win blue soft

View previous topic View next topic Go down

win blue soft

Post by mriswith on Wed Jun 03, 2009 3:39 pm

I got this stupid WIn blue soft program last night I tried to fix the issue and my computer works fine in "safe mode" but when I boot it normally I still get the black and words background I tried changeing it and the next tiem I booted there it was again can you help? I ran Hi lack this and I will post the log file below.

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

log file

Post by mriswith on Wed Jun 03, 2009 3:39 pm

Logfile of HijackThis v1.99.1
Scan saved at 11:33:27, on 6/3/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Shawn\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Users\Shawn\AppData\Local\CyberDefender Internet Security\AntiSpyware\cdas2d88.exe" /minimize
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

Re: win blue soft

Post by mriswith on Wed Jun 03, 2009 3:40 pm

any help would be greatly appreciated and thank you in advance.

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

Re: win blue soft

Post by Belahzur on Wed Jun 03, 2009 3:43 pm

Hello.
You are running an old versin of Hijack This. See if you can use the new version before we do anything.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

here is the new log file

Post by mriswith on Wed Jun 03, 2009 3:45 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:40, on 6/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Shawn\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5893 bytes

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

Re: win blue soft

Post by Belahzur on Wed Jun 03, 2009 3:52 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Ask Toolbar
  • Click on the Uninstall/Change button at the top.
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

  • Next, open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Delete a file on reboot..."
  • Then find and select this file: C:\windows\system32\blocker.dll
  • Select okay and select yes to reboot.

Then after reboot, lets get an uninstall list.

  • Open HijackThis again.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

here is the list

Post by mriswith on Wed Jun 03, 2009 4:01 pm

Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Apple Mobile Device Support
Apple Software Update
Bonjour
Civilization III
Counter-Strike: Source
Curse Client
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Heroes of Might and Magic IV
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 11
LimeWire 5.1.3
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
MyIdentityDefender Toolbar
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
NVIDIA PhysX
QuickTime
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Steam
System Requirements Lab
VLC media player 0.9.9
World of Warcraft
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zango

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

Re: win blue soft

Post by Belahzur on Wed Jun 03, 2009 4:07 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

We need to uninstall a few more things.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) 6 Update 11
    LimeWire 5.1.3
    MyIdentityDefender Toolbar
    Zango

  • Click on the Uninstall/Change button at the top.

Then please find and delete this folders in bold (if present):
C:\Program Files\Limewire
C:\Program Files\Zango
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

part 2

Post by mriswith on Wed Jun 03, 2009 4:29 pm

c:\windows\system32\5f2zthie9747.exe
c:\windows\system32\5f98d5wnloa9ez2913.exe
c:\windows\system32\5f9bstezl2339.dll
c:\windows\system32\5z19thief6805.bin
c:\windows\system32\5z26thief3975.dll
c:\windows\system32\612vi959z9.exe
c:\windows\system32\62d0st5zl2599.dll
c:\windows\system32\63afbackdoor59z.bin
c:\windows\system32\6434sp5rze9443.ocx
c:\windows\system32\6449acktz5l5c.exe
c:\windows\system32\6493t95efz968.dll
c:\windows\system32\64czspywa5e29349.exe
c:\windows\system32\64d2dowzload9r4945.dll
c:\windows\system32\651fthiefz591.exe
c:\windows\system32\65zathief1929.cpl
c:\windows\system32\6659zteal2910.dll
c:\windows\system32\6662vi51591z.exe
c:\windows\system32\6677v9r5z7b9.cpl
c:\windows\system32\670at9ze5797.exe
c:\windows\system32\676zadd95re2630.ocx
c:\windows\system32\6859trojz55.ocx
c:\windows\system32\68z5vi97425.cpl
c:\windows\system32\69715roz20.ocx
c:\windows\system32\6999zpar5e1082.exe
c:\windows\system32\6bd2baz59oor812.cpl
c:\windows\system32\6bf85hreat2z9219.exe
c:\windows\system32\6c8szar952261.exe
c:\windows\system32\6cd65o9nzoader721.bin
c:\windows\system32\6d75baczdoor1791.cpl
c:\windows\system32\6da9szeal5959.exe
c:\windows\system32\6dazthi5f3092.cpl
c:\windows\system32\6e3at5iz92758.exe
c:\windows\system32\6e55steaz429.exe
c:\windows\system32\6f09spywa5e20z5.dll
c:\windows\system32\70fbth9zat3514.ocx
c:\windows\system32\713zdo9n5oader2179.dll
c:\windows\system32\7194vzru93475.cpl
c:\windows\system32\71z9threat7540.ocx
c:\windows\system32\7229zor5792.ocx
c:\windows\system32\72fesparze5983.ocx
c:\windows\system32\73f3thi5z97.bin
c:\windows\system32\7471z5rus2a29.ocx
c:\windows\system32\7482sp5ware2z94.cpl
c:\windows\system32\7583threat19z95.exe
c:\windows\system32\759zba5kdoor2945.cpl
c:\windows\system32\75c5s9arsz2273.dll
c:\windows\system32\75z5spywar91883.exe
c:\windows\system32\7738thie95z8.cpl
c:\windows\system32\781bsze9l1515.ocx
c:\windows\system32\7825zo9m4f7.exe
c:\windows\system32\783cth9eatz2535.dll
c:\windows\system32\7909ad5warez875.bin
c:\windows\system32\7915viz575.dll
c:\windows\system32\7958sparze1705.cpl
c:\windows\system32\7987hack5ool3a8z.ocx
c:\windows\system32\799zspyware1517.dll
c:\windows\system32\7a0c5pyware9375z.cpl
c:\windows\system32\7a43bac5dz9r2654.exe
c:\windows\system32\7a59vir391z.cpl
c:\windows\system32\7b45steal98z0.dll
c:\windows\system32\7c8spzw5re6099.bin
c:\windows\system32\7e005oznloader18389.bin
c:\windows\system32\7f9spzw5re2649.cpl
c:\windows\system32\7z05back9oor1865.cpl
c:\windows\system32\8136v9r5sz6b.dll
c:\windows\system32\815759cktoozeb.ocx
c:\windows\system32\8239not-a9zirus53.ocx
c:\windows\system32\8508spa9bot2z1.cpl
c:\windows\system32\850zvi9us455.dll
c:\windows\system32\8z95troj79b.exe
c:\windows\system32\90259acz5ool68f.cpl
c:\windows\system32\9090spy5dz.dll
c:\windows\system32\9102worz150.ocx
c:\windows\system32\91811hacktoo57z9.cpl
c:\windows\system32\91zbthief5325.ocx
c:\windows\system32\9255thiez305.bin
c:\windows\system32\9279spywarz957.exe
c:\windows\system32\9300n5t-a-viruz692.cpl
c:\windows\system32\93845sp53z7.bin
c:\windows\system32\9395noz-a-5irus365.ocx
c:\windows\system32\95555pzrse1656.cpl
c:\windows\system32\955znot-a-virus2cf.ocx
c:\windows\system32\956zspambot5c7.dll
c:\windows\system32\96321troj355z.cpl
c:\windows\system32\9634spyzare885.ocx
c:\windows\system32\96591spy6ze.exe
c:\windows\system32\9673zor52cc9.bin
c:\windows\system32\96ed5ir243z.exe
c:\windows\system32\970505zrm3e0.dll
c:\windows\system32\976z7vi5us70d.dll
c:\windows\system32\97z84worm385.cpl
c:\windows\system32\98685irzs19.cpl
c:\windows\system32\9919spyw5rez551.cpl
c:\windows\system32\9970hacktozl2f5.bin
c:\windows\system32\99719spyz75.bin
c:\windows\system32\999worm245z.dll
c:\windows\system32\99aedownl5zder1969.dll
c:\windows\system32\9aa65ownloader283z.cpl
c:\windows\system32\9b9etz5ef2593.cpl
c:\windows\system32\9c49thie51z05.exe
c:\windows\system32\9ffsparze5658.cpl
c:\windows\system32\9z965pam9ot5a0.bin
c:\windows\system32\a54th9zat17433.dll
c:\windows\system32\a72sp9rz5417.ocx
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\d00zir5579.cpl
c:\windows\system32\d2ethi5f1289z.cpl
c:\windows\system32\deth95at902z.bin
c:\windows\system32\e37zddware57479.dll
c:\windows\system32\eaedow95oadez631.cpl
c:\windows\system32\ec0downl9z5er457.ocx
c:\windows\system32\f02t5ie92705z.exe
c:\windows\system32\fe7downzoader295.bin
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\z0026wor95b.ocx
c:\windows\system32\z054troj579.bin
c:\windows\system32\z2059not-a-5irus60.cpl
c:\windows\system32\z20fthi9f2546.dll
c:\windows\system32\z212bac9d5or809.ocx
c:\windows\system32\z215addware1698.dll
c:\windows\system32\z45troj5b9.exe
c:\windows\system32\z538worm29b.bin
c:\windows\system32\z5454not-a-vir9s6fc.dll
c:\windows\system32\z599ir129.bin
c:\windows\system32\z59downloader2874.ocx
c:\windows\system32\z5bbspar59900.cpl
c:\windows\system32\z6000sp59e.ocx
c:\windows\system32\z6442ha9k5ool458.exe
c:\windows\system32\z645d5wnloader9796.ocx
c:\windows\system32\z65105roj2e9.bin
c:\windows\system32\z658v9r1950.dll
c:\windows\system32\z7399worm48d5.bin
c:\windows\system32\z755hackt9ol37c.bin
c:\windows\system32\z759ad5ware18979.ocx
c:\windows\system32\z79aad5ware19149.ocx
c:\windows\system32\z848259rmc0.bin
c:\windows\system32\z857add9are26375.dll
c:\windows\system32\z8949w9rm53.cpl
c:\windows\system32\z9458worm7c9.bin
c:\windows\system32\z954thief746.bin
c:\windows\system32\z955a5dware6.cpl
c:\windows\system32\z95bspyware2972.bin
c:\windows\system32\z969s5ambot973.ocx
c:\windows\system32\z999vi5us321.cpl
c:\windows\system32\za15do9nl5ader1705.bin
c:\windows\system32\zccdow5loa9er688.cpl
c:\windows\system32\zfa6st59l1244.ocx
c:\windows\z0015spambot93.cpl
c:\windows\z0499hac5tool553.dll
c:\windows\z0559wor9e6.cpl
c:\windows\z1740wo9m1a45.ocx
c:\windows\z175steal1989.cpl
c:\windows\z1899s5am9ot4f3.dll
c:\windows\z1aaback5oor1946.dll
c:\windows\z1aaspyware5594.ocx
c:\windows\z259s9y493.dll
c:\windows\z306t9o5538.ocx
c:\windows\z4559troj81.exe
c:\windows\z5993worm55.bin
c:\windows\z876s9arse1525.cpl
c:\windows\z8f1a9dware5594.ocx
c:\windows\z915threat26453.dll
c:\windows\z996sparse525.ocx
c:\windows\z9f0vir9519.exe
c:\windows\zb3spyware9566.cpl
c:\windows\zda0s5yware699.exe
c:\windows\zf0bthie91695.ocx

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

Re: win blue soft

Post by mriswith on Wed Jun 03, 2009 4:30 pm

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 16:20 . 2009-06-03 16:21 -------- d-----w- c:\users\Shawn\AppData\Local\temp
2009-06-03 16:09 . 2009-06-03 16:09 -------- d-----w- c:\program files\Microsoft
2009-05-25 18:56 . 2009-05-25 18:56 -------- d-----w- c:\users\Shawn\Program Files
2009-05-22 16:33 . 2009-05-13 12:23 750 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\hub.scr
2009-05-22 16:33 . 2009-05-13 12:23 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\NAVENG.SYS
2009-05-22 16:33 . 2009-05-13 12:23 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\NAVEX15.SYS
2009-05-22 16:33 . 2009-05-13 12:23 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\EECTRL.SYS
2009-05-22 16:33 . 2009-05-13 12:23 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\ECMSVR32.DLL
2009-05-22 16:33 . 2009-05-13 12:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\CCERASER.DLL
2009-05-22 16:33 . 2009-05-13 12:23 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\NAVENG32.DLL
2009-05-22 16:33 . 2009-05-13 12:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\NAVEX32A.DLL
2009-05-22 16:33 . 2009-05-13 12:23 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090522.002\ERASER.SYS
2009-05-22 06:14 . 2009-06-01 08:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-22 06:14 . 2009-06-01 08:00 -------- d-----w- c:\program files\Norton Security Scan
2009-05-22 03:09 . 2009-05-22 03:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-22 03:09 . 2009-05-22 03:14 -------- d-----w- c:\users\Shawn\AppData\Local\Adobe
2009-05-22 01:18 . 2009-05-22 01:20 -------- d-----w- c:\users\Shawn\AppData\Local\Google
2009-05-22 00:42 . 2009-05-22 01:19 -------- d-----w- c:\program files\Google
2009-05-22 00:39 . 2009-05-22 03:07 -------- d-----w- c:\programdata\NOS
2009-05-22 00:39 . 2009-05-22 00:39 -------- d-----w- c:\program files\NOS
2009-05-16 20:13 . 2009-06-03 15:58 -------- d-----w- c:\users\Shawn\AppData\Local\CurseClient
2009-05-16 20:12 . 2009-06-03 15:58 -------- d-----w- c:\program files\Curse
2009-05-16 04:25 . 2009-05-16 05:04 -------- d-----w- c:\users\Public\Games
2009-05-16 04:25 . 2009-05-16 05:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-14 05:38 . 2009-05-14 05:38 -------- d-----w- c:\programdata\Blizzard
2009-05-14 03:06 . 2009-05-25 18:58 -------- d-----w- c:\program files\Common Files\Steam
2009-05-14 03:06 . 2009-06-03 15:58 -------- d-----w- c:\program files\Steam
2009-05-11 10:07 . 2009-05-11 10:07 -------- d-----w- c:\program files\Xvid
2009-05-11 10:07 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-11 10:07 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-10 00:53 . 2009-06-03 01:02 -------- d-----w- c:\users\Shawn\AppData\Roaming\BitTorrent
2009-05-10 00:53 . 2009-06-03 16:18 -------- d-----w- c:\users\Shawn\AppData\Roaming\DNA
2009-05-10 00:53 . 2009-06-03 15:58 -------- d-----w- c:\program files\DNA
2009-05-10 00:53 . 2009-05-10 00:53 -------- d-----w- c:\program files\BitTorrent
2009-05-10 00:53 . 2009-05-10 00:53 -------- d-----w- c:\users\Shawn\AppData\Local\DNA
2009-05-10 00:35 . 2009-05-10 00:35 -------- d-----w- c:\windows\system32\AGEIA
2009-05-10 00:35 . 2009-05-10 00:35 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-10 00:35 . 2009-05-10 00:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-10 00:34 . 2009-05-10 00:34 -------- d-----w- C:\NVIDIA
2009-05-09 19:38 . 2009-05-09 19:38 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-08 20:15 . 2009-05-08 20:15 -------- d-----w- c:\program files\VideoLAN
2009-05-08 11:33 . 2009-05-08 11:33 34062 ----a-w- c:\users\Shawn\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-05-08 11:33 . 2009-05-08 11:33 -------- d-----w- c:\users\Shawn\AppData\Roaming\Move Networks
2009-05-07 13:10 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2009-05-07 13:10 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2009-05-07 13:10 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2009-05-07 13:10 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2009-05-07 13:10 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2009-05-07 13:10 . 2008-04-12 03:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-07 13:10 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-07 13:10 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-05-07 13:10 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-05-07 13:08 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2009-05-07 13:08 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2009-05-07 13:08 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-05-07 13:08 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2009-05-07 13:08 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2009-05-07 13:08 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-05-07 13:08 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2009-05-07 07:47 . 2009-05-07 07:47 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-07 05:23 . 2009-05-07 05:23 -------- d-----w- C:\PerfLogs
2009-05-06 22:16 . 2008-01-19 07:36 1541120 ----a-w- c:\windows\system32\onex.dll
2009-05-06 22:16 . 2008-01-19 07:33 2623488 ----a-w- c:\windows\system32\SLsvc.exe
2009-05-06 22:14 . 2008-01-19 07:36 310784 ----a-w- c:\windows\system32\swprv.dll
2009-05-06 22:13 . 2008-01-19 07:37 273920 ----a-w- c:\windows\system32\wow32.dll
2009-05-06 22:12 . 2008-01-19 07:34 64000 ----a-w- c:\windows\system32\iscsiwmi.dll
2009-05-06 21:39 . 2009-05-06 21:39 -------- d-----w- c:\programdata\Downloaded Installations
2009-05-06 21:36 . 2009-05-11 10:07 -------- d-----w- c:\users\Shawn\AppData\Local\Apple Computer
2009-05-06 21:33 . 2009-05-06 21:33 -------- d-----w- c:\programdata\Apple
2009-05-06 19:09 . 2009-05-06 19:09 -------- d-----w- c:\users\Shawn\AppData\Local\Yahoo
2009-05-06 19:08 . 2009-05-22 00:42 -------- d-----w- c:\windows\system32\Macromed
2009-05-06 19:06 . 2009-03-18 21:55 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-05-06 18:49 . 2009-05-06 19:09 -------- d-----w- c:\programdata\Yahoo!
2009-05-06 18:49 . 2009-05-06 18:49 -------- d-----w- c:\users\Shawn\AppData\Roaming\Yahoo!
2009-05-06 18:49 . 2009-05-06 18:49 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-06 18:49 . 2009-05-06 19:06 -------- d-----w- c:\program files\Yahoo!
2009-05-06 18:47 . 2009-05-06 18:50 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-06 18:42 . 2009-05-06 18:42 -------- d-----w- c:\users\Shawn\AppData\Local\WindowsUpdate
2009-05-06 18:34 . 2009-05-06 18:37 -------- d-----w- c:\program files\Common Files\Motive
2009-05-06 18:34 . 2009-05-06 18:34 -------- d-----w- c:\programdata\Motive
2009-05-06 17:20 . 2009-05-06 18:37 17183984 ----a-w- c:\users\Shawn\ie8-setup-full.exe
2009-05-06 15:55 . 2009-05-06 15:55 269312 ----a-w- c:\windows\system32\es.dll
2009-05-06 15:53 . 2009-05-10 00:39 -------- d-----w- c:\programdata\NVIDIA
2009-05-06 13:28 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-05-06 13:27 . 2009-05-06 13:27 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-06 13:27 . 2009-05-06 13:27 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-06 13:26 . 2008-01-19 07:34 15872 ----a-w- c:\windows\system32\hcrstco.dll
2009-05-06 13:26 . 2006-11-02 09:46 8704 ----a-w- c:\windows\system32\hccoin.dll
2009-05-06 13:22 . 2008-09-18 03:55 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2009-05-06 13:22 . 2009-04-27 04:42 457248 ----a-w- c:\windows\system32\nvuninst.exe
2009-05-06 13:21 . 2009-06-03 16:09 -------- d-sh--w- c:\windows\Installer
2009-05-06 13:19 . 2009-05-06 13:19 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-05-06 13:19 . 2009-05-06 13:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-05-06 13:19 . 2009-05-06 13:19 11264 ----a-w- c:\windows\system32\icardres.dll
2009-05-06 13:19 . 2009-05-06 13:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-06 13:19 . 2009-05-06 13:19 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-05-06 13:19 . 2009-05-06 13:19 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-05-06 13:19 . 2009-05-06 13:19 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-05-06 13:02 . 2009-05-06 13:02 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-05-06 13:02 . 2009-05-06 13:02 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-06 13:02 . 2009-05-06 13:02 83968 ----a-w- c:\windows\system32\mscories.dll
2009-05-06 13:02 . 2009-05-06 13:02 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-05-06 13:02 . 2009-05-06 13:02 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-05-06 07:30 . 2009-05-06 07:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-06 07:30 . 2009-05-06 07:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-06 07:30 . 2009-05-06 07:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-06 07:30 . 2009-05-06 07:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-06 07:29 . 2009-05-06 07:29 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-06 07:29 . 2009-05-06 07:29 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-06 07:29 . 2009-05-06 07:29 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-05-06 07:25 . 2009-05-06 07:25 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-06 07:24 . 2009-05-06 07:24 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-06 07:23 . 2009-05-06 07:23 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-06 07:23 . 2009-05-06 07:23 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-06 07:23 . 2009-05-06 07:23 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-06 07:22 . 2009-05-06 07:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-06 07:22 . 2009-05-06 07:22 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-06 07:22 . 2009-05-06 07:22 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-06 07:21 . 2009-05-06 07:21 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-06 07:21 . 2009-05-06 07:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-06 07:21 . 2009-05-06 07:21 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-06 07:18 . 2009-05-06 07:18 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-06 07:17 . 2009-05-06 07:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-06 07:17 . 2009-05-06 07:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-06 07:17 . 2009-05-06 07:17 4096 ----a-w- c:\windows\system32\dxmasf.dll

.

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

part 4

Post by mriswith on Wed Jun 03, 2009 4:30 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 16:06 . 2009-05-26 03:17 -------- d-----w- c:\program files\Java
2009-06-03 15:58 . 2009-05-10 00:39 31871 ----a-w- c:\programdata\nvModes.dat
2009-06-03 15:44 . 2009-06-03 15:44 -------- d-----w- c:\program files\Trend Micro
2009-06-03 15:22 . 2009-06-03 15:22 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-03 02:07 . 2009-06-03 02:07 691 ----a-w- c:\users\Shawn\AppData\Roaming\GetValue.vbs
2009-06-03 02:07 . 2009-06-03 02:07 35 ----a-w- c:\users\Shawn\AppData\Roaming\SetValue.bat
2009-06-03 02:07 . 2009-06-03 02:07 35 ----a-w- c:\users\Shawn\AppData\Roaming\SetValue.bat
2009-06-03 01:26 . 2009-06-03 01:26 -------- d-----w- c:\users\Shawn\AppData\Roaming\AVG8
2009-06-03 00:59 . 2009-06-03 00:58 -------- d-----w- c:\users\Shawn\AppData\Roaming\vlc
2009-05-13 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-07 05:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-07 05:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-07 05:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-07 05:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-07 05:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-07 05:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-07 05:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-06 23:03 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-06 23:03 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-06 21:36 . 2009-05-06 21:36 -------- d-----w- c:\users\Shawn\AppData\Roaming\Apple Computer
2009-05-06 21:36 . 2009-05-06 21:36 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-06 21:36 . 2009-05-06 21:36 -------- d-----w- c:\program files\iTunes
2009-05-06 21:36 . 2009-05-06 21:36 -------- d-----w- c:\program files\iPod
2009-05-06 21:36 . 2009-05-06 21:34 -------- d-----w- c:\programdata\Apple Computer
2009-05-06 21:36 . 2009-05-06 21:33 -------- d-----w- c:\program files\Common Files\Apple
2009-05-06 21:35 . 2009-05-06 21:35 -------- d-----w- c:\program files\Bonjour
2009-05-06 21:34 . 2009-05-06 21:34 -------- d-----w- c:\program files\QuickTime
2009-05-06 21:33 . 2009-05-06 21:33 -------- d-----w- c:\program files\Apple Software Update
2009-05-06 07:41 . 2009-04-26 01:43 680 ----a-w- c:\users\Shawn\AppData\Local\d3d9caps.dat
2009-05-01 04:08 . 2009-05-01 04:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-01 04:08 . 2009-05-01 04:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-05-01 04:07 . 2009-05-01 04:07 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-05-01 04:07 . 2009-05-01 04:07 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 4020768 ----a-w- c:\windows\system32\nvdisps.dll
2009-05-01 04:07 . 2009-05-01 04:07 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-05-01 04:07 . 2009-05-01 04:07 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-05-01 04:07 . 2009-05-01 04:07 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-05-01 04:07 . 2009-05-01 04:07 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-05-01 04:07 . 2009-05-01 04:07 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-05-01 04:07 . 2009-05-01 04:07 13781536 ----a-w- c:\windows\system32\nvcpl.dll
2009-05-01 04:07 . 2009-05-01 04:07 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-05-01 02:02 . 2009-05-01 02:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2009-05-01 02:02 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-05-01 02:02 . 2009-05-01 02:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-05-01 02:02 . 2009-05-01 02:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-05-01 02:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2009-05-01 02:02 . 2008-09-18 03:55 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2008-09-18 03:55 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-04-30 22:53 . 2009-04-30 22:53 0 ----a-w- c:\windows\PowerReg.dat
2009-04-30 22:51 . 2009-04-26 01:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-30 22:51 . 2009-04-30 22:51 -------- d-----w- c:\program files\Infogrames Interactive
2009-04-30 22:50 . 2009-04-26 01:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-26 01:58 . 2009-04-26 01:58 -------- d-----w- c:\users\Shawn\AppData\Roaming\InterTrust
2009-04-26 01:56 . 2009-04-26 01:56 -------- d-----w- c:\program files\Ubisoft
2009-04-26 01:43 . 2009-04-26 01:43 48600 ----a-w- c:\users\Shawn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 20:32 . 2009-05-06 21:36 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\users\Shawn\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\users\Shawn\AppData\Roaming\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-09 09:19 . 2009-05-26 03:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-06 18:48 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-06 18:48 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-06 18:48 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-06 18:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-06 18:48 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-06 18:48 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-06 18:48 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-06 18:48 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-06 18:48 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-06 18:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-06 18:48 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-06 18:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-06 18:48 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-06 18:48 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-06 18:48 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-06 18:48 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-06 18:48 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-06 18:48 156160 ----a-w- c:\windows\system32\msls31.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2009-06-03 01:47 3962184 ----a-w- c:\users\Shawn\AppData\LocalLow\CyberDefender\cdmyidd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-10 321344]
"Steam"="c:\program files\steam\steam.exe" [2009-05-18 1217784]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-05-14 1933312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{957A59DB-8147-4774-B4F8-5017BDBB2672}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{C7232359-AB1D-4EF7-B44B-A742B525EA34}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{195F1E58-D865-47CE-86E1-E1E856B70411}c:\\program files\\ubisoft\\heroes of might and magic iv\\heroes4.exe"= UDP:c:\program files\ubisoft\heroes of might and magic iv\heroes4.exe:Heroes of Might and Magic® IV
"UDP Query User{9ACDD9C6-BDC6-4002-A9B3-8FC52A0DE0B9}c:\\program files\\ubisoft\\heroes of might and magic iv\\heroes4.exe"= TCP:c:\program files\ubisoft\heroes of might and magic iv\heroes4.exe:Heroes of Might and Magic® IV
"{467E8174-A0E4-4757-8FFB-76951C291370}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{299316FB-E8AE-4CE5-996A-F8936C8F991B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EB5CFFB5-F9E6-4B65-B174-2A7251B0E2C8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{01DA8D8A-25E6-48D6-86F9-FE72C58811E5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D8D42B4E-CFB6-465B-8DEF-052231CAF969}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8AD4B9BB-476D-4F64-BD14-FC112BDF659D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{183DD2E8-A343-4A43-B372-D0E0A8505DBE}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{2D2D1718-881C-4DF2-85D7-4111320995EF}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{407D84E6-6CCE-4450-A7CD-D3783E6EF2A7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7C9A2E8E-274A-4602-A2DB-3F13B762A927}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/21/2009 20:39 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\Norton Security Scan for Shawn.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 23:04]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 12:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-03 12:22
ComboFix-quarantined-files.txt 2009-06-03 16:21

Pre-Run: 284,016,095,232 bytes free
Post-Run: 283,239,591,936 bytes free

1059 --- E O F --- 2009-06-03 15:22

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

part 1

Post by mriswith on Wed Jun 03, 2009 4:33 pm

ComboFix 09-06-01.03 - Shawn 06/03/2009 12:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.1257 [GMT -4:00]
Running from: c:\users\Shawn\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ShoppingReport
c:\windows\10249ir5sffz.cpl
c:\windows\109789zckt5ol3b2.ocx
c:\windows\10992zac5tool646.ocx
c:\windows\11239w5rzb3.ocx
c:\windows\11325sp9mbotzb45.dll
c:\windows\11529not9a-vzrus50a5.bin
c:\windows\11569not-azvirus209.exe
c:\windows\116z3hackt5ol3c9.dll
c:\windows\119e5parsz178.ocx
c:\windows\125905zam9ot70a.dll
c:\windows\12617zro9452.exe
c:\windows\1291addwa9z2954.ocx
c:\windows\129fdzwn9oader2537.cpl
c:\windows\130ea5dware17z9.bin
c:\windows\131estzal5945.bin
c:\windows\13229szy1525.cpl
c:\windows\1353viruz694.ocx
c:\windows\13999troj7z55.dll
c:\windows\13b9s5ez9760.dll
c:\windows\13z95py9are1013.exe
c:\windows\14012hack9ooz1b45.bin
c:\windows\14028sp5zbo92cb.dll
c:\windows\142sp59sez908.ocx
c:\windows\14da5tea91427z.bin
c:\windows\1519znot-a-vir5s1f2.ocx
c:\windows\1534szywar91993.exe
c:\windows\15516zacktool759.bin
c:\windows\15535hr9az18895.bin
c:\windows\155zvir56849.cpl
c:\windows\15638spambz944c5.cpl
c:\windows\156zspa9bot575.exe
c:\windows\158wormz569.bin
c:\windows\15z2v9r3264.ocx
c:\windows\16281spamb9t5e5z.exe
c:\windows\16344hackt9oz5d6.ocx
c:\windows\1636ha9ktozl2125.cpl
c:\windows\16390vir5z151.cpl
c:\windows\1659sparsz963.bin
c:\windows\1689zpy5bc.bin
c:\windows\17159troj625z.dll
c:\windows\1725zownloader3259.exe
c:\windows\17799viru9zd5.ocx
c:\windows\17913troze5.dll
c:\windows\180529acktooz4b5.cpl
c:\windows\18056viru9zd8.ocx
c:\windows\18269spzmbot359.dll
c:\windows\19959not-a5vz9us67c.exe
c:\windows\199z0worm35a5.bin
c:\windows\19dbackdzor8905.ocx
c:\windows\19z105ack9ool1e9.bin
c:\windows\19z70wor51629.dll
c:\windows\1aedow9zoa5er2230.cpl
c:\windows\1af6b9ckdo5r1z62.cpl
c:\windows\1bd95ddware945z.cpl
c:\windows\1c58threatz9990.bin
c:\windows\1d2cviz29375.bin
c:\windows\1e04szeal3159.dll
c:\windows\1ez9sparse519.ocx
c:\windows\1fbzvir29195.dll
c:\windows\1fdcad9ware94z5.cpl
c:\windows\1z595troj7a5.bin
c:\windows\1z6389irus55a.exe
c:\windows\1z6799pambot659.cpl
c:\windows\203z5spamb9t642.dll
c:\windows\20942sz9195.dll
c:\windows\21000w9zm515.exe
c:\windows\21029wo5m2f7z.bin
c:\windows\2132s5azse2395.bin
c:\windows\21533not9a-virus3z5.exe
c:\windows\2169ztroj595.ocx
c:\windows\2198zsp5a9.cpl
c:\windows\21a5s5eal271z9.cpl
c:\windows\21zn5t-a-vi9us49e.cpl
c:\windows\22057zp59bot157.ocx
c:\windows\2229szarse9205.cpl
c:\windows\224bzown9oade53140.cpl
c:\windows\225595irus63z.ocx
c:\windows\225z6not-9-virus63f.ocx
c:\windows\2290wz5mc5.cpl
c:\windows\22951hazktool691.cpl
c:\windows\229z3no9-a5virus524.bin
c:\windows\2358zvir5s6fa9.exe
c:\windows\23994tro5z9a.cpl
c:\windows\23cazteal935.cpl
c:\windows\24391ha5ztool6af9.dll
c:\windows\244bzte5l3297.exe
c:\windows\247565py93az.cpl
c:\windows\24977viruz3565.bin
c:\windows\249z9cktoo560d.exe
c:\windows\24z57tr9j59c5.ocx
c:\windows\25097spaz9ot7ab5.exe
c:\windows\251n9z-a-virus521.dll
c:\windows\25501not-azv9rus1fa.bin
c:\windows\25843wzrm51d9.exe
c:\windows\25862ha9ktzol154.dll
c:\windows\25a9threatz2454.ocx
c:\windows\25d2z9dware1101.dll
c:\windows\25d8threat29z39.cpl
c:\windows\264545pamboz965.exe
c:\windows\26657virus695z.bin
c:\windows\26789tro55zf.dll
c:\windows\2699addware9z45.ocx
c:\windows\269dad9zare5877.exe
c:\windows\26z25s9y58f.bin
c:\windows\26z95troj396.bin
c:\windows\275795py43z.cpl
c:\windows\27689parse258z.bin
c:\windows\27697zi59s688.ocx
c:\windows\277cbazkdoor5939.cpl
c:\windows\277cdow9lozder5738.bin
c:\windows\27z57w9rm595.exe
c:\windows\28278wo9z315.cpl
c:\windows\28590worz95.dll
c:\windows\285f9ackdooz158.ocx
c:\windows\28795szambot2c19.bin
c:\windows\2915159ruz5c4.bin
c:\windows\2935steaz1870.bin
c:\windows\293655ot-a-virus71z.ocx
c:\windows\29379p53z3.ocx
c:\windows\29523nzt-a-virus910.ocx
c:\windows\2979thizf2536.exe
c:\windows\29dbbackdooz295.dll
c:\windows\29z195acktool902.ocx
c:\windows\2a3d5zdwar93073.exe
c:\windows\2d85threa5z99669.ocx
c:\windows\2d96zddware6425.ocx
c:\windows\2e679zr21525.ocx
c:\windows\2ec8zhre9t9065.exe
c:\windows\2ez2spars54779.ocx
c:\windows\2f84spzr5e7529.bin
c:\windows\2fe9thr5at2983z.ocx
c:\windows\2z503spambot249.exe
c:\windows\2z590spamb9t207.cpl
c:\windows\2z89t9reat32555.ocx
c:\windows\2z938viru9135.exe
c:\windows\2z996v5rus409.dll
c:\windows\2zd5stea91708.exe
c:\windows\3039zw5r9616.dll
c:\windows\30454haczto9l64d5.ocx
c:\windows\30542hazk9ool577.ocx
c:\windows\30z659iru57c.exe
c:\windows\30zaddwa5e9501.ocx
c:\windows\31067n9t-a-vi5uz7fb.bin
c:\windows\3107zt5oj1ae9.bin
c:\windows\3182tro92z5.ocx
c:\windows\31990not-5-9irus6za.exe
c:\windows\31991trojz595.dll
c:\windows\31a9ba5kdoo9726z.bin
c:\windows\3206sp9mbot35dz.exe
c:\windows\32135sp9mb5t121z.ocx
c:\windows\3215zteal1965.cpl
c:\windows\32986vir5s4bz.exe
c:\windows\34b2a5d9arez76.bin
c:\windows\355azddwa9e279.dll
c:\windows\35z6th95f2196.bin
c:\windows\36619roj59z.cpl
c:\windows\3707v5zus591.cpl
c:\windows\3858troz7559.bin
c:\windows\3871zhre9t5455.bin
c:\windows\3892thze5149.cpl
c:\windows\39047trz56d6.cpl
c:\windows\399dz5ief2463.exe
c:\windows\39c3s5yzare806.ocx
c:\windows\39z4spywar52672.dll
c:\windows\3a9zvi51938.dll
c:\windows\3b559hrzat21804.dll
c:\windows\3c099ddwa5z1548.ocx
c:\windows\3c19thzeat75575.cpl
c:\windows\3c1zs5eal969.bin
c:\windows\3d9e9hi5fz803.cpl
c:\windows\3f96backzoor3925.dll
c:\windows\3z051wor9525.exe
c:\windows\3z50thief3595.bin
c:\windows\3z562spambo51ce9.ocx
c:\windows\3zb5st9a52719.ocx
c:\windows\4056addzare5990.dll
c:\windows\406zthr5a93830.ocx
c:\windows\4089s5y39z.dll
c:\windows\410eba5kdoo9247z.dll
c:\windows\41759irus85z.ocx
c:\windows\4196threaz315149.bin
c:\windows\41aas9y5are1296z.ocx
c:\windows\41e3bac5d9or148z.cpl
c:\windows\4219h95ktooz241.exe
c:\windows\42ccspy5arez479.cpl
c:\windows\43zbb9ckdoor11455.exe
c:\windows\44fc9ddwarez8175.cpl
c:\windows\4549backzoor499.dll
c:\windows\4562not-a-viz9s50f.exe
c:\windows\45da9ddware510z.cpl
c:\windows\45ezdownl9ader2761.bin
c:\windows\4936vz9u54c7.exe
c:\windows\4989vzr5182.exe
c:\windows\49db59dware251z.bin
c:\windows\49z5sp5rse852.dll
c:\windows\4a9thre9t29542z.cpl
c:\windows\4ae6dow5loazer31349.ocx
c:\windows\4b95thze95747.bin
c:\windows\4c56down9oazer5610.bin
c:\windows\4eedadzwa5e9537.cpl
c:\windows\4z11wo95522.exe
c:\windows\4z235or97e7.exe
c:\windows\4z42threat98957.bin
c:\windows\4zb6v952562.dll
c:\windows\503zspywar92865.cpl
c:\windows\5079szy5ar92655.ocx
c:\windows\5089b5ckdooz2533.exe
c:\windows\50d6spywarz5249.cpl
c:\windows\51329t9oj1adz.cpl
c:\windows\51654viruz47d9.dll
c:\windows\5176thze5995.ocx
c:\windows\52982spzmbot41.cpl
c:\windows\52b0bacz9oor1215.dll
c:\windows\533bad5wzre25639.bin
c:\windows\5390spyz37.bin
c:\windows\53b2zhief9203.cpl
c:\windows\54141hacktool24z9.cpl
c:\windows\5415virzs962.dll
c:\windows\5490zor936.cpl
c:\windows\54b85pzware3029.ocx
c:\windows\54fzspar5e529.exe
c:\windows\55132hacktoo9546z.dll
c:\windows\5545azdware17965.cpl
c:\windows\555fthr5zt19957.ocx
c:\windows\5591addware159z.bin
c:\windows\55azthief598.dll
c:\windows\55c29pywarz853.dll
c:\windows\562z9r5j12e.cpl
c:\windows\56zft9reat7177.bin
c:\windows\5790sparse18z0.bin
c:\windows\579dthzeat317549.ocx
c:\windows\582n5t-a-vz9usd6.dll
c:\windows\58bfspy9zre249.cpl
c:\windows\59109rojz54.bin
c:\windows\5924s5az9ot2e1.bin
c:\windows\592zaddware31975.exe
c:\windows\59594not-z-virus56a.cpl
c:\windows\597zspar9e1909.cpl
c:\windows\59893not-a-viruz57a.exe
c:\windows\599eszeal2973.cpl
c:\windows\59bdt9ze5t414.exe
c:\windows\59fa9hreat26z15.exe
c:\windows\5a6fst5az968.ocx
c:\windows\5a9cvir16z59.dll
c:\windows\5abfth5eat9z289.dll
c:\windows\5b02szyware18549.dll
c:\windows\5b9ebzckdoo51380.bin
c:\windows\5bc3d5wn9oadzr2614.ocx
c:\windows\5cd3azdwar92596.exe
c:\windows\5ce2s59rze1807.dll
c:\windows\5dd59ir2904z.bin
c:\windows\5dz9threat4156.bin
c:\windows\5e7esparze22819.dll
c:\windows\5e9astezl51.bin
c:\windows\5ec9ownlzader27925.exe
c:\windows\5ed5stea99z7.cpl
c:\windows\5f55spywa9z25735.ocx
c:\windows\5f69a9dwarz2979.exe
c:\windows\5f84th9eat16336z.bin

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

sorry

Post by mriswith on Wed Jun 03, 2009 4:34 pm

I don't know why part 1 didn't post the first tiem I prob clicked the wrong thing *shrug* but there is the whole log

thank you for all the help

mriswith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2009-06-03
OS : windows vista

View user profile

Back to top Go down

Re: win blue soft

Post by Belahzur on Wed Jun 03, 2009 4:34 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
c:\users\Shawn\AppData\Roaming\BitTorrent
c:\users\Shawn\AppData\Roaming\DNA
c:\program files\DNA
c:\program files\BitTorrent
c:\users\Shawn\AppData\Local\DNA

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{407D84E6-6CCE-4450-A7CD-D3783E6EF2A7}"=-
"{7C9A2E8E-274A-4602-A2DB-3F13B762A927}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum