spyware attack.(winbluesoft)

View previous topic View next topic Go down

spyware attack.(winbluesoft)

Post by superjumbo on 3rd June 2009, 1:11 pm

I did that hijackthis thing.And here is the results, i really need help , the winbluesoft keeps coming to my computer screen. Let me think

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:35, on 5.06.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\kristjan\Desktop\HiJack(GP)This.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {032F02E7-5716-7D60-3E88-9B6309146D54} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15175C75-F477-8EB4-3C8F-02C0FB819959} - (no file)
O2 - BHO: (no name) - {165E2A96-F6EF-8EAA-AA3B-BCF19E677FD4} - (no file)
O2 - BHO: (no name) - {1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
O2 - BHO: (no name) - {22A99D53-6CB9-33A5-DED6-D04F5F0F1AE8} - (no file)
O2 - BHO: (no name) - {2A69B4ED-A44E-115C-7B00-D6A6A2337148} - (no file)
O2 - BHO: (no name) - {2AD4D876-81B0-B087-D7C1-18BD7A709292} - (no file)
O2 - BHO: (no name) - {30B4B4C0-2D48-47C3-EB7B-42CFEDCAC207} - (no file)
O2 - BHO: (no name) - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - (no file)
O2 - BHO: (no name) - {322C1801-FA23-AB9E-7F00-648E62563F51} - (no file)
O2 - BHO: (no name) - {34008A69-BA68-8165-F6D2-77FCBCE7DCC4} - (no file)
O2 - BHO: (no name) - {3741C5ED-4EDB-B11A-EFEE-169A682E180C} - (no file)
O2 - BHO: (no name) - {4310B657-55A0-9397-B42A-4550F263DFCA} - (no file)
O2 - BHO: (no name) - {452CE4BD-6993-E987-C954-8D53652EE101} - (no file)
O2 - BHO: (no name) - {4A35DEC1-AC71-E2CC-AA75-FE86733D32EC} - (no file)
O2 - BHO: (no name) - {4D7AAE7E-60D8-7CE4-E215-285680E2A5E4} - (no file)
O2 - BHO: (no name) - {4D9FC428-C242-144C-B27B-F27F0CC116BE} - (no file)
O2 - BHO: (no name) - {5E7086B3-1C13-BC89-057F-D412593714CD} - (no file)
O2 - BHO: (no name) - {696C280D-491E-BCE6-CB54-6602CC3C3A0C} - (no file)
O2 - BHO: (no name) - {6CAEDB06-E5D2-0957-5F14-D24A99FB0FA4} - (no file)
O2 - BHO: (no name) - {6F7408EF-74FB-6985-7708-21C38BE457B2} - (no file)
O2 - BHO: (no name) - {7941CA3D-DE09-D3B7-ABB4-A41A008C96ED} - (no file)
O2 - BHO: (no name) - {8452BC65-9E1F-8A0C-B537-38BCC7650B62} - (no file)
O2 - BHO: Class - {8795DBCC-3869-2C17-CA6F-F9FF44CDA69E} - C:\WINDOWS\system32\javaqa.dll (file missing)
O2 - BHO: (no name) - {8C5AF52A-29FE-EBE7-5E7E-D3B62AE9D3CE} - (no file)
O2 - BHO: (no name) - {9618C8D5-BD90-A94C-567A-B42B32CBCDCB} - (no file)
O2 - BHO: (no name) - {9627E89A-ADC6-335C-80FB-709684853BA6} - (no file)
O2 - BHO: (no name) - {9A8B99A7-1546-27CF-9FA1-CDE07BAAF512} - (no file)
O2 - BHO: (no name) - {9B1A2625-49C3-7881-A453-1C2B2E4282F9} - (no file)
O2 - BHO: (no name) - {A3ABABDA-544D-9E70-AE96-BE2F5DCF0B5A} - (no file)
O2 - BHO: (no name) - {A6907CEB-9625-B7AC-4916-7411F6766CB8} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C649E716-3432-9ED8-A74F-7B789784477D} - (no file)
O2 - BHO: (no name) - {CFBA6A8B-141A-EFF7-2284-53A16D783BE4} - (no file)
O2 - BHO: (no name) - {D59AC151-F00C-3509-5093-1C3589B36680} - (no file)
O2 - BHO: (no name) - {EFF0DA76-9796-3B9F-3EC2-35A88D1F24F6} - (no file)
O2 - BHO: (no name) - {F4758A19-4B23-B61B-0125-C805E79FBA5A} - (no file)
O2 - BHO: (no name) - {FBA5235F-EC2A-A50C-81E0-3492DB3393E2} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
O4 - HKLM\..\Run: [ElbyCheckRegKill] "C:\Program Files\Elaborate Bytes\DVD Region

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 3rd June 2009, 1:12 pm

and here is the other half of result ! Thank you!



Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [iend32.exe] C:\WINDOWS\system32\iend32.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [msov32.exe] C:\WINDOWS\msov32.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor
O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ieby32.exe] C:\WINDOWS\ieby32.exe
O4 - HKLM\..\Run: [ieht.exe] C:\WINDOWS\system32\ieht.exe
O4 - HKLM\..\Run: [javaxu.exe] C:\WINDOWS\javaxu.exe
O4 - HKLM\..\Run: [apivr32.exe] C:\WINDOWS\apivr32.exe
O4 - HKLM\..\Run: [addnb32.exe] C:\WINDOWS\system32\addnb32.exe
O4 - HKLM\..\Run: [apieg32.exe] C:\WINDOWS\apieg32.exe
O4 - HKLM\..\Run: [sdkgc32.exe] C:\WINDOWS\system32\sdkgc32.exe
O4 - HKLM\..\Run: [mfcxx.exe] C:\WINDOWS\system32\mfcxx.exe
O4 - HKLM\..\Run: [sdkgm.exe] C:\WINDOWS\sdkgm.exe
O4 - HKLM\..\Run: [crdu32.exe] C:\WINDOWS\system32\crdu32.exe
O4 - HKLM\..\Run: [msko.exe] C:\WINDOWS\msko.exe
O4 - HKLM\..\Run: [javaxb32.exe] C:\WINDOWS\system32\javaxb32.exe
O4 - HKLM\..\Run: [winks.exe] C:\WINDOWS\winks.exe
O4 - HKLM\..\Run: [netov32.exe] C:\WINDOWS\system32\netov32.exe
O4 - HKLM\..\Run: [appqk.exe] C:\WINDOWS\system32\appqk.exe
O4 - HKLM\..\Run: [winap.exe] C:\WINDOWS\winap.exe
O4 - HKLM\..\Run: [iprc.exe] C:\WINDOWS\iprc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msqy.exe] C:\WINDOWS\msqy.exe
O4 - HKLM\..\Run: [atlmd32.exe] C:\WINDOWS\atlmd32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\7.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMrhcrwsj0ej29] C:\Program Files\rhcrwsj0ej29\rhcrwsj0ej29.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vcrt80.dll] C:\WINDOWS\system32\vcrt80.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\winupd.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.74.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Styler.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Open in new background tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?1dda4da59909449db68f0c5be659a7de
O8 - Extra context menu item: Open in new foreground tab - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?1dda4da59909449db68f0c5be659a7de
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACCAD1E5-BBE6-4A35-9800-2D295F9C3395}: NameServer = 85.255.112.186,85.255.112.124
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.186,85.255.112.124
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.186,85.255.112.124
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.186,85.255.112.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.186,85.255.112.124
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ŗÄÖ`I) - Unknown owner - C:\WINDOWS\apina32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 18244 bytes

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 3rd June 2009, 1:30 pm

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Next,

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 3rd June 2009, 3:04 pm

i dont understand this part.:S

# Click on "Save List..." (generates uninstall_list.txt)
# Click Save, copy and paste the results in your next post.

What that meands?

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 3rd June 2009, 3:07 pm

did you mean this?

Adazu Cipsi - Ego Screensaver
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator 9.0 Tryout
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe® Photoshop® Album Starter Edition 3.2
ALOT Toolbar
AntivirXP08
Ask Toolbar
ATI - Software Uninstall Utility
ATI Display Driver
Avanquest update
AVG 7.5
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ccCommon
C-Media 3D Audio
Cogniview PDF2XL Evaluation
Combat Arms EU
Corel Applications
CounterStrike 1.6 from VSI (Version 1.02)
Decal Converter
Diablo II
DigitalHQ
DivX Codec
DivX Player 2.1
DVD Region Killer
EA SPORTS online 2005
Empire Earth II
ESET Smart Security
Fraps
FunPhotor 5.0
HijackThis 2.0.2
Home Search Assistent
Hotfix for Windows XP (KB952287)
HyperCam 2
Internet Worm Protection
InterVideo WinDVD
InterVideo WinRip
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java DB 10.4.1.3
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 11
Java(TM) SE Runtime Environment 6 Update 1
KD2GE 1.0
LimeWire 4.14.12
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Macromedia Shockwave Player
MAIET entertainment - Gunz
Malwarebytes' Anti-Malware
Manhunt
Megaupload Toolbar
Micro Commandos
Microsoft .NET Framework 2.0
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSN
MSRedist
NitroFamily
NoAdware v3.0
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
OroTimesheet 5
PacCafe
Pando Media Booster
Picture Package
Pictures Slideshow Maker
Popup Blocker (Windows Live Toolbar)
PTFB Pro 3.5.0.0
QuickTime
RealPlayer
Rune Lyfe HD Client
Search Extender
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Shockwave
ShopperReports
Shopping Wizard
Smart Menus (Windows Live Toolbar)
Sony Ericsson PC Suite 3.204.00
Sony USB Driver
SoulSeek Client 156c
SPBBC
Spin and Play
Spyware Doctor 6.0
Styler
SweetIM for Messenger 2.5
SweetIM Toolbar for Internet Explorer 3.1
Symantec Script Blocking Installer
SymNet
Tabbed Browsing (Windows Live Toolbar)
The Best Movie Player 1.56
ToggleEN Toolbar
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Web Picture Creator 1.8
Video DVD Maker v3.5.0.9
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windowsi kasutajaliidese keelepakett
WinRAR archiver
Workspace Macro 4.6
Xfire (remove only)
Yahoo! Toolbar

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 3rd June 2009, 3:16 pm

Hello.
Yep, that's it.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    ALOT Toolbar
    AntivirXP08
    Ask Toolbar
    AVG 7.5
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 4.14.12
    Megaupload Toolbar Install "Alexa" spyware/trackware
    NoAdware v3.0
    ShopperReports
    Shopping Wizard

Completely Uninstall Norton software using:

Instructions

  1. Please download and save SymNRT.exe to your desktop.
  2. Close all programs and double click on the tool.
  3. Follow the on-screen instructions.
  4. Restart the computer if asked.
  5. Then delete the SymNRT.exe tool from your desktop.
  6. Open the Program Files folder on your local disk ( normally C: )
  7. Find and delete the following folders (if present):

    • Norton AntiVirus
    • Norton Internet Security
    • Norton SystemWorks
    • Norton Personal Firewall


Now, lets install a new and fresh AV.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Let me know when you've done that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 3rd June 2009, 5:32 pm

I cant uninstall these programs, coz it says "failed to uninstall : "

J2SE 10,
J2SE 6,
shopping wizard,

Deleted norton spyware and downloaded avira antivirus.
But the WinBlueSoft fake alert comes still :S

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 3rd June 2009, 5:39 pm

Hello.
Missed this.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • ESET Smart Security


I know about the annoying alerts, but don't panic, we can run more powerful tools now.
I had to have you get rid of other programs like Norton/ESET because having more than one active AV is dangerous, and will interfere with our next removal.


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Avira)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:05 am

Sorry for waiting, my network was away.But im back now.

Results : of combofix.txt are these:( VERY LONG )

ComboFix 09-06-03.04 - kristjan 06.06.2009 11:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1257.372.1033.18.511.267 [GMT 3:00]
Running from: c:\documents and settings\kristjan\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 37376 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
c:\documents and settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango
c:\documents and settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Zango\Weather.lnk
c:\documents and settings\Kristiina\Local Settings\Temporary Internet Files\search.html
c:\documents and settings\Kristiina\Local Settings\Temporary Internet Files\temp1.htm
c:\documents and settings\kristjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
c:\documents and settings\kristjan\Application Data\Zango
c:\documents and settings\kristjan\Application Data\WeatherDPA
c:\documents and settings\kristjan\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\kristjan\Favorites\Download programs.url
c:\documents and settings\kristjan\Favorites\Games.url
c:\documents and settings\kristjan\Favorites\Translator.url
c:\documents and settings\kristjan\Favorites\Videos.url
c:\documents and settings\kristjan\Start Menu\Programs\Download programs.url
c:\documents and settings\kristjan\Start Menu\Programs\Games.url
c:\documents and settings\kristjan\Start Menu\Programs\Translator.url
c:\documents and settings\kristjan\Start Menu\Programs\Videos.url
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.htmlx
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\temp.html
c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\5.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\6.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\6.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\6.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\6.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\6.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\6.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\6.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\6.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\6.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\6.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\6.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\6.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\6.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\6.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\6.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\6.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\6.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\6.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\6.bin\MWSBAR.DLL.bak
c:\program files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\6.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\6.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\6.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\7.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\a.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\Cache\0004249B
c:\program files\MyWebSearch\bar\Cache\000435A3
c:\program files\MyWebSearch\bar\Cache\000438EE.bin
c:\program files\MyWebSearch\bar\Cache\00043AA4.bin
c:\program files\MyWebSearch\bar\Cache\00043C4A.bin
c:\program files\MyWebSearch\bar\Cache\00043DE0.bin
c:\program files\MyWebSearch\bar\Cache\0004971C.bin
c:\program files\MyWebSearch\bar\Cache\000498A2.bin
c:\program files\MyWebSearch\bar\Cache\00049AA6.bin
c:\program files\MyWebSearch\bar\Cache\00511E9A.bin
c:\program files\MyWebSearch\bar\Cache\0051266A.bin
c:\program files\MyWebSearch\bar\Cache\00512800.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\prevcfg.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\rhcrwsj0ej29

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:06 am

part 2

c:\program files\RichVideoCodec
c:\program files\zango
c:\program files\zango\bin\10.3.74.0\arrow.ico
c:\program files\zango\bin\10.3.74.0\copyright.txt
c:\program files\zango\bin\10.3.74.0\firefox\extensions\chrome.manifest
c:\program files\zango\bin\10.3.74.0\firefox\extensions\components\npclntax.xpt
c:\program files\zango\bin\10.3.74.0\firefox\extensions\install.rdf
c:\program files\zango\bin\10.3.74.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
c:\program files\zango\bin\10.3.74.0\link.ico
c:\program files\zango\bin\10.3.74.0\ZangoSADF.exe
c:\program files\zango\bin\10.3.74.0\Weather.exe
c:\windows\10300zp5299.bin
c:\windows\1042tz9ef29905.ocx
c:\windows\109faddwar92151z.cpl
c:\windows\10c9threa5z621.cpl
c:\windows\11117v5ruz2d9.exe
c:\windows\11894vi5us3dz.ocx
c:\windows\1194addwzr51259.exe
c:\windows\1196not-9zvirus15a.bin
c:\windows\11d3baczdoor92195.ocx
c:\windows\12331hac5tzo95bf.cpl
c:\windows\12489z5y22f.bin
c:\windows\12885sp9mboz362.cpl
c:\windows\13924not-z-viru5105.bin
c:\windows\14113not-azv5ru9353.bin
c:\windows\14358hacktzol9b7.cpl
c:\windows\14795zp975c.ocx
c:\windows\154929rzj36f5.ocx
c:\windows\15499hacztool1a9.bin
c:\windows\1550zspambot197.dll
c:\windows\1556vir2952z.exe
c:\windows\15629zck5ool67d.exe
c:\windows\157ezt9al3009.ocx
c:\windows\15825ownload9r3z85.dll
c:\windows\15905w9rz4fc.ocx
c:\windows\15950spa9boz51f.cpl
c:\windows\159909pz50e.bin
c:\windows\15994spa9bot4ez.dll
c:\windows\15z36worm3895.bin
c:\windows\15z589ot-a5virus68.ocx
c:\windows\169479i5usz2e.cpl
c:\windows\16953sp96z.ocx
c:\windows\169wo5z7f2.cpl
c:\windows\16bczt9al21755.bin
c:\windows\17979viru5z3b.exe
c:\windows\18321zr5j19f.bin
c:\windows\18483ha5ktool5bz9.cpl
c:\windows\19009vizus6525.dll
c:\windows\19375spz247.dll
c:\windows\19455troz213.ocx
c:\windows\19589hz9ktool28a.ocx
c:\windows\196zsteal26959.exe
c:\windows\1975zwor9259.exe
c:\windows\198049pamzot65c.ocx
c:\windows\1986759rus3zb.dll
c:\windows\19953virus3fcz.bin
c:\windows\19957not-a-vzrus147.cpl
c:\windows\19986wormz55.cpl
c:\windows\19aav5r1383z.cpl
c:\windows\19dc5dd9are149z.cpl
c:\windows\1a55t9rzat22426.ocx
c:\windows\1a9asteal589z.ocx
c:\windows\1b125ackdoo9273z.bin
c:\windows\1c59ztea5544.cpl
c:\windows\1c8ead5waze2779.dll
c:\windows\1e19ba5kdozr338.cpl
c:\windows\1ez9spywa5e9161.dll
c:\windows\1f14spa5sez92.exe
c:\windows\1f495pyware3z7.dll
c:\windows\1f9bs5ealz25.bin
c:\windows\1z092spambot75c.cpl
c:\windows\1z3add5are1791.bin
c:\windows\1z503spambot489.exe
c:\windows\1z54no9-a-virus120.dll
c:\windows\1z849hreat3655.bin
c:\windows\20329not-a-v5rus939z.bin
c:\windows\20398sp976z5.cpl
c:\windows\2055spambotz39.dll
c:\windows\20595v9rzs99.exe
c:\windows\2119hackto9l6z5.exe
c:\windows\21526viruz98d.cpl
c:\windows\21990t5oz41b.ocx
c:\windows\22075v5rzs7739.cpl
c:\windows\22459worm5z9.ocx
c:\windows\22784spamb9z7b5.ocx
c:\windows\2283zsp571a9.exe
c:\windows\22azspyw9re235.cpl
c:\windows\2315s9zmbot754.dll
c:\windows\23431hz9ktool5ab.cpl
c:\windows\2395h9ckzool97.dll
c:\windows\23z24spambot659.exe
c:\windows\24133trojz95.ocx
c:\windows\24214hacktoz9785.ocx
c:\windows\24795s9amzo58e.bin
c:\windows\24803sp9mb5t4ez.cpl
c:\windows\2481thz95t9959.cpl
c:\windows\24z16s5y798.dll
c:\windows\2525zspam9ot6f3.ocx
c:\windows\255f9pz5se974.ocx
c:\windows\256849izus729.cpl
c:\windows\256z59acktool522.dll
c:\windows\2573vzr2539.dll
c:\windows\2584down5oadez2696.exe
c:\windows\2592zspamb9t358.bin
c:\windows\2593zspy255.bin
c:\windows\2595v9r5s15z.exe
c:\windows\2598zv5rus3c7.dll
c:\windows\25993zroj60f.exe
c:\windows\25f2spars91z34.cpl
c:\windows\26090szambot25d9.dll
c:\windows\26819w5rm1z.exe
c:\windows\27157zpam9o542.ocx
c:\windows\27220n9t-a5virusz54.ocx
c:\windows\274eb5c9dooz459.cpl
c:\windows\2776szea92526.ocx
c:\windows\27775vizus9e3.bin
c:\windows\27974spzm9o5208.exe
c:\windows\2808z5yware32469.ocx
c:\windows\28180zpambot5aa9.dll
c:\windows\28791hzcktool555.dll
c:\windows\2889zs9y32d5.exe
c:\windows\28b5addware19z39.exe
c:\windows\28z15teal9473.ocx
c:\windows\29096spamb5t32z.dll
c:\windows\290athreaz2115.bin
c:\windows\2922not-a-virus1zf5.dll
c:\windows\2937s5eal14z.bin
c:\windows\29519virzs957.bin
c:\windows\29645troj55z.exe
c:\windows\297z1hacktoo5dd.exe
c:\windows\29909hacktozl51.dll
c:\windows\29f45teal558z.dll
c:\windows\29z4s9eal5782.ocx
c:\windows\2a2zste9l2571.cpl
c:\windows\2ae2bazkdo5r594.dll
c:\windows\2bf5steaz559.cpl
c:\windows\2z25threat90017.bin
c:\windows\2z34t9oj9c5.exe
c:\windows\2z7baddwa5e10019.dll
c:\windows\2z99wo5977d.ocx
c:\windows\2z9steal29605.ocx
c:\windows\30240tzoj954.bin
c:\windows\30729not-59virus2dz.dll
c:\windows\310czo9nloader595.bin
c:\windows\311downl95dez677.ocx
c:\windows\31624hack5ool799z.exe
c:\windows\31aethzeat9857.exe
c:\windows\31bzthreat96795.dll
c:\windows\32011sza59ot719.cpl
c:\windows\32044z5y22a9.bin
c:\windows\32ezback9oor8195.ocx
c:\windows\3519spyz95.bin
c:\windows\3525zhre9t23621.ocx
c:\windows\35379spam9ot79z.exe
c:\windows\353cv9rz365.cpl
c:\windows\3549spy7z65.bin
c:\windows\3551hackzo9l1eb.ocx
c:\windows\3595thr5at1025z.ocx
c:\windows\35zathief25109.bin
c:\windows\35zvir9s6ae5.cpl
c:\windows\37b1thr95tz0642.bin
c:\windows\37bzs95rse2802.cpl
c:\windows\3823down9oade52z89.exe
c:\windows\39055roj5z79.ocx
c:\windows\3929zspambot27b5.ocx
c:\windows\39339pars5202z.ocx
c:\windows\3942vi9z520.bin
c:\windows\39829ddware175z.exe
c:\windows\39a5sp9rsz261.exe
c:\windows\39abtzrea513950.bin
c:\windows\39d3addw59e73z.dll
c:\windows\3a95ad9ware73z.cpl
c:\windows\3ab7downl9ader98z5.ocx
c:\windows\3c24v5r9056z.dll
c:\windows\3c3bback5oor9177z.bin
c:\windows\3c9bazk5oor1690.exe
c:\windows\3df5spa9se1685z.dll
c:\windows\3fb9threz510754.cpl
c:\windows\3z1ddownloade95261.cpl
c:\windows\3z759vi5us93f.dll
c:\windows\3zv5r9525.ocx
c:\windows\4013thrz5919681.cpl
c:\windows\4094virus7z5.ocx
c:\windows\40f6s9zware556.dll
c:\windows\4160spamzo94ba5.cpl
c:\windows\4173th59atz2902.cpl
c:\windows\4214hzc95ool1a1.dll
c:\windows\431at5reat9130z.exe
c:\windows\4394spywa5ez049.cpl
c:\windows\442athrza913505.cpl
c:\windows\44d0dozn95ader727.cpl
c:\windows\454abazkdoor9530.exe
c:\windows\457z9py5are85.exe
c:\windows\45f9parse79z.exe
c:\windows\4756threatz97015.ocx
c:\windows\4796not9a-zi5us1c1.ocx
c:\windows\48c8t95ef1z41.dll
c:\windows\48e2z9y5are2234.bin
c:\windows\4915threat249z.ocx
c:\windows\4957bazkdoor588.ocx
c:\windows\495caddware224z.dll
c:\windows\49f5downloa59z2482.bin
c:\windows\4a30st5az9670.bin
c:\windows\4b3zv5r599.bin
c:\windows\4b9zste5l654.ocx
c:\windows\4c95baczdoor9289.ocx
c:\windows\4db4do5nlo9der3066z.ocx
c:\windows\4e135tea91z94.dll
c:\windows\4e90stzal1959.ocx
c:\windows\4f509pywzre2795.bin
c:\windows\4f91st5al29z6.bin
c:\windows\4z195orm2fc.bin
c:\windows\4zb5backdoor69.exe
c:\windows\5036zspy4a9.cpl
c:\windows\5097tz9j4d5.ocx
c:\windows\50e89iz2202.cpl
c:\windows\5121s5a9sz2042.cpl
c:\windows\51zsparse2799.exe
c:\windows\525edownloa9er1502z.exe
c:\windows\528zth9ea516143.cpl
c:\windows\5315dzwnloader4419.ocx

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:06 am

part 3

c:\windows\53fathie963z.cpl
c:\windows\54072hacztool179.cpl
c:\windows\5429spzrse5472.ocx
c:\windows\54579spy5z19.dll
c:\windows\54eczte5l695.cpl
c:\windows\552espazs92289.bin
c:\windows\5549downlo9der55z4.cpl
c:\windows\5597do5nloadzr1487.bin
c:\windows\5599szy199.cpl
c:\windows\55zc9pyware584.exe
c:\windows\55znot-a-vi9us1d4.exe
c:\windows\56165worm9dz.bin
c:\windows\5643zpa9bot447.dll
c:\windows\575ezpyw5re14779.dll
c:\windows\576av5z2495.ocx
c:\windows\5779spyz58.ocx
c:\windows\5798zir4475.exe
c:\windows\57b4s9arse9z6.ocx
c:\windows\5800sp9zse94.bin
c:\windows\584z79irus5a8.dll
c:\windows\5851stzal3924.exe
c:\windows\58739dzware2905.exe
c:\windows\58943troj52z.cpl
c:\windows\58bza9dware929.bin
c:\windows\5915zpy550.cpl
c:\windows\5929vir6z9.exe
c:\windows\592bac9dzor504.dll
c:\windows\5937z9yware992.ocx
c:\windows\5942zpy5b0.cpl
c:\windows\594btzreat29640.dll
c:\windows\5960vi55z9.cpl
c:\windows\5975spzrse1950.dll
c:\windows\599thzef256.cpl
c:\windows\59z5down9oa5er685.ocx
c:\windows\5b19thiefz619.ocx
c:\windows\5c9zvir513.ocx
c:\windows\5d6ezpyware295.bin
c:\windows\5d6zdown9oader2157.dll
c:\windows\5df5zpywar95885.cpl
c:\windows\5e809pzrse2056.dll
c:\windows\5fa359yware1599z.cpl
c:\windows\5z20backdo9r2900.dll
c:\windows\5z3ast9al2366.dll
c:\windows\5z44spyware14939.cpl
c:\windows\5z72spyware19379.ocx
c:\windows\60c5z9ef232.ocx
c:\windows\6152t9reatz4445.cpl
c:\windows\6171dow5lzader29149.ocx
c:\windows\62c9spy9are2572z.cpl
c:\windows\6387stea5z149.dll
c:\windows\66z19ir5715.cpl
c:\windows\6791t5rzat12908.cpl
c:\windows\67f9backdozr558.bin
c:\windows\6910spambotz4f5.dll
c:\windows\6925wor95az.exe
c:\windows\6966backdoo5z28.ocx
c:\windows\6993addwar51516z.bin
c:\windows\6994spzrse3151.ocx
c:\windows\6ac5vir82z9.cpl
c:\windows\6c24downlo9der2z185.dll
c:\windows\6d49backdo952813z.exe
c:\windows\6d7zsp9rse13735.ocx
c:\windows\6dczt5re9t11668.exe
c:\windows\6ed5st9zl679.ocx
c:\windows\6f3d5hrea94005z.bin
c:\windows\6f7fzh5e92116.cpl
c:\windows\6ff05ackd9zr2068.cpl
c:\windows\6z9a5parse1210.exe
c:\windows\7260add95rz1606.exe
c:\windows\72zfste9l528.cpl
c:\windows\754abazkdoor2195.ocx
c:\windows\75z9vir2241.cpl
c:\windows\76459p5rsz1190.cpl
c:\windows\7685s95rse1335z.ocx
c:\windows\7796s5yware252z.dll
c:\windows\77fcaddwaze2590.bin
c:\windows\789dspar5e935z.cpl
c:\windows\78bbdo5n9oadzr1222.exe
c:\windows\78e8ad9wz5e2458.ocx
c:\windows\791zspyware1615.ocx
c:\windows\795spywaz51823.exe
c:\windows\79z3t5reat16339.ocx
c:\windows\7a09vzr5797.exe
c:\windows\7bd3viz19925.cpl
c:\windows\7d65stealz198.exe
c:\windows\7z155hreat22199.dll
c:\windows\7z869o5-a-virus720.ocx
c:\windows\8205vzru915e.dll
c:\windows\89bspar5z2277.ocx
c:\windows\89dba5kdozr2995.exe
c:\windows\89z7h5cktool5ff.bin
c:\windows\8c65pyware27z19.ocx
c:\windows\906edownloazer5812.exe
c:\windows\909595zrusae.ocx
c:\windows\90z54t5oj557.dll
c:\windows\91141trzj6e95.ocx
c:\windows\91495py23z.exe
c:\windows\9149wzrm625.exe
c:\windows\91651hackzool61c.dll
c:\windows\9200add5are3z25.dll
c:\windows\92199s5yc5z.cpl
c:\windows\92558spy6za.bin
c:\windows\9268st5al96z.ocx
c:\windows\9310stzal26405.exe
c:\windows\93182zorm52f.bin
c:\windows\9410tz5ef996.cpl
c:\windows\942065pydz.bin
c:\windows\943zsteal8575.bin
c:\windows\94451trzj550.cpl
c:\windows\95d4thief65z.ocx
c:\windows\96f5sparse241z.dll
c:\windows\97205ownloader1z12.exe
c:\windows\992275ormz9.ocx
c:\windows\9979zot-a5virus129.ocx
c:\windows\99dzaddware5420.exe
c:\windows\9c2esteal530z.dll
c:\windows\9d45tzief1268.ocx
c:\windows\9z15bac5door1188.exe
c:\windows\9z34not-a9virus3d65.bin
c:\windows\9z35backdoor1589.exe
c:\windows\9z801viru55be.cpl
c:\windows\9zbds5yware949.cpl
c:\windows\a9dbzckd9or1658.exe
c:\windows\adbackdoz917275.ocx
c:\windows\bdazq.dat
c:\windows\btrfh.dat
c:\windows\d159tz5l710.bin
c:\windows\daethreat3z359.dll
c:\windows\dcjjy.dat
c:\windows\dzdaddwa9e26105.bin
c:\windows\ffcmz.dat
c:\windows\gddew.dat
c:\windows\hbxkj.dat
c:\windows\juncg.dat
c:\windows\mfqsq.dat
c:\windows\ofwke.dat
c:\windows\rpvbi.dat
c:\windows\system32\102es95al2z75.ocx
c:\windows\system32\10ab95kdozr492.bin
c:\windows\system32\10dfs5yw9re13z0.dll
c:\windows\system32\110095acztool256.bin
c:\windows\system32\1153z9pambot44.exe
c:\windows\system32\1154not-z-9irus17.ocx
c:\windows\system32\11705worm1cz9.exe
c:\windows\system32\11995z5rm4af.ocx
c:\windows\system32\11z97virus505.dll
c:\windows\system32\12098vi5z9693.cpl
c:\windows\system32\125fspa5sez925.cpl
c:\windows\system32\1263ha9ktoz5239.ocx
c:\windows\system32\12793hacktoz5215.dll
c:\windows\system32\13180sp5z59.cpl
c:\windows\system32\134339zrm530.bin
c:\windows\system32\13535not-a-vizu955.dll
c:\windows\system32\1374zhief3953.cpl
c:\windows\system32\13z04tr5j599.dll
c:\windows\system32\14080not-a5virzs2d09.exe
c:\windows\system32\1427zspambo56579.ocx
c:\windows\system32\1429spywa95z94.cpl
c:\windows\system32\1465znot-5-virus7a9.dll
c:\windows\system32\14850vizus3a19.cpl
c:\windows\system32\14z88sp9mbot7e5.bin
c:\windows\system32\15046h9cktool28z.bin
c:\windows\system32\1589threaz1589.dll
c:\windows\system32\15992spambot758z.dll
c:\windows\system32\159a9te5lz49.ocx
c:\windows\system32\15z07spy3c9.dll
c:\windows\system32\1635zac95oor1855.bin
c:\windows\system32\165539ozm13c.ocx
c:\windows\system32\16590szy353.ocx
c:\windows\system32\16596woz97b5.exe
c:\windows\system32\16728not-a5v9zus272.dll
c:\windows\system32\172435roj59z.bin
c:\windows\system32\17550troj79z.exe
c:\windows\system32\175z3spambot75e9.dll
c:\windows\system32\17z0t9oj3175.bin
c:\windows\system32\17z49worm5e9.exe
c:\windows\system32\1843zspa9bot95.dll
c:\windows\system32\18486spambotz95.ocx
c:\windows\system32\18877notza-virus29f5.bin
c:\windows\system32\1895downzoader1595.exe
c:\windows\system32\18991s5z360.exe
c:\windows\system32\19075vir5s5z9.dll
c:\windows\system32\19176not-a-5irusz97.exe
c:\windows\system32\19356not-a-virus7zd9.ocx
c:\windows\system32\19512vizu942f5.exe
c:\windows\system32\1957395rus708z.exe
c:\windows\system32\19972zpamb9t55f.cpl
c:\windows\system32\199z59o5mcc.ocx
c:\windows\system32\199zot-a5virus19a.cpl
c:\windows\system32\19b5steaz11129.bin
c:\windows\system32\19d5addwarz3109.cpl
c:\windows\system32\1b1zt9reat2594.cpl
c:\windows\system32\1b59th9ez511691.bin
c:\windows\system32\1ce3sp9rsz1057.bin
c:\windows\system32\1dz9steal2956.dll
c:\windows\system32\1e599ddwaze66.exe
c:\windows\system32\1z920tr5j7b2.cpl
c:\windows\system32\1zd9addware5345.bin
c:\windows\system32\203z4hack9ool95.dll
c:\windows\system32\204z5ha59tool56d.bin
c:\windows\system32\20625zroj329.exe
c:\windows\system32\208z9not-a-vi5us791.bin
c:\windows\system32\2123z5irus2309.ocx
c:\windows\system32\2135s5azbot19c.cpl
c:\windows\system32\2139ziru5725.ocx
c:\windows\system32\2140sz519c9.cpl
c:\windows\system32\21693z5cktool246.cpl
c:\windows\system32\2195zhacktool6e7.cpl
c:\windows\system32\22417not-a-virusz59.exe
c:\windows\system32\2250steaz9309.ocx
c:\windows\system32\2254threzt192255.exe
c:\windows\system32\2259vir5s9f1z.ocx
c:\windows\system32\22604not-a9vir5sz53.cpl
c:\windows\system32\2270hackt5o992z.bin
c:\windows\system32\22755nz9-a-virus4e8.bin
c:\windows\system32\22789wo5m1zf9.dll
c:\windows\system32\23058spy95cz.ocx
c:\windows\system32\23358spy97z.ocx
c:\windows\system32\2357stez5599.ocx
c:\windows\system32\23642nzt9a-virus5b.exe
c:\windows\system32\2397ste5l2z52.ocx
c:\windows\system32\24234szamb59787.ocx
c:\windows\system32\242zhackto9l5f7.bin
c:\windows\system32\24975not-a-viruz2d.ocx
c:\windows\system32\2508addwa9e10z8.exe
c:\windows\system32\25599troj4aez.ocx
c:\windows\system32\25999troj3z3.ocx
c:\windows\system32\25z05spy984.exe
c:\windows\system32\25z3dow9loader462.exe
c:\windows\system32\26200spamb9tz54.ocx
c:\windows\system32\26553wo9m5z4.bin
c:\windows\system32\267z2w9r576f.dll
c:\windows\system32\26c5threaz18989.dll
c:\windows\system32\26ceszarse53089.dll
c:\windows\system32\26z59pambot5e8.dll
c:\windows\system32\2706wo9z54f.exe
c:\windows\system32\27561z9cktooldf.exe
c:\windows\system32\2759wo9m32z.dll
c:\windows\system32\27ccb5ckdo9z2557.ocx
c:\windows\system32\28095not-azvirus5f5.cpl
c:\windows\system32\2857worm5z9.bin
c:\windows\system32\28957tzoja95.cpl
c:\windows\system32\29158s5z9ca.dll
c:\windows\system32\29187not-a9v5ruz436.ocx
c:\windows\system32\292z5hacktoo9378.bin
c:\windows\system32\29439vzrus953.ocx
c:\windows\system32\29509zrojd8.exe
c:\windows\system32\29519spyz5.ocx
c:\windows\system32\29545zpy65b.dll
c:\windows\system32\29659spambot1fz.exe
c:\windows\system32\29a1spywzre1563.cpl
c:\windows\system32\29ffaddw5rez959.cpl
c:\windows\system32\2c5a5ac9dzor2708.bin
c:\windows\system32\2d3espa9se585z.exe
c:\windows\system32\2z109no5-a-virus74d.cpl
c:\windows\system32\2z344s5a9bot18a.ocx
c:\windows\system32\2z423worm395.exe
c:\windows\system32\2zc4ba59door2122.bin
c:\windows\system32\2zd4thie5956.dll
c:\windows\system32\30355hzc9to5l60a.cpl
c:\windows\system32\3058t9iz5731.ocx
c:\windows\system32\3079ha5ktoolz88.cpl
c:\windows\system32\3098zorm59b.bin
c:\windows\system32\3159not-a-9zr5s1ae.cpl
c:\windows\system32\31e8t5ief5z9.exe
c:\windows\system32\32546troj95fz.exe
c:\windows\system32\32563spz7499.cpl
c:\windows\system32\33725h9ez2097.bin
c:\windows\system32\33f6spyzare5239.ocx
c:\windows\system32\345at9zeat4762.dll
c:\windows\system32\3486sp9warz2854.exe
c:\windows\system32\349dthrzat50192.dll
c:\windows\system32\3505thze5t98299.ocx
c:\windows\system32\3507t9iefz763.bin
c:\windows\system32\353hacktz5l1cd9.bin
c:\windows\system32\35630w9rm6z5.cpl
c:\windows\system32\357z59roj120.dll
c:\windows\system32\35cfste9l699z.dll
c:\windows\system32\35e8baz5door6789.bin
c:\windows\system32\35z6t9reat31661.exe
c:\windows\system32\3758virusz95.bin
c:\windows\system32\37z4steal559.cpl
c:\windows\system32\39b5sparze509.cpl
c:\windows\system32\39dbackdzor2695.dll
c:\windows\system32\39fzdow5loader493.exe
c:\windows\system32\39zbspywa9e1569.cpl
c:\windows\system32\3a25zpywa9e85.exe
c:\windows\system32\3a66steal962z5.dll
c:\windows\system32\3e7zspars597.cpl
c:\windows\system32\3z90n9t5a-virus302.exe
c:\windows\system32\3z9595orm89.ocx
c:\windows\system32\417bs9ezl1315.dll
c:\windows\system32\41z9spywa5e2721.exe
c:\windows\system32\4254not-a-virus9z5.ocx
c:\windows\system32\44119zambo51f0.ocx
c:\windows\system32\4495acktoolzae.ocx
c:\windows\system32\4527th9ef2z37.bin
c:\windows\system32\45bezhi9f1071.ocx
c:\windows\system32\45f49parse49z.exe
c:\windows\system32\46z9v5rus1d2.dll
c:\windows\system32\4707stza95143.bin
c:\windows\system32\473avi95825z.ocx
c:\windows\system32\47z5virus49b.exe
c:\windows\system32\486995reat7z86.exe
c:\windows\system32\4875spz9s51006.exe
c:\windows\system32\493bazdware24535.bin
c:\windows\system32\4997zpars5320.cpl
c:\windows\system32\49c2thzeat6755.dll
c:\windows\system32\4a56azdw5re698.cpl
c:\windows\system32\4b96t5ief234z.exe
c:\windows\system32\4c19tz5eat5850.exe
c:\windows\system32\4czstea95529.cpl
c:\windows\system32\4db0z9ckd5or2615.exe
c:\windows\system32\4z28stea51947.ocx
c:\windows\system32\4z79vir2569.exe
c:\windows\system32\4zd9vir2599.bin
c:\windows\system32\5013t9oj3ze.cpl
c:\windows\system32\509fd5wnloader2z64.exe
c:\windows\system32\50a69iz953.exe
c:\windows\system32\50f5stea5z969.ocx
c:\windows\system32\513b9hreat1539z.ocx
c:\windows\system32\513steal39z8.cpl

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:06 am

c:\windows\system32\5192sz5139.ocx
c:\windows\system32\51979spy51z.bin
c:\windows\system32\519z6worm550.cpl
c:\windows\system32\52043hacktool696z.ocx
c:\windows\system32\52319notza-virus491.exe
c:\windows\system32\5246backdoor54z9.bin
c:\windows\system32\5270worm6z9.bin
c:\windows\system32\5284troz93e.ocx
c:\windows\system32\53959virzs95a.dll
c:\windows\system32\53d3zte9l3160.dll
c:\windows\system32\53z199roj27.ocx
c:\windows\system32\5429trzj589.bin
c:\windows\system32\54459dzware470.bin
c:\windows\system32\546s9ezl699.dll
c:\windows\system32\5478szy7ca9.exe
c:\windows\system32\54e6thzeat4594.bin
c:\windows\system32\55081zroj497.dll
c:\windows\system32\5550z59ktool2d5.cpl
c:\windows\system32\55700spz2139.dll
c:\windows\system32\559779pz289.cpl
c:\windows\system32\5597zi52263.ocx
c:\windows\system32\55c6vz529069.ocx
c:\windows\system32\566e95dzare1006.cpl
c:\windows\system32\56d9ir274z.dll
c:\windows\system32\5705zownl5ader90.ocx
c:\windows\system32\570vi9zs22f.exe
c:\windows\system32\5718tz9e54.cpl
c:\windows\system32\58425spz349.dll
c:\windows\system32\5844virus4z99.cpl
c:\windows\system32\5899addware5270z.ocx
c:\windows\system32\5919nzt-9-v5rus64a.exe
c:\windows\system32\5949spywzre1928.bin
c:\windows\system32\595fthizf764.exe
c:\windows\system32\595zsparse1239.dll
c:\windows\system32\59795spy647z.cpl
c:\windows\system32\599z7not-a-vi9us51e.ocx
c:\windows\system32\599z95oj22f.bin
c:\windows\system32\59ddoznloader1114.bin
c:\windows\system32\59wor95dz.exe
c:\windows\system32\5a83threa9z9012.bin
c:\windows\system32\5acbthrezt949.cpl
c:\windows\system32\5acf5hreaz29693.ocx
c:\windows\system32\5bd3downlzade93184.dll
c:\windows\system32\5bf0spzrse1930.exe
c:\windows\system32\5bfzv5r9130.ocx
c:\windows\system32\5bz1st9al2545.bin
c:\windows\system32\5c36spar5e9z0.exe
c:\windows\system32\5c9espyzare209.cpl
c:\windows\system32\5ezfth5e9107.bin
c:\windows\system32\5f6ab5ckdzor994.ocx
c:\windows\system32\5f97szeal1936.exe
c:\windows\system32\5fzbspars51799.bin
c:\windows\system32\5z262wor94cf.cpl
c:\windows\system32\5z2e5ir1963.exe
c:\windows\system32\5ze8d9wnlo5der3179.exe
c:\windows\system32\60365tzal2893.cpl
c:\windows\system32\6037bac9zoo51577.ocx
c:\windows\system32\6049downlzader2052.bin
c:\windows\system32\609bdownloa5er11z1.exe
c:\windows\system32\60b4thz5at25698.cpl
c:\windows\system32\6159thizf9089.ocx
c:\windows\system32\62515par9ez41.dll
c:\windows\system32\62a9thi9f175z.ocx
c:\windows\system32\62b5sp5war9z403.dll
c:\windows\system32\6301zddware5598.dll
c:\windows\system32\639zh5cktoo91fc.dll
c:\windows\system32\63czth59f2005.bin
c:\windows\system32\645viru5z559.cpl
c:\windows\system32\64d9ad5ware2502z.dll
c:\windows\system32\65199parz52423.ocx
c:\windows\system32\65569zyware3190.dll
c:\windows\system32\65c9zteal2697.exe
c:\windows\system32\6669doznloader5819.ocx
c:\windows\system32\6705trzj749.cpl
c:\windows\system32\6909downloader2z54.cpl
c:\windows\system32\691ddownloader5294z.cpl
c:\windows\system32\6954sparse2951z.dll
c:\windows\system32\6959sparsz688.dll
c:\windows\system32\699dthie52565z.dll
c:\windows\system32\69e0spzrse27345.ocx
c:\windows\system32\6bdoz59oader14.ocx
c:\windows\system32\6c92down5oader3086z.exe
c:\windows\system32\6d09spz5se2307.dll
c:\windows\system32\6d59stezl22945.dll
c:\windows\system32\6da5zddw95e2636.cpl
c:\windows\system32\6db5dzwnloa9er1034.bin
c:\windows\system32\6dzdthi5f3954.bin
c:\windows\system32\6e25sparze9665.dll
c:\windows\system32\6e75z9ief1959.ocx
c:\windows\system32\6ec7spyw9re35z8.bin
c:\windows\system32\6zf9th5e91220.exe
c:\windows\system32\70765pyware39z.ocx
c:\windows\system32\7192spamzot58b.cpl
c:\windows\system32\71z7threat528859.dll
c:\windows\system32\7262t9rz5t26922.ocx
c:\windows\system32\7354sp5rsz1769.ocx
c:\windows\system32\736z5orm493.exe
c:\windows\system32\73d79d5warez842.exe
c:\windows\system32\7495szeal2681.ocx
c:\windows\system32\7505sp9ware54z.dll
c:\windows\system32\7596downloader50z.dll
c:\windows\system32\75d3th9eat32536z.cpl
c:\windows\system32\75eath5ezt98192.dll
c:\windows\system32\76z5downlo9der830.exe
c:\windows\system32\7856addware9z8.bin
c:\windows\system32\7947hacktozl4b35.dll
c:\windows\system32\795bvi91z78.dll
c:\windows\system32\7985zot-a-viru923d.dll
c:\windows\system32\7a51ba5zdoor978.ocx
c:\windows\system32\7c5zthief26079.cpl
c:\windows\system32\7c65tz5ef9521.exe
c:\windows\system32\7d35hzef196.ocx
c:\windows\system32\7f5bsp59are2z91.exe
c:\windows\system32\7z07sparse15859.dll
c:\windows\system32\7z155i9us69e.cpl
c:\windows\system32\7z5do9n5oader784.exe
c:\windows\system32\7z93hac5tool589.exe
c:\windows\system32\86695roz7ad.exe
c:\windows\system32\8779zr5j247.ocx
c:\windows\system32\9057zpam5ot9b5.dll
c:\windows\system32\91985virus5z5.exe
c:\windows\system32\9198tzoj35a.cpl
c:\windows\system32\922z3worm715.exe
c:\windows\system32\922zv5r9s296.exe
c:\windows\system32\928z95orm27.ocx
c:\windows\system32\9355vzr1328.ocx
c:\windows\system32\93577spy2za.bin
c:\windows\system32\9503h9cz5ool4ec.dll
c:\windows\system32\9508zd5ware2801.bin
c:\windows\system32\952zspywar53.cpl
c:\windows\system32\95408spambot28z.cpl
c:\windows\system32\9595szy529.exe
c:\windows\system32\959backdozr2872.cpl
c:\windows\system32\95bethreat56z28.ocx
c:\windows\system32\95z0vir95217.cpl
c:\windows\system32\96150zo5m648.cpl
c:\windows\system32\96410spamb5tz5e.bin
c:\windows\system32\975azir2259.cpl
c:\windows\system32\975fbackdoor1010z.exe
c:\windows\system32\97z05virus742.bin
c:\windows\system32\97thizf5695.bin
c:\windows\system32\98454not-a-zirus655.bin
c:\windows\system32\98553spy59z.cpl
c:\windows\system32\995759rm357z.bin
c:\windows\system32\995thzef1446.ocx
c:\windows\system32\99759worm6b6z.cpl
c:\windows\system32\9b45sparsz1858.bin
c:\windows\system32\9c04v5r228z.ocx
c:\windows\system32\9d0espar5e3z68.bin
c:\windows\system32\9d4zthrea520037.exe
c:\windows\system32\9f35threa54z21.exe
c:\windows\system32\9z36t9oj1925.dll
c:\windows\system32\9z4stea52364.bin
c:\windows\system32\adddz.dll
c:\windows\system32\addfb.dll
c:\windows\system32\addhc.dll
c:\windows\system32\addhr.dll
c:\windows\system32\addic32.dll
c:\windows\system32\addlj32.dll
c:\windows\system32\addmk.dll
c:\windows\system32\addnk32.dll
c:\windows\system32\addnl.dll
c:\windows\system32\addod.dll
c:\windows\system32\addqv.dll
c:\windows\system32\addrs32.dll
c:\windows\system32\addsb32.dll
c:\windows\system32\addsc32.dll
c:\windows\system32\addtp.dll
c:\windows\system32\addyq.dll
c:\windows\system32\apiab32.dll
c:\windows\system32\apiap32.dll
c:\windows\system32\apici32.dll
c:\windows\system32\apidw32.dll
c:\windows\system32\apiem.dll
c:\windows\system32\apihz32.dll
c:\windows\system32\apiib.dll
c:\windows\system32\apiil32.dll
c:\windows\system32\apiip.dll
c:\windows\system32\apijl32.dll
c:\windows\system32\apijw32.dll
c:\windows\system32\apikk.dll
c:\windows\system32\apilb32.dll
c:\windows\system32\apinx32.dll
c:\windows\system32\apiph.dll
c:\windows\system32\apiqa32.dll
c:\windows\system32\apira.dll
c:\windows\system32\apiss.dll
c:\windows\system32\apize.dll
c:\windows\system32\apizu32.dll
c:\windows\system32\apite.dll
c:\windows\system32\apits32.dll
c:\windows\system32\apiup32.dll
c:\windows\system32\apiwb.dll
c:\windows\system32\apiwk.dll
c:\windows\system32\apivo.dll
c:\windows\system32\apiya.dll
c:\windows\system32\appdv32.dll
c:\windows\system32\applq.dll
c:\windows\system32\appmo32.dll
c:\windows\system32\appnz32.dll
c:\windows\system32\appop.dll
c:\windows\system32\appoy32.dll
c:\windows\system32\apprz.dll
c:\windows\system32\appss.dll
c:\windows\system32\appzk32.dll
c:\windows\system32\appzv.dll
c:\windows\system32\appxm.dll
c:\windows\system32\appxs32.dll
c:\windows\system32\appyq.dll
c:\windows\system32\atlay.dll
c:\windows\system32\atlcp32.dll
c:\windows\system32\atlep.dll
c:\windows\system32\atlfu32.dll
c:\windows\system32\atlgf32.dll
c:\windows\system32\atlgh.dll
c:\windows\system32\atljg32.dll
c:\windows\system32\atlkf32.dll
c:\windows\system32\atlla.dll
c:\windows\system32\atlmg.dll
c:\windows\system32\atlnz32.dll
c:\windows\system32\atlsq32.dll
c:\windows\system32\atlze.dll
c:\windows\system32\atlzi32.dll
c:\windows\system32\atltl32.dll
c:\windows\system32\atlub.dll
c:\windows\system32\atlvk32.dll
c:\windows\system32\c89spzr5e2285.ocx
c:\windows\system32\c8ebac9dooz15.cpl
c:\windows\system32\crdh.dll
c:\windows\system32\crhr.dll
c:\windows\system32\crja32.dll
c:\windows\system32\crkv.dll
c:\windows\system32\crpa.dll
c:\windows\system32\crqu32.dll
c:\windows\system32\crrk32.dll
c:\windows\system32\crrq.dll
c:\windows\system32\crsu32.dll
c:\windows\system32\crsw32.dll
c:\windows\system32\crzf.dll
c:\windows\system32\cruy32.dll
c:\windows\system32\crwb.dll
c:\windows\system32\crwn32.dll
c:\windows\system32\cryg32.dll
c:\windows\system32\d3ae.dll
c:\windows\system32\d3ag32.dll
c:\windows\system32\d3cr32.dll
c:\windows\system32\d3dg.dll
c:\windows\system32\d3dm.dll
c:\windows\system32\d3do32.dll
c:\windows\system32\d3eo.dll
c:\windows\system32\d3eu.dll
c:\windows\system32\d3fv.dll
c:\windows\system32\d3gs32.dll
c:\windows\system32\d3gv32.dll
c:\windows\system32\d3gy32.dll
c:\windows\system32\d3hv.dll
c:\windows\system32\d3ie.dll
c:\windows\system32\d3nc32.dll
c:\windows\system32\d3ni32.dll
c:\windows\system32\d3oc.dll
c:\windows\system32\d3pm32.dll
c:\windows\system32\d3pr32.dll
c:\windows\system32\d3rc32.dll
c:\windows\system32\d3rv32.dll
c:\windows\system32\d3zt32.dll
c:\windows\system32\d3to32.dll
c:\windows\system32\d3ty32.dll
c:\windows\system32\d3vc.dll
c:\windows\system32\d3yp.dll
c:\windows\system32\ddfazdw9re1725.cpl
c:\windows\system32\diyog.dat
c:\windows\system32\drivers\gaopdxqwrqxoboxuwkiltehbablkyurgdqpmex.sys
c:\windows\system32\e56vzr25519.exe
c:\windows\system32\ed0z9e5l2780.dll
c:\windows\system32\eojwm.dat
c:\windows\system32\ezcdow59oader3244.dll
c:\windows\system32\finxl.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxwrsrcuwswihiwoowybxulqapxmpfqjei.dll
c:\windows\system32\gatcq.dat
c:\windows\system32\glxly.dll
c:\windows\system32\gtiim.dat
c:\windows\system32\hbjmz.dat

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:07 am

c:\windows\system32\7192spamzot58b.cpl
c:\windows\system32\71z7threat528859.dll
c:\windows\system32\7262t9rz5t26922.ocx
c:\windows\system32\7354sp5rsz1769.ocx
c:\windows\system32\736z5orm493.exe
c:\windows\system32\73d79d5warez842.exe
c:\windows\system32\7495szeal2681.ocx
c:\windows\system32\7505sp9ware54z.dll
c:\windows\system32\7596downloader50z.dll
c:\windows\system32\75d3th9eat32536z.cpl
c:\windows\system32\75eath5ezt98192.dll
c:\windows\system32\76z5downlo9der830.exe
c:\windows\system32\7856addware9z8.bin
c:\windows\system32\7947hacktozl4b35.dll
c:\windows\system32\795bvi91z78.dll
c:\windows\system32\7985zot-a-viru923d.dll
c:\windows\system32\7a51ba5zdoor978.ocx
c:\windows\system32\7c5zthief26079.cpl
c:\windows\system32\7c65tz5ef9521.exe
c:\windows\system32\7d35hzef196.ocx
c:\windows\system32\7f5bsp59are2z91.exe
c:\windows\system32\7z07sparse15859.dll
c:\windows\system32\7z155i9us69e.cpl
c:\windows\system32\7z5do9n5oader784.exe
c:\windows\system32\7z93hac5tool589.exe
c:\windows\system32\86695roz7ad.exe
c:\windows\system32\8779zr5j247.ocx
c:\windows\system32\9057zpam5ot9b5.dll
c:\windows\system32\91985virus5z5.exe
c:\windows\system32\9198tzoj35a.cpl
c:\windows\system32\922z3worm715.exe
c:\windows\system32\922zv5r9s296.exe
c:\windows\system32\928z95orm27.ocx
c:\windows\system32\9355vzr1328.ocx
c:\windows\system32\93577spy2za.bin
c:\windows\system32\9503h9cz5ool4ec.dll
c:\windows\system32\9508zd5ware2801.bin
c:\windows\system32\952zspywar53.cpl
c:\windows\system32\95408spambot28z.cpl
c:\windows\system32\9595szy529.exe
c:\windows\system32\959backdozr2872.cpl
c:\windows\system32\95bethreat56z28.ocx
c:\windows\system32\95z0vir95217.cpl
c:\windows\system32\96150zo5m648.cpl
c:\windows\system32\96410spamb5tz5e.bin
c:\windows\system32\975azir2259.cpl
c:\windows\system32\975fbackdoor1010z.exe
c:\windows\system32\97z05virus742.bin
c:\windows\system32\97thizf5695.bin
c:\windows\system32\98454not-a-zirus655.bin
c:\windows\system32\98553spy59z.cpl
c:\windows\system32\995759rm357z.bin
c:\windows\system32\995thzef1446.ocx
c:\windows\system32\99759worm6b6z.cpl
c:\windows\system32\9b45sparsz1858.bin
c:\windows\system32\9c04v5r228z.ocx
c:\windows\system32\9d0espar5e3z68.bin
c:\windows\system32\9d4zthrea520037.exe
c:\windows\system32\9f35threa54z21.exe
c:\windows\system32\9z36t9oj1925.dll
c:\windows\system32\9z4stea52364.bin
c:\windows\system32\adddz.dll
c:\windows\system32\addfb.dll
c:\windows\system32\addhc.dll
c:\windows\system32\addhr.dll
c:\windows\system32\addic32.dll
c:\windows\system32\addlj32.dll
c:\windows\system32\addmk.dll
c:\windows\system32\addnk32.dll
c:\windows\system32\addnl.dll
c:\windows\system32\addod.dll
c:\windows\system32\addqv.dll
c:\windows\system32\addrs32.dll
c:\windows\system32\addsb32.dll
c:\windows\system32\addsc32.dll
c:\windows\system32\addtp.dll
c:\windows\system32\addyq.dll
c:\windows\system32\apiab32.dll
c:\windows\system32\apiap32.dll
c:\windows\system32\apici32.dll
c:\windows\system32\apidw32.dll
c:\windows\system32\apiem.dll
c:\windows\system32\apihz32.dll
c:\windows\system32\apiib.dll
c:\windows\system32\apiil32.dll
c:\windows\system32\apiip.dll
c:\windows\system32\apijl32.dll
c:\windows\system32\apijw32.dll
c:\windows\system32\apikk.dll
c:\windows\system32\apilb32.dll
c:\windows\system32\apinx32.dll
c:\windows\system32\apiph.dll
c:\windows\system32\apiqa32.dll
c:\windows\system32\apira.dll
c:\windows\system32\apiss.dll
c:\windows\system32\apize.dll
c:\windows\system32\apizu32.dll
c:\windows\system32\apite.dll
c:\windows\system32\apits32.dll
c:\windows\system32\apiup32.dll
c:\windows\system32\apiwb.dll
c:\windows\system32\apiwk.dll
c:\windows\system32\apivo.dll
c:\windows\system32\apiya.dll
c:\windows\system32\appdv32.dll
c:\windows\system32\applq.dll
c:\windows\system32\appmo32.dll
c:\windows\system32\appnz32.dll
c:\windows\system32\appop.dll
c:\windows\system32\appoy32.dll
c:\windows\system32\apprz.dll
c:\windows\system32\appss.dll
c:\windows\system32\appzk32.dll
c:\windows\system32\appzv.dll
c:\windows\system32\appxm.dll
c:\windows\system32\appxs32.dll
c:\windows\system32\appyq.dll
c:\windows\system32\atlay.dll
c:\windows\system32\atlcp32.dll
c:\windows\system32\atlep.dll
c:\windows\system32\atlfu32.dll
c:\windows\system32\atlgf32.dll
c:\windows\system32\atlgh.dll
c:\windows\system32\atljg32.dll
c:\windows\system32\atlkf32.dll
c:\windows\system32\atlla.dll
c:\windows\system32\atlmg.dll
c:\windows\system32\atlnz32.dll
c:\windows\system32\atlsq32.dll
c:\windows\system32\atlze.dll
c:\windows\system32\atlzi32.dll
c:\windows\system32\atltl32.dll
c:\windows\system32\atlub.dll
c:\windows\system32\atlvk32.dll
c:\windows\system32\c89spzr5e2285.ocx
c:\windows\system32\c8ebac9dooz15.cpl
c:\windows\system32\crdh.dll
c:\windows\system32\crhr.dll
c:\windows\system32\crja32.dll
c:\windows\system32\crkv.dll
c:\windows\system32\crpa.dll
c:\windows\system32\crqu32.dll
c:\windows\system32\crrk32.dll
c:\windows\system32\crrq.dll
c:\windows\system32\crsu32.dll
c:\windows\system32\crsw32.dll
c:\windows\system32\crzf.dll
c:\windows\system32\cruy32.dll
c:\windows\system32\crwb.dll
c:\windows\system32\crwn32.dll
c:\windows\system32\cryg32.dll
c:\windows\system32\d3ae.dll
c:\windows\system32\d3ag32.dll
c:\windows\system32\d3cr32.dll
c:\windows\system32\d3dg.dll
c:\windows\system32\d3dm.dll
c:\windows\system32\d3do32.dll
c:\windows\system32\d3eo.dll
c:\windows\system32\d3eu.dll
c:\windows\system32\d3fv.dll
c:\windows\system32\d3gs32.dll
c:\windows\system32\d3gv32.dll
c:\windows\system32\d3gy32.dll
c:\windows\system32\d3hv.dll
c:\windows\system32\d3ie.dll
c:\windows\system32\d3nc32.dll
c:\windows\system32\d3ni32.dll
c:\windows\system32\d3oc.dll
c:\windows\system32\d3pm32.dll
c:\windows\system32\d3pr32.dll
c:\windows\system32\d3rc32.dll
c:\windows\system32\d3rv32.dll
c:\windows\system32\d3zt32.dll
c:\windows\system32\d3to32.dll
c:\windows\system32\d3ty32.dll
c:\windows\system32\d3vc.dll
c:\windows\system32\d3yp.dll
c:\windows\system32\ddfazdw9re1725.cpl
c:\windows\system32\diyog.dat
c:\windows\system32\drivers\gaopdxqwrqxoboxuwkiltehbablkyurgdqpmex.sys
c:\windows\system32\e56vzr25519.exe
c:\windows\system32\ed0z9e5l2780.dll
c:\windows\system32\eojwm.dat
c:\windows\system32\ezcdow59oader3244.dll
c:\windows\system32\finxl.dll
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxwrsrcuwswihiwoowybxulqapxmpfqjei.dll
c:\windows\system32\gatcq.dat
c:\windows\system32\glxly.dll
c:\windows\system32\gtiim.dat
c:\windows\system32\hbjmz.dat

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:08 am

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-11-07 02:41 . 2009-11-07 02:41 6355 ----a-w- c:\windows\system32\9299hac5tzold.bin
2009-10-16 08:09 . 2009-10-16 08:09 7178 ----a-w- c:\windows\9015zirus3.dll
2009-06-29 08:05 . 2009-06-29 08:05 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-06-06 08:09 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-06 08:09 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-06 08:09 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-06 08:09 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-06 08:09 . 2009-06-06 08:09 -------- d-----w- c:\program files\Avira
2009-06-06 08:09 . 2009-06-06 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-05 19:26 . 2009-06-05 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-05 15:19 . 2008-07-28 08:29 160792 ----a-w- c:\windows\system32\drivers\pctfw2.sys
2009-06-05 15:18 . 2009-06-05 15:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-05 15:18 . 2008-06-10 18:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-06-05 15:18 . 2008-06-02 12:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-06-05 15:18 . 2008-06-02 12:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-06-05 15:18 . 2008-06-02 12:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-06-05 15:18 . 2009-06-06 09:11 -------- d-----w- c:\program files\Spyware Doctor
2009-06-05 15:18 . 2009-06-05 15:18 -------- d-----w- c:\documents and settings\kristjan\Application Data\PC Tools
2009-06-05 15:18 . 2009-06-05 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-05 14:53 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 14:53 . 2009-06-05 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 14:53 . 2009-06-05 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 14:53 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 10:19 . 2009-06-03 10:21 -------- d-----w- c:\documents and settings\kristjan\rs_cache
2009-05-31 09:16 . 2009-06-06 08:20 37376 ----a-w- c:\windows\system32\vcrt80.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 08:07 . 2004-12-04 14:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 09:17 . 2009-06-06 09:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-06-06 09:13 . 2007-08-22 07:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-05 19:52 . 2004-11-29 21:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-05 19:35 . 2006-02-01 12:01 -------- d-----w- c:\program files\NoAdware3
2009-06-05 19:33 . 2005-06-24 16:13 -------- d-----w- c:\program files\Java
2009-06-05 19:29 . 2004-07-29 13:30 -------- d-----w- c:\program files\Sun
2009-06-05 15:18 . 2008-05-01 19:11 -------- d-----w- c:\documents and settings\kristjan\Application Data\GetRightToGo
2009-06-05 14:55 . 2004-07-28 23:48 -------- d-----w- c:\documents and settings\kristjan\Application Data\Xfire
2009-06-03 17:28 . 2007-10-13 12:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-06-02 20:17 . 2008-07-29 09:31 34 ----a-w- c:\documents and settings\kristjan\jagex_runescape_preferences.dat
2009-05-28 22:48 . 2004-07-29 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonEU
2008-07-28 21:37 . 2008-06-22 16:57 44596 ----a-w- c:\program files\Mozcheck.exe
2004-07-28 23:36 . 2008-07-28 21:43 149 ----a-w- c:\program files\values.dat
2004-07-28 21:41 . 2004-07-19 19:53 106637 ----a-w- c:\program files\BDAXP.cab
2004-07-22 07:51 . 2004-07-22 07:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 19:58 . 2004-07-19 19:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-09 11:17 . 2004-07-09 11:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 06:13 . 2004-07-09 06:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 06:13 . 2004-07-09 06:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 01:08 . 2004-07-09 01:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 01:08 . 2004-07-09 01:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 00:03 . 2004-07-09 00:03 62976 ----a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2001-12-08 49152]
"ElbyCheckRegKill"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-16 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-01 185872]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\kristjan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-29 98304]
Styler.lnk - c:\documents and settings\kristjan\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2004-7-31 15086]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-29 98304]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-11-30 184320]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-6-4 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-6-4 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [5.06.2009 18:19 160792]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [30.11.2004 1:54 6016]
S3 BeSk81;BeSk81;\??\c:\documents and settings\kristjan\Desktop\Let_s_Engine_3.0__Auto-delete___Double_Kill_hack___Damage_Hack___Delay_Hack\Let's Engine 3.0 +Auto-delete + Double Kill hack + Damage Hack + Delay Hack\BeSk8.sys --> c:\documents and settings\kristjan\Desktop\Let_s_Engine_3.0__Auto-delete___Double_Kill_hack___Damage_Hack___Delay_Hack\Let's Engine 3.0 +Auto-delete + Double Kill hack + Damage Hack + Delay Hack\BeSk8.sys [?]
S3 ChangeMe;ChangeMe;\??\c:\docume~1\kristjan\LOCALS~1\Temp\ChangeMe.sys --> c:\docume~1\kristjan\LOCALS~1\Temp\ChangeMe.sys [?]

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:09 am

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CCALib8
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mchInjDrv
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - usnjsvc
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WZCSVC
*Deregistered* - wuauserv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0922162D-E289-17F9-6283-EAE70BDE63D2}]
c:\windows\system32:vcrt80.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C1141F5F-2091-E8C5-C2CE-5E9995C691B6}]
c:\windows\system32\winupd.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
.
- - - - ORPHANS REMOVED - - - -

BHO-{032F02E7-5716-7D60-3E88-9B6309146D54} - (no file)
BHO-{15175C75-F477-8EB4-3C8F-02C0FB819959} - (no file)
BHO-{165E2A96-F6EF-8EAA-AA3B-BCF19E677FD4} - (no file)
BHO-{1A3AAC53-69B3-F769-1199-284A99589CE9} - (no file)
BHO-{22A99D53-6CB9-33A5-DED6-D04F5F0F1AE8} - (no file)
BHO-{2A69B4ED-A44E-115C-7B00-D6A6A2337148} - (no file)
BHO-{2AD4D876-81B0-B087-D7C1-18BD7A709292} - (no file)
BHO-{30B4B4C0-2D48-47C3-EB7B-42CFEDCAC207} - (no file)
BHO-{30B9D3B6-3171-041B-C2E4-A7FD55558A20} - (no file)
BHO-{322C1801-FA23-AB9E-7F00-648E62563F51} - (no file)
BHO-{34008A69-BA68-8165-F6D2-77FCBCE7DCC4} - (no file)
BHO-{3741C5ED-4EDB-B11A-EFEE-169A682E180C} - (no file)
BHO-{4310B657-55A0-9397-B42A-4550F263DFCA} - (no file)
BHO-{452CE4BD-6993-E987-C954-8D53652EE101} - (no file)
BHO-{4A35DEC1-AC71-E2CC-AA75-FE86733D32EC} - (no file)
BHO-{4D7AAE7E-60D8-7CE4-E215-285680E2A5E4} - (no file)
BHO-{4D9FC428-C242-144C-B27B-F27F0CC116BE} - (no file)
BHO-{5E7086B3-1C13-BC89-057F-D412593714CD} - (no file)
BHO-{696C280D-491E-BCE6-CB54-6602CC3C3A0C} - (no file)
BHO-{6CAEDB06-E5D2-0957-5F14-D24A99FB0FA4} - (no file)
BHO-{6F7408EF-74FB-6985-7708-21C38BE457B2} - (no file)
BHO-{7941CA3D-DE09-D3B7-ABB4-A41A008C96ED} - (no file)
BHO-{8452BC65-9E1F-8A0C-B537-38BCC7650B62} - (no file)
BHO-{8795DBCC-3869-2C17-CA6F-F9FF44CDA69E} - c:\windows\system32\javaqa.dll
BHO-{8C5AF52A-29FE-EBE7-5E7E-D3B62AE9D3CE} - (no file)
BHO-{9618C8D5-BD90-A94C-567A-B42B32CBCDCB} - (no file)
BHO-{9627E89A-ADC6-335C-80FB-709684853BA6} - (no file)
BHO-{9A8B99A7-1546-27CF-9FA1-CDE07BAAF512} - (no file)
BHO-{9B1A2625-49C3-7881-A453-1C2B2E4282F9} - (no file)
BHO-{A3ABABDA-544D-9E70-AE96-BE2F5DCF0B5A} - (no file)
BHO-{A6907CEB-9625-B7AC-4916-7411F6766CB8} - (no file)
BHO-{C649E716-3432-9ED8-A74F-7B789784477D} - (no file)
BHO-{CFBA6A8B-141A-EFF7-2284-53A16D783BE4} - (no file)
BHO-{D59AC151-F00C-3509-5093-1C3589B36680} - (no file)
BHO-{EFF0DA76-9796-3B9F-3EC2-35A88D1F24F6} - (no file)
BHO-{F4758A19-4B23-B61B-0125-C805E79FBA5A} - (no file)
BHO-{FBA5235F-EC2A-A50C-81E0-3492DB3393E2} - (no file)
HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe
HKLM-Run-iend32.exe - c:\windows\system32\iend32.exe
HKLM-Run-Security iGuard - c:\program files\Security iGuard\Security iGuard.exe
HKLM-Run-Error Nuker - c:\program files\Error Nuker\bin\ErrorNuker.exe
HKLM-Run-msov32.exe - c:\windows\msov32.exe
HKLM-Run-SpyFighterMonitor - c:\program files\SpyFighter\SpyFighter.exe
HKLM-Run-SpyFighterUpdate - c:\program files\SpyFighter\AutoUpdate.exe
HKLM-Run-ieby32.exe - c:\windows\ieby32.exe
HKLM-Run-ieht.exe - c:\windows\system32\ieht.exe
HKLM-Run-javaxu.exe - c:\windows\javaxu.exe
HKLM-Run-apivr32.exe - c:\windows\apivr32.exe
HKLM-Run-addnb32.exe - c:\windows\system32\addnb32.exe
HKLM-Run-apieg32.exe - c:\windows\apieg32.exe
HKLM-Run-sdkgc32.exe - c:\windows\system32\sdkgc32.exe
HKLM-Run-mfcxx.exe - c:\windows\system32\mfcxx.exe
HKLM-Run-sdkgm.exe - c:\windows\sdkgm.exe
HKLM-Run-crdu32.exe - c:\windows\system32\crdu32.exe
HKLM-Run-msko.exe - c:\windows\msko.exe
HKLM-Run-javaxb32.exe - c:\windows\system32\javaxb32.exe
HKLM-Run-winks.exe - c:\windows\winks.exe
HKLM-Run-netov32.exe - c:\windows\system32\netov32.exe
HKLM-Run-appqk.exe - c:\windows\system32\appqk.exe
HKLM-Run-winap.exe - c:\windows\winap.exe
HKLM-Run-iprc.exe - c:\windows\iprc.exe
HKLM-Run-msqy.exe - c:\windows\msqy.exe
HKLM-Run-atlmd32.exe - c:\windows\atlmd32.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\7.bin\M3PLUGIN.DLL
HKLM-Run-SMrhcrwsj0ej29 - c:\program files\rhcrwsj0ej29\rhcrwsj0ej29.exe
HKLM-Run-sysrest32.exe - c:\windows\system32\sysrest32.exe
HKLM-Run-vcrt80.dll - c:\windows\system32:vcrt80.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - [You must be registered and logged in to see this link.]
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?1dda4da59909449db68f0c5be659a7de
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?1dda4da59909449db68f0c5be659a7de
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\kristjan\Application Data\Mozilla\Firefox\Profiles\14e5kzh0.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\kristjan\Application Data\Mozilla\Firefox\Profiles\14e5kzh0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-06 12:12
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
vcrt80.dll = c:\windows\system32:vcrt80.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32:vcrt80.exe 37376 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(640)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3940)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Xfire\xfire_toucan_35250.dll
c:\program files\Styler\StylerHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\rundll32.exe
c:\program files\Styler\Styler.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-06-06 12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 09:26

Pre-Run: 38 140 067 840 bytes free
Post-Run: 42 272 112 640 bytes free

1553 --- E O F --- 2004-07-29 00:11

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 7:09 am

what next? Or we done? The WinBlueSoft errors arent coming anymore Goofy
I hope its same in feature. Goofy

I have still 1 question, how i can make my computer faster?Coz its very slow Goofy

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 4th June 2009, 11:10 am

Hello. Not done yet, still some malware on this machine.

Now open a new notepad file.
Input this into the notepad file:

Driver::
BeSk81
ChangeMe

File::
c:\windows\system32\9299hac5tzold.bin
c:\windows\9015zirus3.dll
c:\windows\system32\winupd.exe
c:\windows\system32:vcrt80.exe
c:\windows\system32\vcrt80.exe

Folder::
c:\program files\NoAdware3

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0922162D-E289-17F9-6283-EAE70BDE63D2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C1141F5F-2091-E8C5-C2CE-5E9995C691B6}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 11:55 am

here they are, but when i started my computer why it look liked 98 windows?But if i did combofix thing it looked aigen like xp.Õ
and 1 question, how i can make my computer faster?Coz its slow Let me think


ComboFix 09-06-03.04 - kristjan 06.06.2009 16:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1257.372.1033.18.511.99 [GMT 3:00]
Running from: c:\documents and settings\kristjan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kristjan\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\9015zirus3.dll"
"c:\windows\system32:vcrt80.exe"
"c:\windows\system32\9299hac5tzold.bin"
"c:\windows\system32\vcrt80.exe"
"c:\windows\system32\winupd.exe"
.
ADS - system32: deleted 37376 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NoAdware3
c:\program files\NoAdware3\iglist.lst
c:\program files\NoAdware3\noadware3_042206.na
c:\windows\9015zirus3.dll
c:\windows\system32\9299hac5tzold.bin
c:\windows\system32\vcrt80.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BESK81
-------\Legacy_CHANGEME
-------\Service_BeSk81
-------\Service_ChangeMe


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-29 08:05 . 2009-06-29 08:05 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-06-06 08:09 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-06 08:09 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-06 08:09 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-06 08:09 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-06 08:09 . 2009-06-06 08:09 -------- d-----w- c:\program files\Avira
2009-06-06 08:09 . 2009-06-06 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-05 19:26 . 2009-06-05 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-05 15:19 . 2008-07-28 08:29 160792 ----a-w- c:\windows\system32\drivers\pctfw2.sys
2009-06-05 15:18 . 2009-06-05 15:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-05 15:18 . 2008-06-10 18:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-06-05 15:18 . 2008-06-02 12:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-06-05 15:18 . 2008-06-02 12:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-06-05 15:18 . 2008-06-02 12:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-06-05 15:18 . 2009-06-06 09:30 -------- d-----w- c:\program files\Spyware Doctor
2009-06-05 15:18 . 2009-06-05 15:18 -------- d-----w- c:\documents and settings\kristjan\Application Data\PC Tools
2009-06-05 15:18 . 2009-06-05 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-05 14:53 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 14:53 . 2009-06-05 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 14:53 . 2009-06-05 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 14:53 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 10:19 . 2009-06-03 10:21 -------- d-----w- c:\documents and settings\kristjan\rs_cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 08:07 . 2004-12-04 14:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 14:11 . 2007-08-22 07:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 13:34 . 2008-07-29 09:31 34 ----a-w- c:\documents and settings\kristjan\jagex_runescape_preferences.dat
2009-06-06 09:18 . 2004-07-28 21:28 -------- d-----w- c:\program files\Workspace Macro 4.6
2009-06-06 09:17 . 2009-06-06 09:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-06-05 19:52 . 2004-11-29 21:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-05 19:33 . 2005-06-24 16:13 -------- d-----w- c:\program files\Java
2009-06-05 19:29 . 2004-07-29 13:30 -------- d-----w- c:\program files\Sun
2009-06-05 15:18 . 2008-05-01 19:11 -------- d-----w- c:\documents and settings\kristjan\Application Data\GetRightToGo
2009-06-05 14:55 . 2004-07-28 23:48 -------- d-----w- c:\documents and settings\kristjan\Application Data\Xfire
2009-06-03 17:28 . 2007-10-13 12:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-28 22:48 . 2004-07-29 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonEU
2008-07-28 21:37 . 2008-06-22 16:57 44596 ----a-w- c:\program files\Mozcheck.exe
2004-07-28 23:36 . 2008-07-28 21:43 149 ----a-w- c:\program files\values.dat
2004-07-28 21:41 . 2004-07-19 19:53 106637 ----a-w- c:\program files\BDAXP.cab
2004-07-22 07:51 . 2004-07-22 07:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 19:58 . 2004-07-19 19:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-09 11:17 . 2004-07-09 11:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 06:13 . 2004-07-09 06:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 06:13 . 2004-07-09 06:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 01:08 . 2004-07-09 01:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 01:08 . 2004-07-09 01:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 00:03 . 2004-07-09 00:03 62976 ----a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-07-29 12:03 . 2009-06-06 13:34 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2004-07-29 12:03 . 2009-06-02 20:17 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-06-01 09:57 . 2009-06-06 13:34 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-06-01 09:57 . 2009-06-02 20:17 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2001-12-08 49152]
"ElbyCheckRegKill"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-16 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-01 185872]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\kristjan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-29 98304]
Styler.lnk - c:\documents and settings\kristjan\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2004-7-31 15086]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-29 98304]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-11-30 184320]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-6-4 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-6-4 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 11:56 am

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hl.exe"=
"c:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [5.06.2009 18:19 160792]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [30.11.2004 1:54 6016]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CCALib8
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mchInjDrv
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WZCSVC
*Deregistered* - wuauserv
.
Contents of the 'Scheduled Tasks' folder

2009-06-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - [You must be registered and logged in to see this link.]
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?1dda4da59909449db68f0c5be659a7de
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?1dda4da59909449db68f0c5be659a7de
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\kristjan\Application Data\Mozilla\Firefox\Profiles\14e5kzh0.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\kristjan\Application Data\Mozilla\Firefox\Profiles\14e5kzh0.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-06 17:09
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(636)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3168)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Xfire\xfire_toucan_35250.dll
c:\program files\Styler\StylerHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\program files\Styler\Styler.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-06 17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 14:20
ComboFix2.txt 2009-06-06 09:26

Pre-Run: 43 033 047 040 bytes free
Post-Run: 43 049 742 336 bytes free

280 --- E O F --- 2004-07-29 00:11

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 4th June 2009, 2:51 pm

Hello.
The screen resolution or theme might have changed during the Combofix run because for Combofix to do it's job, it has to kill everything running so stuff isn't blocked.
Next.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 4:20 pm

Adazu Cipsi - Ego Screensaver
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator 9.0 Tryout
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer
Adobe® Photoshop® Album Starter Edition 3.2
Ask Toolbar
ATI - Software Uninstall Utility
ATI Display Driver
Avanquest update
Avira AntiVir Personal - Free Antivirus
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
C-Media 3D Audio
Cogniview PDF2XL Evaluation
Combat Arms EU
Corel Applications
CounterStrike 1.6 from VSI (Version 1.02)
Decal Converter
Diablo II
DigitalHQ
DivX Codec
DivX Player 2.1
DVD Region Killer
EA SPORTS online 2005
Empire Earth II
Fraps
FunPhotor 5.0
HijackThis 2.0.2
Home Search Assistent
Hotfix for Windows XP (KB952287)
HyperCam 2
InterVideo WinDVD
InterVideo WinRip
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
KD2GE 1.0
Macromedia Flash Player
Macromedia Shockwave Player
MAIET entertainment - Gunz
Malwarebytes' Anti-Malware
Manhunt
Micro Commandos
Microsoft .NET Framework 2.0
Microsoft Office Excel Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.10)
MSN
NitroFamily
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org Installer 1.0
OroTimesheet 5
PacCafe
Pando Media Booster
Picture Package
Pictures Slideshow Maker
Popup Blocker (Windows Live Toolbar)
PTFB Pro 3.5.0.0
QuickTime
RealPlayer
Rune Lyfe HD Client
Search Extender
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Shockwave
Shopping Wizard
Smart Menus (Windows Live Toolbar)
Sony Ericsson PC Suite 3.204.00
Sony USB Driver
SoulSeek Client 156c
Spin and Play
Spyware Doctor 6.0
Styler
SweetIM for Messenger 2.5
SweetIM Toolbar for Internet Explorer 3.1
Tabbed Browsing (Windows Live Toolbar)
The Best Movie Player 1.56
ToggleEN Toolbar
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Web Picture Creator 1.8
Video DVD Maker v3.5.0.9
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windowsi kasutajaliidese keelepakett
WinRAR archiver
Workspace Macro 4.6
Xfire (remove only)
Yahoo! Toolbar

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 4th June 2009, 4:34 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 4th June 2009, 6:19 pm

Did it all,
But could not delete this program:

J2SE Runtime Environment 5.0 Update 10

If i try comes some error...

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by Belahzur on 4th June 2009, 6:20 pm

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware attack.(winbluesoft)

Post by superjumbo on 5th June 2009, 6:48 am

Hello.

Kk done.My computer is just fine, the errors arent coming anymore Big Grin
Are there more ways how to make computer faster?I have like umm normal speed....

results :::

JavaRa 1.14 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jun 07 12:17:53 2009

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: C:\Windows\System32\jupdate-1.5.0_01-b08.log

Found and removed: Software\JavaSoft\Java2D\1.5.0_01

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\JavaPlugin.150_01

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

------------------------------------

Finished reporting.

superjumbo
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27495
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum