
c:\windows\9985zro954c.cpl
c:\windows\99z5teal979.cpl
c:\windows\a05thr9zt31225.cpl

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 11:35 pm

c:\windows\b9zsteal5447.dll
c:\windows\bbead9ware580z.exe
c:\windows\c45ste9l5612z.bin
c:\windows\d9zthief28585.dll
c:\windows\eazthief9235.ocx
c:\windows\ebfdownl5a9er30z8.exe
c:\windows\f9cdo5nloazer1354.dll
c:\windows\system32\1007a9dwaze4825.cpl
c:\windows\system32\10155spzmb59272.bin
c:\windows\system32\10309ha5ktool49z.ocx
c:\windows\system32\10384not-a-vizus4195.dll
c:\windows\system32\108z5tro9361.bin
c:\windows\system32\11259viru974z.bin
c:\windows\system32\11532worz392.bin
c:\windows\system32\11z265roj947.bin
c:\windows\system32\12125wz9m6645.bin
c:\windows\system32\12319szamb5t693.dll
c:\windows\system32\12415not-a-vir5941z.exe
c:\windows\system32\12650spa5bzt7c9.ocx
c:\windows\system32\13829sz55a0.exe
c:\windows\system32\1513sp932z.cpl
c:\windows\system32\15299hack5ool351z.cpl
c:\windows\system32\1530zi957.cpl
c:\windows\system32\153409z5mbot5f6.bin
c:\windows\system32\153ztr5j9e1.dll
c:\windows\system32\154599ozm389.bin
c:\windows\system32\154695ackto9z553.ocx
c:\windows\system32\15544tzoj395.dll
c:\windows\system32\1555zh9cktool1c9.ocx
c:\windows\system32\15569pambotz2d.dll
c:\windows\system32\155959zrm5e.cpl
c:\windows\system32\155z9v5rus99c.ocx
c:\windows\system32\15839vzrus7b5.cpl
c:\windows\system32\15873zr5j469.ocx
c:\windows\system32\1591add5z9e1944.bin
c:\windows\system32\1593downlo5der1953z.cpl
c:\windows\system32\15945trzj294.bin
c:\windows\system32\15959not-azvirus136.exe
c:\windows\system32\159dsza59e75.cpl
c:\windows\system32\15a9spywa9e2641z.exe
c:\windows\system32\15c5z9ief1538.bin
c:\windows\system32\16575zpy359.ocx
c:\windows\system32\165czhie93204.cpl
c:\windows\system32\1679szy556.cpl
c:\windows\system32\16z96spy9d5.cpl
c:\windows\system32\17122z5cktool6f9.bin
c:\windows\system32\17839wor9159z.exe
c:\windows\system32\18195wo5z99.ocx
c:\windows\system32\184409or53z0.dll
c:\windows\system32\18705hacztoo9b8.dll
c:\windows\system32\1899spars5z296.ocx
c:\windows\system32\189z9spyc5.cpl
c:\windows\system32\18a5ba5kd9zr3017.cpl
c:\windows\system32\19012not9a-virus3z55.exe
c:\windows\system32\19035ac9tool6z3.bin
c:\windows\system32\19253not-a-viruzc.exe
c:\windows\system32\192azhief591.cpl
c:\windows\system32\194245zy928.ocx
c:\windows\system32\194255zt-a-vir9s61a.dll
c:\windows\system32\1979addzare435.cpl
c:\windows\system32\19959troj43z.bin
c:\windows\system32\19azddware2555.cpl
c:\windows\system32\19d5do9nlzad5r2629.dll
c:\windows\system32\19d5downlozder2929.dll
c:\windows\system32\19z34hack5ool3a8.cpl
c:\windows\system32\1b12zddw9re5325.ocx
c:\windows\system32\1bd5bac5zoor339.ocx
c:\windows\system32\1d5av9r1z71.cpl
c:\windows\system32\1d5dt5rez911203.dll
c:\windows\system32\1f53bzckdoor1499.ocx
c:\windows\system32\1z862wo5m91.dll
c:\windows\system32\200fdownz9a5er1860.dll
c:\windows\system32\203799pamb5t655z.exe
c:\windows\system32\2040zvirus597.cpl
c:\windows\system32\207z7s5y95b.bin
c:\windows\system32\20ecstza92550.dll
c:\windows\system32\21189wozm775.exe
c:\windows\system32\21835ir896z.dll
c:\windows\system32\225ad9zare1759.dll
c:\windows\system32\22825szamb5t19a.bin
c:\windows\system32\22922spy5z5.exe
c:\windows\system32\2294backdoor1z589.dll
c:\windows\system32\23474hz5ktool19f.dll
c:\windows\system32\23c6spy9ar5z229.dll
c:\windows\system32\24214not-a-virzs5689.ocx
c:\windows\system32\24326spamzot159.exe
c:\windows\system32\2454threat88z79.bin
c:\windows\system32\24999vir5z400.exe
c:\windows\system32\24a5s9ywarez95.dll
c:\windows\system32\24z5steal391.cpl
c:\windows\system32\2505t9oj4cz.exe
c:\windows\system32\251179iz5s7ee.ocx
c:\windows\system32\25203zot-a-95rus7d8.cpl
c:\windows\system32\2529szambotce.bin
c:\windows\system32\25750z9r5s2a.dll
c:\windows\system32\25772tzoj4b9.cpl
c:\windows\system32\2591z9dware1385.exe
c:\windows\system32\25959wzrm115.bin
c:\windows\system32\25985wor99z5.dll
c:\windows\system32\25b5spyware95z.bin
c:\windows\system32\25cf59ief1376z.bin
c:\windows\system32\25dstealz109.exe
c:\windows\system32\2652959t-a-zirus63b.dll
c:\windows\system32\26648not9a5virus65z.ocx
c:\windows\system32\26750n9tza-virus5be.dll
c:\windows\system32\26760woz9580.exe
c:\windows\system32\267tro56z49.dll
c:\windows\system32\27118zpamb5t6f69.dll
c:\windows\system32\275z75pambot9cb.cpl
c:\windows\system32\27939hzcktool45f.exe
c:\windows\system32\27974hzcktool5c.dll
c:\windows\system32\28294vir9szab5.bin
c:\windows\system32\2859zh9cktoolcc.exe
c:\windows\system32\28773z95us522.dll
c:\windows\system32\287bba5kdooz2929.cpl
c:\windows\system32\28851troz5eb9.ocx
c:\windows\system32\28z6059y5b8.exe
c:\windows\system32\2902zvir9s5d7.ocx
c:\windows\system32\29248spambotz959.exe
c:\windows\system32\29261wzr54f09.bin
c:\windows\system32\29563spzmbo5b7.cpl
c:\windows\system32\29581notz9-virus43d.cpl
c:\windows\system32\2967sp9waz53024.ocx
c:\windows\system32\29ezir4155.dll
c:\windows\system32\2bf79h5ezt6964.exe
c:\windows\system32\2bz15hreat13955.dll
c:\windows\system32\2e1bs5ars92z39.cpl
c:\windows\system32\2fcb5own9oader20z6.dll
c:\windows\system32\2fedba5kdoorz94.bin
c:\windows\system32\2z0365pambot39b.bin
c:\windows\system32\2z269s9ambot5d5.exe
c:\windows\system32\2z670spambo595.cpl
c:\windows\system32\30345troz409.ocx
c:\windows\system32\30609w5rm9z4.dll
c:\windows\system32\30641nz9-a-vi5us6b8.ocx
c:\windows\system32\30655not-azviru59e1.dll
c:\windows\system32\30951troj655z.bin
c:\windows\system32\309535roz9.exe
c:\windows\system32\311z5spambot25f9.cpl
c:\windows\system32\3134d5wzloa9er2264.exe
c:\windows\system32\31394zpy20d5.cpl
c:\windows\system32\3145zspa9bot2ee5.bin
c:\windows\system32\31643spam5ot494z.ocx
c:\windows\system32\31680spazb9t1385.exe
c:\windows\system32\32110hack9ooz5a0.ocx
c:\windows\system32\32467zroj359.cpl
c:\windows\system32\33z6v5r2954.exe
c:\windows\system32\3502vzr32579.exe
c:\windows\system32\354629rzj75d.exe
c:\windows\system32\356b9pywzre2200.dll
c:\windows\system32\356zspar5e9594.bin
c:\windows\system32\357c5ownlo9der18z3.exe
c:\windows\system32\35808not-a-9iruz6ab.dll
c:\windows\system32\3595zhief1803.dll
c:\windows\system32\3599ad5warz1719.bin
c:\windows\system32\35z60sp9mbot30e.exe
c:\windows\system32\36525h9eat1185z.cpl
c:\windows\system32\37589hrezt11253.bin
c:\windows\system32\3965t5ief15z0.dll
c:\windows\system32\39835ot-a-vz9us397.dll
c:\windows\system32\39b7doznload5r2109.exe
c:\windows\system32\39c3t5zeat23512.dll
c:\windows\system32\39zdv9r1959.cpl
c:\windows\system32\3b2dstzal5492.bin
c:\windows\system32\3b82baczdo5r30589.bin
c:\windows\system32\3ba2down95ader2504z.dll
c:\windows\system32\3c15thze529899.ocx
c:\windows\system32\3dbzspar5e492.cpl
c:\windows\system32\3f1czac9d5or1156.dll
c:\windows\system32\3z185h5ckt9ol71e.bin
c:\windows\system32\3z208spambo5f9.cpl
c:\windows\system32\3z235p9768.bin
c:\windows\system32\4186sz5wa9e2403.ocx
c:\windows\system32\4435bzckdoor16559.cpl
c:\windows\system32\449e5hiez1950.bin
c:\windows\system32\450zn9t-a-virusb5.ocx
c:\windows\system32\4515spazbo9793.exe
c:\windows\system32\4575vir9sz0f.dll
c:\windows\system32\459bsz9rse1800.bin
c:\windows\system32\45fedow9loader9z3.ocx
c:\windows\system32\4612down9oader2z57.dll
c:\windows\system32\4665zpyware359.dll
c:\windows\system32\4679zddw9r52493.dll
c:\windows\system32\4695v5ru91z7.cpl
c:\windows\system32\46z9th59f99.bin
c:\windows\system32\4757zt9a52606.bin
c:\windows\system32\4795wozm3a9.dll
c:\windows\system32\4799zir5565.exe
c:\windows\system32\482not-azv9rus45b.dll
c:\windows\system32\48a95ackdoor45z.ocx
c:\windows\system32\498avirz2205.ocx
c:\windows\system32\49aca5dzare187.dll
c:\windows\system32\4be6downloazer2659.dll
c:\windows\system32\4c59steal1z99.ocx
c:\windows\system32\4d5495r22z.cpl
c:\windows\system32\4d59vir899z.dll
c:\windows\system32\4ezf95reat12384.ocx
c:\windows\system32\4f79spaz592384.bin
c:\windows\system32\4z3b95reat22726.exe
c:\windows\system32\4z82thr5at19576.dll
c:\windows\system32\4z9adow5loader14.exe
c:\windows\system32\4z9bs5eal2619.exe
c:\windows\system32\50095not-a9virzs12e.exe
c:\windows\system32\50153hackzool98c.cpl
c:\windows\system32\50582worm1z29.dll
c:\windows\system32\50bfad9warez1175.dll
c:\windows\system32\5133tzreat52779.ocx
c:\windows\system32\525zvi91947.dll
c:\windows\system32\5280sparsz1696.cpl
c:\windows\system32\52965ir3233z.bin
c:\windows\system32\535cs5zal2179.bin
c:\windows\system32\53654hack9ool5c6z.cpl
c:\windows\system32\53693wormz29.ocx
c:\windows\system32\53846wozm6509.ocx
c:\windows\system32\53949acktool2fz.cpl
c:\windows\system32\5398spambot421z.ocx
c:\windows\system32\53ddadzw9re17955.cpl
c:\windows\system32\54165irz914.ocx
c:\windows\system32\541z9acktool756.cpl
c:\windows\system32\5499sparze454.exe
c:\windows\system32\54b3spywarz5489.bin
c:\windows\system32\5511tzief793.cpl
c:\windows\system32\551zste9l1488.bin
c:\windows\system32\5526not-a-v9rus5zc.ocx
c:\windows\system32\55409trzj10a9.cpl
c:\windows\system32\55caspar9e1z57.bin
c:\windows\system32\55e0z9yware548.dll
c:\windows\system32\56059zrus2b.ocx
c:\windows\system32\5616z95m1fa.exe
c:\windows\system32\56902viruz589.bin
c:\windows\system32\5691steal11z5.bin

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 11:35 pm

c:\windows\system32\5693no95a-virus127z.exe
c:\windows\system32\56d5spyware95z.dll
c:\windows\system32\575addwarz597.dll
c:\windows\system32\576cstezl6349.dll
c:\windows\system32\57700vir9sz47.bin
c:\windows\system32\5809vi5z53.cpl
c:\windows\system32\58299spy411z.bin
c:\windows\system32\5867thief19z9.dll
c:\windows\system32\5869a5dwzre1351.ocx
c:\windows\system32\5885tzief1904.dll
c:\windows\system32\58fcspazs9373.ocx
c:\windows\system32\592ezteal575.dll
c:\windows\system32\59574virus515z.bin
c:\windows\system32\59a5thiefz2.cpl
c:\windows\system32\59acspywarz1260.exe
c:\windows\system32\59azt5ief763.cpl
c:\windows\system32\59z1wor5986.dll
c:\windows\system32\5b2f9zdware3541.dll
c:\windows\system32\5c0adzwnl5ad9r1020.bin
c:\windows\system32\5c2zownloade529.exe
c:\windows\system32\5c5addw5re931z.bin
c:\windows\system32\5c715ddwz9e2741.exe
c:\windows\system32\5d69b5ckdozr1907.dll
c:\windows\system32\5d7z9ackdoo51593.ocx
c:\windows\system32\5d9cthiez593.cpl
c:\windows\system32\5d9fzhre5t25568.dll
c:\windows\system32\5f5sp9rsz512.exe
c:\windows\system32\5f99thief1z6.ocx
c:\windows\system32\5fc0thre5t91869z.cpl
c:\windows\system32\5fd65hi9f1915z.exe
c:\windows\system32\5z6cdownloade51945.cpl
c:\windows\system32\5z77d9wnlo5der1826.dll
c:\windows\system32\5zb9spars52055.exe
c:\windows\system32\5ze5thief9185.dll
c:\windows\system32\60479hzeat59634.dll
c:\windows\system32\6075thi9f51z6.ocx
c:\windows\system32\6151thr9at69z.exe
c:\windows\system32\6157doznl95der861.dll
c:\windows\system32\6195addw5re3z.exe
c:\windows\system32\6289hackt9ol5ez.cpl
c:\windows\system32\629a5ackdozr260.cpl
c:\windows\system32\6499vzr560.bin
c:\windows\system32\649hacktool24z5.bin
c:\windows\system32\64a5a9dwarez152.bin
c:\windows\system32\65979parse1785z.bin
c:\windows\system32\659astza51614.ocx
c:\windows\system32\65czownload9r555.bin
c:\windows\system32\65fzthreat90288.dll
c:\windows\system32\6658szambot4c89.ocx
c:\windows\system32\6698spy5z9.ocx
c:\windows\system32\66efstzal3195.exe
c:\windows\system32\6779zpam5ot583.exe
c:\windows\system32\6912vi52z92.cpl
c:\windows\system32\698dzir1585.bin
c:\windows\system32\6a49b9ckdozr2955.cpl
c:\windows\system32\6a6azt5a953.ocx
c:\windows\system32\6bzthie95163.bin
c:\windows\system32\6cz759reat6284.cpl
c:\windows\system32\6e559hief8z5.dll
c:\windows\system32\6e5e9aczdoor1145.ocx
c:\windows\system32\6ef9spywar95z7.ocx
c:\windows\system32\6z3ath9ef1705.dll
c:\windows\system32\71z59arse1499.dll
c:\windows\system32\7292spy5bdz.ocx
c:\windows\system32\72a5th95fz094.bin
c:\windows\system32\7355not5a-viruz9e2.exe
c:\windows\system32\73e9s5ywarez984.exe
c:\windows\system32\747ethief1z659.dll
c:\windows\system32\7590spambzt192.cpl
c:\windows\system32\772zackdoor14995.exe
c:\windows\system32\7857not-a-vi95sze8.bin
c:\windows\system32\7939no5-a-virus65z.ocx
c:\windows\system32\7993ad5ware135z9.dll
c:\windows\system32\799esteal2555z.cpl
c:\windows\system32\7czthief9955.bin
c:\windows\system32\7d94dow5loazer2512.dll
c:\windows\system32\7edathz5f199.dll
c:\windows\system32\7z4steal5559.dll
c:\windows\system32\7z54vir12839.bin
c:\windows\system32\807nzt-a-5ir9s70d.cpl
c:\windows\system32\82135p93baz.ocx
c:\windows\system32\8225wzr9666.dll
c:\windows\system32\8282zirus5d59.exe
c:\windows\system32\8746s5y5a9z.exe
c:\windows\system32\8904sz5mbot3699.dll
c:\windows\system32\8996vizu514.ocx
c:\windows\system32\8b3t9r5at17183z.dll
c:\windows\system32\9010hacktzol6dd5.cpl
c:\windows\system32\9026noz9a-viru5643.cpl
c:\windows\system32\913no5za-viru92de.cpl
c:\windows\system32\914e5ownloadzr1076.dll
c:\windows\system32\9151not-a-zirus1195.ocx
c:\windows\system32\91b7addwar5109z.dll
c:\windows\system32\92157spamb5tz10.bin
c:\windows\system32\93z4vi5us7419.cpl
c:\windows\system32\9420t9oj5z25.bin
c:\windows\system32\94405szy52f5.exe
c:\windows\system32\9498addwaze8735.exe
c:\windows\system32\959adzware594.ocx
c:\windows\system32\95ecthzef2619.exe
c:\windows\system32\95fbbackdoor640z.ocx
c:\windows\system32\9697zot-a-v5rus929.bin
c:\windows\system32\96ebt5iez211.dll
c:\windows\system32\9725spambot2az.cpl
c:\windows\system32\9757zroj3c1.exe
c:\windows\system32\97993zrojf5.ocx
c:\windows\system32\9799spazb9t6ac5.exe
c:\windows\system32\97aethrez59951.bin
c:\windows\system32\9825tzoj46f9.bin
c:\windows\system32\98719zirus175.bin
c:\windows\system32\98731hacz5ool7dd.dll
c:\windows\system32\991395py120z.cpl
c:\windows\system32\9936sz5ware389.dll
c:\windows\system32\99539roj55bz.exe
c:\windows\system32\9975spyza.ocx
c:\windows\system32\998zir2235.exe
c:\windows\system32\9999vi5us7e5z.bin
c:\windows\system32\99e4zir2533.ocx
c:\windows\system32\9bafad5warz855.cpl
c:\windows\system32\9d9azparse5033.dll
c:\windows\system32\9z49addware595.ocx
c:\windows\system32\9z57spam5ot970.exe
c:\windows\system32\9z603troj1b55.bin
c:\windows\system32\9z75steal2059.dll
c:\windows\system32\9z90wor5196.exe
c:\windows\system32\9zte5l1959.exe
c:\windows\system32\a0ethizf2925.ocx
c:\windows\system32\b59spywzre1418.ocx
c:\windows\system32\c3ad59are554z.exe
c:\windows\system32\c7za95ware892.ocx
c:\windows\system32\c9zthreat522.dll
c:\windows\system32\ca9addwaze32585.dll
c:\windows\system32\d04s9yware511z.exe
c:\windows\system32\db8thief153z9.ocx
c:\windows\system32\dbspy9are589z.bin
c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\e9aspyware1545z.dll
c:\windows\system32\ed7thz9f16155.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z1603not-a-viru9597.bin
c:\windows\system32\z2558hackto9l529.exe
c:\windows\system32\z451hacktool25f9.cpl
c:\windows\system32\z5296not-a-virus9f8.cpl
c:\windows\system32\z5756s9y662.ocx
c:\windows\system32\z5796vi9us57a.exe
c:\windows\system32\z5f0downloa9er28565.bin
c:\windows\system32\z7498vi9us527.exe
c:\windows\system32\z7591spambot4b4.cpl
c:\windows\system32\z8552hack9ool53e.bin
c:\windows\system32\z9718t9oj5a45.exe
c:\windows\system32\zb4cvir3593.ocx
c:\windows\system32\zc2bdow59oader539.ocx
c:\windows\system32\zd23spa5s9858.exe
c:\windows\system32\zd90addw5re9128.ocx
c:\windows\z009v5r9399.cpl
c:\windows\z0858spa9bot4e.dll
c:\windows\z215troj6e49.dll
c:\windows\z352addwa9e1699.bin
c:\windows\z405spyware29359.dll
c:\windows\z427viru5793.exe
c:\windows\z4586tr5j3099.bin
c:\windows\z4759roj4c85.exe
c:\windows\z502hack5ool4a29.bin
c:\windows\z5595virus299.ocx
c:\windows\z55cadd9are3209.ocx
c:\windows\z56aspy9are1853.dll
c:\windows\z5favir3991.bin
c:\windows\z6193tro593.ocx
c:\windows\z6456w9rm5d8.cpl
c:\windows\z755vir9855.exe
c:\windows\z9420not-5-virus983.exe
c:\windows\z9841sp5425.bin
c:\windows\z99b5te9l2833.bin
c:\windows\z9c6ad5ware2978.exe

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 11:36 pm

.
((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 23:25 . 2009-06-02 23:25 -------- d-----w- c:\users\Adithya\AppData\Local\temp
2009-06-02 04:29 . 2009-06-02 04:29 -------- d-----w- c:\program files\Trend Micro
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-----w- c:\users\Adithya\AppData\Roaming\Malwarebytes
2009-06-02 04:11 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 04:11 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 03:27 . 2009-06-02 03:27 348160 ----a-w- c:\windows\system32\blocker.dll
2009-06-02 03:27 . 2009-06-02 03:27 -------- d-----w- c:\program files\WinBlueSoft Software
2009-06-02 01:53 . 2009-06-02 02:41 -------- d-----w- c:\users\Adithya\AppData\Roaming\EndNote
2009-06-02 00:28 . 2009-05-13 13:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVEX32A.DLL
2009-06-02 00:28 . 2009-05-13 13:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVENG.SYS
2009-06-02 00:28 . 2009-05-13 13:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVEX15.SYS
2009-06-02 00:28 . 2009-05-13 13:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\EECTRL.SYS
2009-06-02 00:28 . 2009-05-13 13:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\ECMSVR32.DLL
2009-06-02 00:28 . 2009-05-13 13:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\CCERASER.DLL
2009-06-02 00:28 . 2009-05-13 13:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVENG32.DLL
2009-06-02 00:28 . 2009-05-13 13:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\ERASER.SYS
2009-06-01 00:34 . 2009-05-13 13:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVENG.SYS
2009-06-01 00:34 . 2009-05-13 13:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVEX15.SYS
2009-06-01 00:34 . 2009-05-13 13:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVENG32.DLL
2009-06-01 00:34 . 2009-05-13 13:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVEX32A.DLL
2009-06-01 00:34 . 2009-05-13 13:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\EECTRL.SYS
2009-06-01 00:34 . 2009-05-13 13:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\ECMSVR32.DLL
2009-06-01 00:34 . 2009-05-13 13:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\CCERASER.DLL
2009-06-01 00:34 . 2009-05-13 13:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\ERASER.SYS
2009-05-27 21:37 . 2009-02-02 17:53 972800 ----a-w- c:\users\Adithya\AppData\Roaming\Mozilla\Firefox\Profiles\lngj93ys.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
2009-05-23 00:25 . 2009-05-13 13:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-23 00:25 . 2009-05-13 13:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-23 00:25 . 2009-05-13 13:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-23 00:25 . 2009-05-13 13:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-23 00:25 . 2009-05-13 13:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-23 00:25 . 2009-05-13 13:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-23 00:25 . 2009-05-13 13:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-23 00:25 . 2009-05-13 13:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-23 00:23 . 2009-05-23 00:24 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-22 15:25 . 2009-05-22 15:25 -------- d-sh--w- C:\found.001
2009-05-21 07:57 . 2009-05-21 07:57 -------- d-----w- c:\users\Adithya\AppData\Roaming\CyberLink
2009-05-12 22:24 . 2009-05-12 22:24 -------- d--h--w- C:\VJVod_Cache
2009-05-12 17:25 . 2009-05-12 17:25 -------- d-----w- c:\windows\system32\nagasoft
2009-05-12 17:15 . 2009-05-12 17:15 5588312 ----a-w- c:\users\Adithya\AppData\Roaming\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe
2009-05-05 14:29 . 2009-05-05 14:29 -------- d-sh--w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 15:17 . 2009-03-25 23:36 -------- d-----w- c:\program files\Spyware Doctor
2009-06-02 03:23 . 2009-03-15 23:04 -------- d-----w- c:\users\Adithya\AppData\Roaming\Skype
2009-06-01 19:59 . 2009-03-27 00:53 -------- d-----w- c:\program files\SpywareBlaster
2009-05-28 02:45 . 2009-03-15 19:36 61128 ----a-w- c:\users\Adithya\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 22:29 . 2008-08-12 05:31 -------- d-----w- c:\programdata\Microsoft Help
2009-05-27 22:22 . 2008-08-12 05:33 -------- d-----w- c:\program files\Microsoft Works
2009-05-23 00:26 . 2009-03-25 19:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-23 00:25 . 2009-03-25 19:51 -------- d-----w- c:\programdata\Symantec
2009-05-23 00:24 . 2009-03-25 19:52 -------- d-----w- c:\program files\Symantec
2009-05-23 00:24 . 2009-05-23 00:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-23 00:24 . 2009-05-23 00:23 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-23 00:22 . 2009-03-25 19:51 -------- d-----w- c:\program files\Symantec AntiVirus
2009-05-21 19:03 . 2009-04-14 03:35 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-05-13 17:43 . 2009-03-28 22:40 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-05-13 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 16:53 . 2009-03-15 20:05 -------- d-----w- c:\program files\TVUPlayer
2009-05-03 01:49 . 2008-08-12 05:28 -------- d-----w- c:\program files\Cisco
2009-04-30 23:10 . 2009-03-15 22:48 -------- d-----w- c:\programdata\Yahoo! Companion
2009-04-30 06:16 . 2009-04-30 05:44 -------- d-----w- c:\users\Adithya\AppData\Roaming\Winamp
2009-04-30 05:45 . 2009-04-30 05:44 -------- d-----w- c:\program files\Winamp
2009-04-29 20:29 . 2009-04-29 20:29 -------- d-----w- c:\program files\GPower 3.0
2009-04-20 03:49 . 2009-03-25 23:37 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-04-14 05:07 . 2009-04-14 05:07 -------- d-----w- c:\program files\MSXML 4.0
2009-04-14 04:17 . 2009-04-14 04:17 -------- d-----w- c:\users\Adithya\AppData\Roaming\Nikon
2009-04-14 03:42 . 2009-04-14 03:42 49152 ----a-r- c:\users\Adithya\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-04-14 03:42 . 2009-04-14 03:39 -------- d-----w- c:\program files\Common Files\Nikon
2009-04-14 03:42 . 2009-04-14 03:42 335872 ----a-r- c:\users\Adithya\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-04-14 03:40 . 2009-04-14 03:40 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-04-14 03:39 . 2009-04-14 03:39 -------- d-----w- c:\programdata\Nikon
2009-04-14 03:39 . 2009-04-14 03:39 -------- d-----w- c:\program files\Nikon
2009-04-14 03:35 . 2009-04-14 03:35 -------- d-----w- c:\programdata\Ultima_T15
2009-04-14 03:35 . 2009-04-14 03:35 -------- d-----w- c:\programdata\Radio Sounds
2009-04-14 03:35 . 2009-04-14 03:35 -------- d-----w- c:\programdata\EnterNHelp
2009-04-13 21:25 . 2009-04-13 21:25 -------- d-----w- c:\program files\Informax Installations
2009-04-13 21:24 . 2009-04-13 21:24 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-04-13 21:24 . 2009-04-13 21:24 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-04-13 21:24 . 2009-04-13 21:24 -------- d-----w- c:\program files\Vector NTI Advance
2009-04-11 14:59 . 2009-04-11 14:59 -------- d-----w- c:\program files\SopCast
2009-04-10 08:15 . 2009-03-16 15:18 680 ----a-w- c:\users\Adithya\AppData\Local\d3d9caps.dat
2009-04-07 02:43 . 2009-04-07 02:43 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:43 . 2009-04-07 02:43 -------- d-----w- c:\program files\iTunes
2009-04-07 02:43 . 2009-04-07 02:43 -------- d-----w- c:\program files\iPod
2009-04-07 02:43 . 2009-03-16 02:11 -------- d-----w- c:\program files\Common Files\Apple
2009-04-07 02:35 . 2009-04-07 02:35 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-05 23:39 . 2009-04-05 23:39 -------- d-----w- c:\users\Adithya\AppData\Roaming\Cisco
2009-04-05 05:35 . 2009-03-16 02:17 -------- d-----w- c:\program files\Real
2009-04-05 04:37 . 2009-04-05 04:37 -------- d-----w- c:\program files\P2P Tv Plugin
2009-03-28 22:41 . 2009-03-28 22:41 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-03-28 22:41 . 2009-03-28 22:41 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-03-28 22:33 . 2009-03-28 22:33 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-03-28 07:32 . 2009-03-28 02:52 2428192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-03-20 01:46 . 2009-03-20 01:46 266400 ----a-w- c:\users\Adithya\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-03-19 21:32 . 2009-04-07 02:43 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 03:31 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 03:31 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 03:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-15 20:18 . 2009-03-15 20:18 79367 ----a-w- c:\users\Adithya\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-03-08 11:34 . 2009-03-23 05:14 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-23 05:14 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-23 05:14 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-23 05:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-23 05:14 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-23 05:14 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-23 05:14 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-23 05:14 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-23 05:14 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-23 05:14 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-23 05:14 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-23 05:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-23 05:14 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-23 05:14 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-23 05:14 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-23 05:14 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-23 05:14 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-23 05:14 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 04:59 . 2009-03-06 04:59 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-06 04:59 . 2009-03-06 04:59 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-12 05:24 . 2008-08-12 05:24 76 --sha-r- c:\windows\CT4CET.bin
2008-08-12 08:04 . 2008-08-12 08:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 11:37 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Adithya\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]
"Google Update"="c:\users\Adithya\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-17 133104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-23 136080]
"WinBlueSoft"="c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe" [2009-05-29 2821120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-05-26 1283344]

c:\users\Adithya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-3-15 42168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-28 118784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-12 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-12 05:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Tue Jun 02, 2009 11:38 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{633BC856-0410-40A6-8B8F-89CA90E8BF68}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6248EB1F-228A-4012-9FD9-5BD85D4C42EB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7D63ED6-A2EF-4E91-A6B1-895B611BE718}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{4388E3D8-B31B-4705-B414-C3D6C4EF196A}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{AABDD148-F181-45CC-8BF8-BF0FD89DA7D2}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{42E39364-AE1F-4955-84D6-F7E08C730298}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{EDBD0099-1738-42D4-9F1C-BFF3049FE74E}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{6CCF200A-8BFC-4B06-AEA9-32FA4900C03B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FC0DD2C1-C18C-4365-9EF5-244E17C9456D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ACA8AC46-CEB1-4002-B1C1-C67BA5525AC6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E00B9EB0-95FB-446F-A8EC-1FE7D18306FA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{502582C8-34AC-487D-9269-C6B0888FC8A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{053CA644-6C3D-4EDD-BB3D-80C41BAE2294}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{10396C6D-3BF8-4806-B950-54AA33FF8647}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{379D51A9-AB85-42C4-9151-6D0ED042B537}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{9BF708D9-58A5-4B29-8E77-6E64F46B4AEE}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{DBAF6863-7445-4563-81EE-6C08833A3EAC}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{4FB56E08-C90B-4525-A98D-3BE7F9D6E617}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{5D644FB6-8CA4-4685-BD9F-0EE2D193AD9F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0E8B4A5F-1C96-48AC-8298-0836127C5F4F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D1536FA3-4C8E-4658-9EA7-71CD0E603C7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{98414B79-6188-4862-B9D5-3C97B4E5CD0A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{28DEEB18-2037-49F8-B9A5-BFE887D20184}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic script Editor
"{2844ADB8-5468-4B84-9272-90165D35892D}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{3E938F46-099A-4425-9B3A-005ADC291436}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{D6A145C7-C54B-4994-AF5F-3DAD50770251}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic script Editor
"{FDB5C982-F698-4A90-A1C6-498E4B20D1BF}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{40EC6F85-171A-4477-A39C-8AF68B82D64E}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{23579C18-4CF1-4E53-8CA3-1BC1D6E29BFC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DD7F94B1-FA79-4E30-9A57-D9AA156AEA19}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8DFCD319-B387-48EE-9D50-F579583586E9}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{A9A6DF81-422C-45AF-9035-75BF965D899F}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{8EC42FDB-3E00-4BA4-BD27-32F3E6013B59}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{3C83E09C-F8C6-4E8D-8E8D-F20BA211196F}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [3/25/2009 6:37 PM 130936]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/25/2009 6:36 PM 348752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [8/11/2008 7:09 PM 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]
S2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/23/2008 3:46 PM 121744]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/10/2008 7:03 PM 417464]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2009 7:28 PM 101936]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [8/12/2008 3:05 AM 111616]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [8/12/2008 3:05 AM 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [8/12/2008 3:05 AM 7424]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\System32\drivers\vpnva.sys [12/10/2008 6:50 PM 20152]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2332049103-1334681098-2573545635-1000.job
- c:\users\Adithya\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-17 00:53]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-12 18:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-12 18:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-RunOnce- - (no file)
Notify-WgaLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Adithya\AppData\Roaming\Mozilla\Firefox\Profiles\lngj93ys.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Adithya\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Adithya\AppData\Roaming\Mozilla\Firefox\Profiles\lngj93ys.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-02 18:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-02 18:27
ComboFix-quarantined-files.txt 2009-06-02 23:27

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 158,971,752,448 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
1060 --- E O F --- 2009-05-27 22:31

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by Belahzur on Wed Jun 03, 2009 12:18 am

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\blocker.dll

Folder::
c:\program files\WinBlueSoft Software
C:\found.000

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinBlueSoft"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Wed Jun 03, 2009 12:40 am

ComboFix 09-06-01.03 - Adithya 06/02/2009 19:24.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1164 [GMT -5:00]
Running from: c:\users\Adithya\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Adithya\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\blocker.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\file0000.chk
c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
c:\windows\system32\blocker.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 00:27 . 2009-06-03 00:30 -------- d-----w- c:\users\Adithya\AppData\Local\temp
2009-06-02 04:29 . 2009-06-02 04:29 -------- d-----w- c:\program files\Trend Micro
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-----w- c:\users\Adithya\AppData\Roaming\Malwarebytes
2009-06-02 04:11 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 04:11 . 2009-06-02 04:11 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 04:11 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 01:53 . 2009-06-02 02:41 -------- d-----w- c:\users\Adithya\AppData\Roaming\EndNote
2009-06-02 00:28 . 2009-05-13 13:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVEX32A.DLL
2009-06-02 00:28 . 2009-05-13 13:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVENG.SYS
2009-06-02 00:28 . 2009-05-13 13:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVEX15.SYS
2009-06-02 00:28 . 2009-05-13 13:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\EECTRL.SYS
2009-06-02 00:28 . 2009-05-13 13:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\ECMSVR32.DLL
2009-06-02 00:28 . 2009-05-13 13:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\CCERASER.DLL
2009-06-02 00:28 . 2009-05-13 13:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\NAVENG32.DLL
2009-06-02 00:28 . 2009-05-13 13:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090601.003\ERASER.SYS
2009-06-01 00:34 . 2009-05-13 13:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVENG.SYS
2009-06-01 00:34 . 2009-05-13 13:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVEX15.SYS
2009-06-01 00:34 . 2009-05-13 13:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVENG32.DLL
2009-06-01 00:34 . 2009-05-13 13:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\NAVEX32A.DLL
2009-06-01 00:34 . 2009-05-13 13:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\EECTRL.SYS
2009-06-01 00:34 . 2009-05-13 13:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\ECMSVR32.DLL
2009-06-01 00:34 . 2009-05-13 13:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\CCERASER.DLL
2009-06-01 00:34 . 2009-05-13 13:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090531.003\ERASER.SYS
2009-05-27 21:37 . 2009-02-02 17:53 972800 ----a-w- c:\users\Adithya\AppData\Roaming\Mozilla\Firefox\Profiles\lngj93ys.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
2009-05-23 00:25 . 2009-05-13 13:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-23 00:25 . 2009-05-13 13:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-23 00:25 . 2009-05-13 13:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-23 00:25 . 2009-05-13 13:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-23 00:25 . 2009-05-13 13:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-23 00:25 . 2009-05-13 13:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-23 00:25 . 2009-05-13 13:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-23 00:25 . 2009-05-13 13:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-23 00:23 . 2009-05-23 00:24 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-22 15:25 . 2009-05-22 15:25 -------- d-sh--w- C:\found.001
2009-05-21 07:57 . 2009-05-21 07:57 -------- d-----w- c:\users\Adithya\AppData\Roaming\CyberLink
2009-05-12 22:24 . 2009-05-12 22:24 -------- d--h--w- C:\VJVod_Cache
2009-05-12 17:25 . 2009-05-12 17:25 -------- d-----w- c:\windows\system32\nagasoft
2009-05-12 17:15 . 2009-05-12 17:15 5588312 ----a-w- c:\users\Adithya\AppData\Roaming\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 00:31 . 2009-03-27 00:53 -------- d-----w- c:\program files\SpywareBlaster
2009-06-02 15:17 . 2009-03-25 23:36 -------- d-----w- c:\program files\Spyware Doctor
2009-06-02 03:23 . 2009-03-15 23:04 -------- d-----w- c:\users\Adithya\AppData\Roaming\Skype
2009-05-28 02:45 . 2009-03-15 19:36 61128 ----a-w- c:\users\Adithya\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 22:29 . 2008-08-12 05:31 -------- d-----w- c:\programdata\Microsoft Help
2009-05-27 22:22 . 2008-08-12 05:33 -------- d-----w- c:\program files\Microsoft Works
2009-05-23 00:26 . 2009-03-25 19:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-23 00:25 . 2009-03-25 19:51 -------- d-----w- c:\programdata\Symantec
2009-05-23 00:24 . 2009-03-25 19:52 -------- d-----w- c:\program files\Symantec
2009-05-23 00:24 . 2009-05-23 00:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-23 00:24 . 2009-05-23 00:23 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-23 00:22 . 2009-03-25 19:51 -------- d-----w- c:\program files\Symantec AntiVirus
2009-05-21 19:03 . 2009-04-14 03:35 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-05-13 17:43 . 2009-03-28 22:40 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2009-05-13 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 16:53 . 2009-03-15 20:05 -------- d-----w- c:\program files\TVUPlayer
2009-05-03 01:49 . 2008-08-12 05:28 -------- d-----w- c:\program files\Cisco
2009-04-30 23:10 . 2009-03-15 22:48 -------- d-----w- c:\programdata\Yahoo! Companion
2009-04-30 06:16 . 2009-04-30 05:44 -------- d-----w- c:\users\Adithya\AppData\Roaming\Winamp
2009-04-30 05:45 . 2009-04-30 05:44 -------- d-----w- c:\program files\Winamp
2009-04-29 20:29 . 2009-04-29 20:29 -------- d-----w- c:\program files\GPower 3.0
2009-04-20 03:49 . 2009-03-25 23:37 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-04-14 05:07 . 2009-04-14 05:07 -------- d-----w- c:\program files\MSXML 4.0
2009-04-14 04:17 . 2009-04-14 04:17 -------- d-----w- c:\users\Adithya\AppData\Roaming\Nikon
2009-04-14 03:42 . 2009-04-14 03:42 49152 ----a-r- c:\users\Adithya\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-04-14 03:42 . 2009-04-14 03:39 -------- d-----w- c:\program files\Common Files\Nikon
2009-04-14 03:42 . 2009-04-14 03:42 335872 ----a-r- c:\users\Adithya\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-04-14 03:40 . 2009-04-14 03:40 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-04-14 03:39 . 2009-04-14 03:39 -------- d-----w- c:\programdata\Nikon
2009-04-14 03:39 . 2009-04-14 03:39 -------- d-----w- c:\program files\Nikon
2009-04-14 03:35 . 2009-04-14 03:35 -------- d-----w- c:\programdata\Ultima_T15
2009-04-14 03:35 . 2009-04-14 03:35 -------- d-----w- c:\programdata\Radio Sounds
2009-04-14 03:35 . 2009-04-14 03:35 -------- d-----w- c:\programdata\EnterNHelp
2009-04-13 21:25 . 2009-04-13 21:25 -------- d-----w- c:\program files\Informax Installations
2009-04-13 21:24 . 2009-04-13 21:24 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-04-13 21:24 . 2009-04-13 21:24 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-04-13 21:24 . 2009-04-13 21:24 -------- d-----w- c:\program files\Vector NTI Advance
2009-04-11 14:59 . 2009-04-11 14:59 -------- d-----w- c:\program files\SopCast
2009-04-10 08:15 . 2009-03-16 15:18 680 ----a-w- c:\users\Adithya\AppData\Local\d3d9caps.dat
2009-04-07 02:43 . 2009-04-07 02:43 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:43 . 2009-04-07 02:43 -------- d-----w- c:\program files\iTunes
2009-04-07 02:43 . 2009-04-07 02:43 -------- d-----w- c:\program files\iPod
2009-04-07 02:43 . 2009-03-16 02:11 -------- d-----w- c:\program files\Common Files\Apple
2009-04-07 02:35 . 2009-04-07 02:35 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-05 23:39 . 2009-04-05 23:39 -------- d-----w- c:\users\Adithya\AppData\Roaming\Cisco
2009-04-05 05:35 . 2009-03-16 02:17 -------- d-----w- c:\program files\Real
2009-04-05 04:37 . 2009-04-05 04:37 -------- d-----w- c:\program files\P2P Tv Plugin
2009-03-28 22:41 . 2009-03-28 22:41 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-03-28 22:41 . 2009-03-28 22:41 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-03-28 22:33 . 2009-03-28 22:33 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-03-28 07:32 . 2009-03-28 02:52 2428192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-03-20 01:46 . 2009-03-20 01:46 266400 ----a-w- c:\users\Adithya\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-03-19 21:32 . 2009-04-07 02:43 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 03:31 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 03:31 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 03:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-15 20:18 . 2009-03-15 20:18 79367 ----a-w- c:\users\Adithya\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-03-08 11:34 . 2009-03-23 05:14 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-23 05:14 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-23 05:14 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-23 05:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-23 05:14 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-23 05:14 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-23 05:14 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-23 05:14 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-23 05:14 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-23 05:14 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-23 05:14 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-23 05:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-23 05:14 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-23 05:14 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-23 05:14 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-23 05:14 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-23 05:14 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-23 05:14 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 04:59 . 2009-03-06 04:59 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-06 04:59 . 2009-03-06 04:59 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-12 05:24 . 2008-08-12 05:24 76 --sha-r- c:\windows\CT4CET.bin
2008-08-12 08:04 . 2008-08-12 08:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-15 19:33 . 2009-06-02 23:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-15 19:33 . 2009-06-03 00:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-15 19:33 . 2009-06-02 23:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-15 19:33 . 2009-06-03 00:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-15 19:33 . 2009-06-02 23:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-15 19:33 . 2009-06-03 00:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-03 00:29 . 2009-06-03 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-03 00:29 . 2009-06-03 00:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-23 15:37 . 2009-06-03 00:29 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-23 15:37 . 2009-06-02 05:13 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Wed Jun 03, 2009 12:41 am

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Adithya\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]
"Google Update"="c:\users\Adithya\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-17 133104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-12 29744]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-10-23 136080]

c:\users\Adithya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-3-15 42168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-28 118784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-12 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-12 05:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{633BC856-0410-40A6-8B8F-89CA90E8BF68}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6248EB1F-228A-4012-9FD9-5BD85D4C42EB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7D63ED6-A2EF-4E91-A6B1-895B611BE718}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{4388E3D8-B31B-4705-B414-C3D6C4EF196A}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{AABDD148-F181-45CC-8BF8-BF0FD89DA7D2}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{42E39364-AE1F-4955-84D6-F7E08C730298}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{EDBD0099-1738-42D4-9F1C-BFF3049FE74E}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{6CCF200A-8BFC-4B06-AEA9-32FA4900C03B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FC0DD2C1-C18C-4365-9EF5-244E17C9456D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ACA8AC46-CEB1-4002-B1C1-C67BA5525AC6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E00B9EB0-95FB-446F-A8EC-1FE7D18306FA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{502582C8-34AC-487D-9269-C6B0888FC8A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{053CA644-6C3D-4EDD-BB3D-80C41BAE2294}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{10396C6D-3BF8-4806-B950-54AA33FF8647}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{379D51A9-AB85-42C4-9151-6D0ED042B537}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{9BF708D9-58A5-4B29-8E77-6E64F46B4AEE}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{DBAF6863-7445-4563-81EE-6C08833A3EAC}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{4FB56E08-C90B-4525-A98D-3BE7F9D6E617}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{5D644FB6-8CA4-4685-BD9F-0EE2D193AD9F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0E8B4A5F-1C96-48AC-8298-0836127C5F4F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D1536FA3-4C8E-4658-9EA7-71CD0E603C7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{98414B79-6188-4862-B9D5-3C97B4E5CD0A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{28DEEB18-2037-49F8-B9A5-BFE887D20184}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{2844ADB8-5468-4B84-9272-90165D35892D}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{3E938F46-099A-4425-9B3A-005ADC291436}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{D6A145C7-C54B-4994-AF5F-3DAD50770251}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
"{FDB5C982-F698-4A90-A1C6-498E4B20D1BF}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
"{40EC6F85-171A-4477-A39C-8AF68B82D64E}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
"{23579C18-4CF1-4E53-8CA3-1BC1D6E29BFC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DD7F94B1-FA79-4E30-9A57-D9AA156AEA19}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8DFCD319-B387-48EE-9D50-F579583586E9}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{A9A6DF81-422C-45AF-9035-75BF965D899F}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{8EC42FDB-3E00-4BA4-BD27-32F3E6013B59}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{3C83E09C-F8C6-4E8D-8E8D-F20BA211196F}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Wed Jun 03, 2009 12:41 am

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [3/25/2009 6:37 PM 130936]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [8/11/2008 7:09 PM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/23/2008 3:46 PM 121744]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/25/2009 6:36 PM 348752]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/10/2008 7:03 PM 417464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2009 7:28 PM 101936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [8/12/2008 3:05 AM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [8/12/2008 3:05 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [8/12/2008 3:05 AM 7424]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\System32\drivers\vpnva.sys [12/10/2008 6:50 PM 20152]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2332049103-1334681098-2573545635-1000.job
- c:\users\Adithya\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-17 00:53]

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-12 18:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-12 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Adithya\AppData\Roaming\Mozilla\Firefox\Profiles\lngj93ys.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Adithya\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Adithya\AppData\Roaming\Mozilla\Firefox\Profiles\lngj93ys.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-02 19:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5244)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\McAfee\VirusScan\scriptsn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\Registry Mechanic\RegMech.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\progra~1\McAfee\MSC\mcupdmgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\System32\wscript.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\progra~1\McAfee\MSC\mcupdui.exe
.
**************************************************************************
.
Completion time: 2009-06-03 19:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 00:36
ComboFix2.txt 2009-06-02 23:27

Pre-Run: 158,969,896,960 bytes free
Post-Run: 156,847,591,424 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
400 --- E O F --- 2009-05-27 22:31

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft hijack this logfile given..pls help

Post by arags on Wed Jun 03, 2009 12:42 am

Guys

My PC seems to be normal again...Cant tell you how grateful I am that you are doing this free of cost and with such promptness...thanks again!!

arags
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-06-02
OS OS : vista
Points Points : 27434
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum