I'm another victim of winblue

Page 2 of 2   1, 2

I'm another victim of winblue

First topic message reminder :

plz if you have any solution let me know. It's driving me krazy!!!!
I am not allowed any any of my programs except ie. I can not get in to my hard drive even. It has even blocked my virus protection I had on it before. This scam suxs whoever made this should be shot!!!! How dare you make me pay for something I don't want by locking up my computer!

mscandidrop

Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : windows xp

Re: I'm another victim of winblue

• Open HijackThis.
• When Hijack This opens, click "Open the Misc Tools section"
• Then select "Delete a file on reboot..."
• Then find and select this file: C:\windows\system32\blocker.dll
• Select okay and select yes to reboot.

@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.

Belahzur

Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

Re: I'm another victim of winblue

there is one called mskdectorex and another called kernalfaultcheck do i need to check else?

mscandidrop

Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : windows xp

Re: I'm another victim of winblue

ok i got it now
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:41 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\tempo-setup2.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Search - ?p=ZJxdm088YYUS O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.moove.com O20 - AppInit_DLLs: blocker.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O24 - Desktop Component 0: (no name) - About:Home -- End of file - 9042 bytes mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue did i do it right? mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue ... mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue so.......... what now mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue Please do not keep Bumping your topic as you are not the only one that needs help, • Open HijackThis. • Choose "Do a system scan only" • Check the boxes in front of these lines: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe O8 - Extra context menu item: &Search - ?p=ZJxdm088YYUS O15 - Trusted Zone: *.moove.com O20 - AppInit_DLLs: blocker.dll O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe • Press "Fix Checked" • Close Hijack This. • Download combofix from here Link 1 Link 2 1. If you are using Firefox, make sure that your download settings are as follows: * Tools->Options->Main tab * Set to "Always ask me where to Save the files". 2. During the download, rename Combofix to Combo-Fix as follows: 3. It is important you rename Combofix during the download, but not after. 4. Please do not rename Combofix to other names, but only to the one indicated. 5. Close any open browsers. 6. We need to disable your local AV (Anti-virus) before running Combofix. • See HERE for how to disable your AV. (Mcafee) • Double click on ComboFix.exe. • Follow the prompts. NOTE: • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.*** • Allow combofix to run • Post C:\combofix.txt back here. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.] Origin Tech Staff Posts : 2685 Joined : 2009-05-06 Operating System : Windows Xp Sp3 Re: I'm another victim of winblue ComboFix 09-06-03.01 - Candi Drop 06/03/2009 20:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.144 [GMT -4:00] Running from: c:\documents and settings\Candi Drop\My Documents\My Videos\Combo-Fix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\101zt9ief5830.ocx c:\windows\105659roz1d4.ocx c:\windows\1058spzmbot6359.ocx c:\windows\10875zackto9l7765.exe c:\windows\10z85hackt5o989.dll c:\windows\1126459t-a-virus5z.cpl c:\windows\1145thzeat26998.bin c:\windows\115159cktool680z.ocx c:\windows\1206zwo9m555.cpl c:\windows\12170zpy5d09.cpl c:\windows\122459orm52z.cpl c:\windows\12479not5a-zirus635.bin c:\windows\1274295oj43z.dll c:\windows\12775viru941z.cpl c:\windows\12968ha9k5zol173.dll c:\windows\129ca5dware15z0.exe c:\windows\131329zrus995.cpl c:\windows\13273s95z5a.exe c:\windows\13289hackto5lz2c.ocx c:\windows\13439vi9uz3595.cpl c:\windows\13566h5cktoo91acz.bin c:\windows\13577spzmbo9255.dll c:\windows\13596not-5-virus4e6z.cpl c:\windows\138zthr9at9523.dll c:\windows\14189virusz9d5.ocx c:\windows\14235not-az5iru9712.ocx c:\windows\142zv9r5s587.ocx c:\windows\14320vi59z496.exe c:\windows\143z7not5a-viru95b8.ocx c:\windows\14417hackto9524z.cpl c:\windows\14595pa9bot39z.exe c:\windows\14598virzs359.exe c:\windows\14902ha9ktzol58.ocx c:\windows\1510hackt9ol6adz.bin c:\windows\151719pyz5e.dll mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue c:\windows\151719pyz5e.dll c:\windows\15290virusz5e.ocx c:\windows\155bbaczdoor50569.bin c:\windows\155zsparse2992.bin c:\windows\15639hzc9tool5e9.bin c:\windows\157z0s5amb9t21e.dll c:\windows\15f8ad5wzre978.bin c:\windows\15z8addware693.dll c:\windows\16256not5a-virus9z8.cpl c:\windows\16a0downloade9255z.bin c:\windows\16bzthief26159.dll c:\windows\17193zo5-a-9irus1b5.ocx c:\windows\1720spy9a5e303z.bin c:\windows\175zvir1279.bin c:\windows\17673hazkt9ol185.exe c:\windows\17802hackt5oz9f5.bin c:\windows\1802spyzare2598.dll c:\windows\1829s5eal1z14.ocx c:\windows\1859backzoor1054.dll c:\windows\185z6wo9m678.ocx c:\windows\18862not-azvirus2f95.dll c:\windows\1887n9t-a-5irzs70b.cpl c:\windows\189025zy3be.dll c:\windows\189959py5bz.ocx c:\windows\18z49viru539a.bin c:\windows\190299ackzool2c5.dll c:\windows\191145orz9cb.ocx c:\windows\19215zpambot3df.ocx c:\windows\19415vizus6cc.ocx c:\windows\198z05pambot19f.bin c:\windows\1997downzoader5695.dll c:\windows\19dzth5eat20845.bin c:\windows\19f35ir1z92.bin c:\windows\19f9addwa5z2573.dll c:\windows\19z83hackt5ol169.bin c:\windows\1a56zte9l1125.ocx c:\windows\1ac4ba9kdoor235z.ocx c:\windows\1b509pzrs51822.cpl c:\windows\1d399parse85z.exe c:\windows\1e90backdo9r5z21.bin c:\windows\1z586spy25c9.ocx c:\windows\1zd8spa9se1756.dll c:\windows\205fbackdooz26899.dll c:\windows\21829hackto5l1z4.bin c:\windows\21954not5a-virus45z.exe c:\windows\21z1t9ief575.exe c:\windows\21z61sp5mbot697.dll c:\windows\227359za5bot6f1.dll c:\windows\23388hack5oo94dz.ocx c:\windows\23391spambz54a9.dll c:\windows\235015or91z5.ocx c:\windows\2361z9ot-a-virus595.bin c:\windows\23885viz9s1e3.ocx c:\windows\239szarse885.bin c:\windows\241zs5y933.exe c:\windows\2424ste9l25z9.dll c:\windows\24575vzrus6b69.dll c:\windows\24854zp5mbot99.bin c:\windows\24959spambot2zd9.cpl c:\windows\2495tro97z2.exe c:\windows\24z745iru930e.dll c:\windows\2525d5wnlz9der452.bin c:\windows\252fthrzat195.exe c:\windows\25385vi9zs45c5.exe c:\windows\253z9hief3185.bin c:\windows\25557v9r5s6za.exe c:\windows\25727zi9us1a5.bin c:\windows\25891sza59ot1b7.ocx c:\windows\25c2spa9ze2798.bin c:\windows\26459troj5z.bin c:\windows\265649pa5botz9.dll c:\windows\265775pamboz2e9.exe c:\windows\265vi93176z.cpl c:\windows\26841zir9s7a45.bin c:\windows\26902notza-viru592a.exe c:\windows\27215worm39z.ocx c:\windows\272379o5m466z.cpl c:\windows\27245hazktool949.cpl c:\windows\27556not9a-zirus6df.exe c:\windows\2791znot-a-vi5us72f.cpl c:\windows\27fzown95ader1912.ocx c:\windows\28457hackt9oz756.cpl c:\windows\2845z9roj5615.exe c:\windows\28c8d9wzload5r2580.bin c:\windows\29045h5cktzol1019.cpl c:\windows\29557worm6ze.exe c:\windows\29589zpy44d.ocx c:\windows\29671spy675z.dll c:\windows\2980ztro5522.bin c:\windows\299565r9jza7.cpl c:\windows\29b8ad5ware1z089.dll c:\windows\29czt9ief3259.exe c:\windows\29f3dzwnloa9er9125.ocx c:\windows\29z06vir9s7f35.exe c:\windows\29z1v5r580.exe c:\windows\2z40n5t9a-virus414.ocx c:\windows\2z540vi9us14e.dll c:\windows\2z671w9rm56c.exe c:\windows\2z6asparse2395.exe c:\windows\2z9115orm384.bin c:\windows\2z995spambot70f.dll c:\windows\3009virzs56b9.exe c:\windows\3032ad5war9z401.dll c:\windows\30549ir2337z.ocx c:\windows\308529orz315.exe c:\windows\3155ha9ktool2z5.exe c:\windows\318445zambot3b99.dll c:\windows\3275zs9y5d5.dll c:\windows\3326ha5ktool5z9.bin c:\windows\340295zeat10341.exe c:\windows\3412th9eaz67295.bin c:\windows\3452add9arez014.dll c:\windows\3456sz9mbot35.exe c:\windows\352faddware199z.bin c:\windows\35a8spyzar93226.bin c:\windows\365dsparsz1529.dll c:\windows\3695hackt9zl28a.ocx c:\windows\37529ir92z.exe c:\windows\3842h9cktoo57z8.bin c:\windows\38zabackdoo95183.dll c:\windows\3953virzs946.bin c:\windows\39575a9kdooz1664.cpl c:\windows\39585tzoj659.ocx c:\windows\3992spyzare2519.ocx c:\windows\39d95ackdoor1759z.ocx c:\windows\39f5thizf2971.dll c:\windows\39fe9p5zare178.dll c:\windows\3a55s9ezl509.cpl c:\windows\3b6cba9kdoor17z35.bin c:\windows\3e409parsez525.ocx c:\windows\3f25back9ozr2350.exe c:\windows\3f9eaddz5re1450.cpl c:\windows\3fz5addware5119.ocx c:\windows\3z35spywa9e595.cpl c:\windows\3z574w9rm2e5.bin c:\windows\406bbackdzor19985.dll c:\windows\411cthz9f2258.ocx c:\windows\42055a9ktool7d9z.cpl c:\windows\42z7ad9ware2157.dll c:\windows\43best9zl19105.bin c:\windows\4558spzmbo972c5.exe mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue c:\windows\4574zpy69f9.cpl c:\windows\4712z5ambot907.exe c:\windows\4759s5arse2658z.ocx c:\windows\4a2ethr9zt15832.cpl c:\windows\4c69tzie52979.bin c:\windows\4cds5ea92z06.bin c:\windows\4d4zt5rea915733.dll c:\windows\4e05iz915.exe c:\windows\4e53downlozder53599.cpl c:\windows\4e73zddw9re935.dll c:\windows\4efzbac5door1914.dll c:\windows\4ezfspar952366.bin c:\windows\4f53tz5ef1929.ocx c:\windows\4f7ebackdz9r1459.bin c:\windows\4z3aa59ware1367.dll c:\windows\4zbdownload5r957.ocx c:\windows\501e9dd5zre1539.cpl c:\windows\5085v5ruz349.bin c:\windows\515z7spy6a9.ocx c:\windows\51c9zir852.bin c:\windows\51z7t9reat192685.exe c:\windows\52756viru95z3.dll c:\windows\52z9thie51981.exe c:\windows\530z5i988.bin c:\windows\5340down9oade52968z.dll c:\windows\5388no5-a-vzrus2d9.exe c:\windows\542cthi9z5315.dll c:\windows\5449wo9m3az.ocx c:\windows\5454thie9z69.dll c:\windows\54908spz4ea.bin c:\windows\54bc9ddzare1871.ocx c:\windows\5555z5y6799.cpl c:\windows\55e2sp9rsz3597.bin c:\windows\55zfaddware1519.bin c:\windows\5674a9dw5rz2245.exe c:\windows\5681wo5z359.dll c:\windows\56e9spzrse2959.exe c:\windows\572dtzi9f3086.dll c:\windows\57703worm39z.exe c:\windows\579dth9efz955.bin c:\windows\5859add9arz1514.exe c:\windows\58919teaz2095.dll c:\windows\5901st5zl1686.cpl c:\windows\59267t9oj5c6z.ocx c:\windows\592bthreat5z54.dll c:\windows\5933wor5350z.bin c:\windows\595ad5wzloader652.dll c:\windows\59859te5l2478z.dll c:\windows\59939ot-a-zir5sce.ocx c:\windows\59z9troj280.cpl c:\windows\5a56tz5ef931.ocx c:\windows\5a9aazdware2137.dll c:\windows\5abasza9se29635.exe c:\windows\5c1dz5r27139.ocx c:\windows\5cdcthrzat9899.exe c:\windows\5d9fstealz98.bin c:\windows\5ddaspywarz4159.exe c:\windows\5ea5backdo5rz6689.cpl c:\windows\5f3e95ywaze923.dll c:\windows\5ff2ad59zre1132.cpl c:\windows\5z56w9rm146.bin c:\windows\5z6thief159.dll c:\windows\5z75thief31479.bin c:\windows\5z90t5ief2241.exe c:\windows\5zafaddw9re1820.cpl c:\windows\5zcet59ef631.ocx c:\windows\6025spywar9z903.cpl c:\windows\611notza-9irus575.exe c:\windows\626fthrezt582109.ocx c:\windows\63a59zdware2539.cpl c:\windows\6505back9oor1z78.cpl c:\windows\65z0thief31049.bin c:\windows\66999d5waze680.dll c:\windows\6785szyware9623.exe c:\windows\67d5sp9rsez085.ocx c:\windows\683z9a5kdoor201.cpl c:\windows\6915steal965z.exe c:\windows\6941ad9waze2159.bin c:\windows\695ztroj9c3.bin c:\windows\6962th5ef272z.cpl c:\windows\696s5y234z.dll c:\windows\6a0b5tez93158.bin c:\windows\6a50spyw9ze3003.exe c:\windows\6aafthzeat958935.ocx c:\windows\6czthief20259.exe c:\windows\6dbzthrea952458.bin c:\windows\6e15threaz92500.exe c:\windows\6f29a9dwarz525.dll c:\windows\6z24tro919c5.ocx c:\windows\70035zr1893.dll c:\windows\70389hie52076z.exe c:\windows\7069viruz9855.exe c:\windows\712f5par9z1186.dll c:\windows\7195sz9ware173.exe c:\windows\71aca95warz2864.cpl c:\windows\71d9threat5z09.exe c:\windows\7243zpyware15659.bin c:\windows\7255no5-a-virus5ze9.bin c:\windows\7255t9oz225.exe c:\windows\738zt5re9t10057.ocx c:\windows\740d59eal51z.dll c:\windows\7476s5zware9600.dll c:\windows\7520tzo93f6.ocx c:\windows\75vir19z.exe c:\windows\760ebackdozr915.bin c:\windows\7895z5915c.cpl c:\windows\7936vir1295z.bin c:\windows\7bb39h5ef1578z.cpl c:\windows\7bbcba9kzoo52764.exe c:\windows\7d575ownzoader25969.dll c:\windows\7db5dzwnlo5der729.cpl c:\windows\7dcza9dwar5606.bin c:\windows\7dezste5l8489.ocx c:\windows\7z03steal3519.bin c:\windows\7z95spambot157.ocx c:\windows\8528hacktoo59z.dll c:\windows\85449ot-a-zirus485.dll c:\windows\8575spazb9t75.exe c:\windows\8795vzr9s58.bin c:\windows\8z49not-a-virus656.bin c:\windows\90ezaddw5re1578.ocx c:\windows\9100stzal2965.bin c:\windows\9175sparse2972z.dll c:\windows\9258spy78az.cpl c:\windows\9268not-a-v9rus55bz.exe c:\windows\926z8viru5200.bin c:\windows\93491spy54z.dll c:\windows\940backdoz5669.dll c:\windows\949zhack9ool6705.cpl mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue c:\windows\951bazk95or2802.exe c:\windows\955z6spy2335.bin c:\windows\95706spy16z.exe c:\windows\9649not-a-viru951fz.bin c:\windows\96559wormz0b.bin c:\windows\96bzparse27945.dll c:\windows\982vi59s7z3.bin c:\windows\98czthreat275355.exe c:\windows\9a2z5ir1319.cpl c:\windows\9adth5eaz5059.bin c:\windows\9b25thzeat24564.dll c:\windows\9b3cspar5e2z85.dll c:\windows\9d1stezl5549.exe c:\windows\9d20spar5e10z7.cpl c:\windows\9ezi51103.bin c:\windows\9z60downl5ader190.bin c:\windows\9zc6vir5795.exe c:\windows\a61down5o9dzr1937.bin c:\windows\bd0thief2z519.exe c:\windows\bz7sp9rse59.dll c:\windows\dzfad5ware28799.exe c:\windows\e375hief19z9.cpl c:\windows\e85backdozr997.bin c:\windows\f41spyw9re256z.ocx c:\windows\f925teal1z77.exe c:\windows\fa9st5az2122.bin c:\windows\IE4 Error Log.txt c:\windows\system32\10249wzrm4d65.dll c:\windows\system32\1039zhief519.ocx c:\windows\system32\11464spambz539b.cpl c:\windows\system32\115255pambot2z9.cpl c:\windows\system32\11585troz309.cpl c:\windows\system32\115spzm9ot7af5.exe c:\windows\system32\11652spambot695z.dll c:\windows\system32\11693spy5za.cpl c:\windows\system32\11811s5z9d4.cpl c:\windows\system32\120zth5e92550.dll c:\windows\system32\1239z5pambot58.bin c:\windows\system32\1265tr9z699.bin c:\windows\system32\1327tro9z05.bin c:\windows\system32\13497szamb5966f.exe c:\windows\system32\13909spam5zt31b.exe c:\windows\system32\13a5baczdoor2999.exe c:\windows\system32\14406hackt5z9174.exe c:\windows\system32\1451backdoor29z9.bin c:\windows\system32\14598s5ambzt95.exe c:\windows\system32\146z0hack5oo9399.bin c:\windows\system32\14f6bz95door649.ocx c:\windows\system32\1509hackzoole59.ocx c:\windows\system32\15495not5azvirus19a.cpl c:\windows\system32\15574worm9zb.bin c:\windows\system32\15594zroj9ea.bin c:\windows\system32\15951tzoj6f5.dll c:\windows\system32\15976wzr57b1.dll c:\windows\system32\15a2thz9at21507.bin c:\windows\system32\15z859orm95.bin c:\windows\system32\15z8t9reat16335.cpl c:\windows\system32\16575trz950c.dll c:\windows\system32\1687sp9mbztee5.dll c:\windows\system32\16995not-5-zirus793.dll c:\windows\system32\175529zrm46d.dll c:\windows\system32\17f5addza9e5673.exe c:\windows\system32\17f85pyw9ze2729.bin c:\windows\system32\17z23not-95virus7c3.cpl c:\windows\system32\180759pambot359z.bin c:\windows\system32\188z1h5cktool2df9.dll c:\windows\system32\18999trojz5.bin c:\windows\system32\18zds59rse276.dll c:\windows\system32\19033spzm5ot4c9.dll c:\windows\system32\19033zirus4185.exe c:\windows\system32\19056vzru9604.cpl c:\windows\system32\19098z9rus1e85.exe c:\windows\system32\19385zorm3c59.bin c:\windows\system32\19398spambo9325z.bin c:\windows\system32\19553vi5us5za.dll c:\windows\system32\1959zvirus391.exe c:\windows\system32\19839zorm556.bin c:\windows\system32\19845no5-a-v9rus61z.ocx c:\windows\system32\1990addw5re6z3.ocx c:\windows\system32\1995spzmbot6f5.bin c:\windows\system32\199z8spy57.bin c:\windows\system32\19c2d9wnlzad5r2192.ocx c:\windows\system32\1c47z5eal9659.exe c:\windows\system32\1d1ezpyware20569.ocx c:\windows\system32\1z102spy5559.ocx c:\windows\system32\1z114vir9s70f5.exe c:\windows\system32\1za9s5e9l2725.bin c:\windows\system32\20296hack9oolz5.dll c:\windows\system32\20449vir5s7cz.cpl c:\windows\system32\20456zot-a-vi5u97e1.exe c:\windows\system32\20512trzj913.cpl c:\windows\system32\209935rojzd9.dll c:\windows\system32\209z1spamb9t258.dll c:\windows\system32\21542spzmbo9460.exe c:\windows\system32\219cthre5t2606z.exe c:\windows\system32\21c7s9y5are2548z.ocx c:\windows\system32\22883s5ambot13z9.dll c:\windows\system32\23256hackzool9b8.bin c:\windows\system32\2352zhackt59l7c4.cpl c:\windows\system32\23837zack5o9l779.exe c:\windows\system32\23978not-5-vizu9138.exe c:\windows\system32\239bspz5se31839.cpl c:\windows\system32\2519hac5tzol69d.ocx c:\windows\system32\25252w9rm35z.ocx c:\windows\system32\2529szeal1171.dll c:\windows\system32\25323z9oj5a9.bin c:\windows\system32\253z5worm9d.dll c:\windows\system32\255239orm5az.exe c:\windows\system32\25587sp9mzot775.exe c:\windows\system32\255athzef27945.bin c:\windows\system32\25688s5ambo97c4z.ocx c:\windows\system32\25732tzo9791.cpl c:\windows\system32\2576zhack59ol7d3.ocx c:\windows\system32\2590659t-a-virus5z4.dll c:\windows\system32\2592th5zf66.exe c:\windows\system32\25963hack5z9l5bc.bin c:\windows\system32\259d9teal25z8.dll c:\windows\system32\259dthief972z.bin c:\windows\system32\25a0spyzare931.exe c:\windows\system32\26059zp559.exe c:\windows\system32\26872spy935z.exe c:\windows\system32\26902spamboz159.dll c:\windows\system32\26930tro5290z.bin c:\windows\system32\26azdwa5e23969.cpl c:\windows\system32\26bsp9warez53.cpl c:\windows\system32\26d5thief597z.dll c:\windows\system32\26z9vir3581.bin c:\windows\system32\2719addwzre29015.dll c:\windows\system32\275e5tezl1190.exe c:\windows\system32\2799stzal5095.exe c:\windows\system32\27c1bzckd5or9196.ocx c:\windows\system32\27e4sz5rse9250.cpl c:\windows\system32\2813995y5zc.cpl c:\windows\system32\2830spzr5e7729.dll c:\windows\system32\28395spz749.cpl c:\windows\system32\286z595y25c.bin c:\windows\system32\28813hzck59ol1db.bin c:\windows\system32\289009zambot526.cpl c:\windows\system32\28956not-a-viruz5b9.dll c:\windows\system32\29098not-a-vir5z77b.cpl c:\windows\system32\292th9eat52947z.bin c:\windows\system32\29376ha9ktozl356.exe c:\windows\system32\294735py2f2z.dll c:\windows\system32\2955spzware1977.exe c:\windows\system32\295zdownloader79.bin c:\windows\system32\298zspy5ar91242.ocx c:\windows\system32\2a585dd9are3116z.ocx c:\windows\system32\2aes9ars53z72.dll c:\windows\system32\2af85ac9dooz1981.dll c:\windows\system32\2d79th5ef20z9.dll c:\windows\system32\2e50addwaze5029.cpl c:\windows\system32\2z045ir890.bin c:\windows\system32\2z088spamb5t980.cpl c:\windows\system32\2z4th95at15381.exe c:\windows\system32\2z8775ot-a-9irus5e6.ocx c:\windows\system32\30169v9zus3c65.dll c:\windows\system32\30594v5rus73z.bin c:\windows\system32\30794s5ambot51z9.cpl c:\windows\system32\31594t9oj7e5z.ocx c:\windows\system32\31627z9ambot4dd5.dll c:\windows\system32\31644v5rzs692.ocx c:\windows\system32\32299trz5533.cpl c:\windows\system32\329115irus5z1.dll c:\windows\system32\3294sz9ware1650.exe c:\windows\system32\34c8z5reat210689.cpl c:\windows\system32\351zhackto9l578.ocx c:\windows\system32\35409spy42z.dll c:\windows\system32\355a5tealz6559.cpl c:\windows\system32\35930zirus407.cpl c:\windows\system32\3595thrzat155515.ocx c:\windows\system32\35dfsparze9924.bin c:\windows\system32\35zdbackdoor2996.exe c:\windows\system32\3607zr95734.ocx c:\windows\system32\367ebackd5or196z.bin c:\windows\system32\37zcspywar932595.cpl c:\windows\system32\38979ac5zoor402.bin c:\windows\system32\3960tzre9t56352.exe c:\windows\system32\39d7spywa5e57z.dll c:\windows\system32\3a8zs95al1894.bin c:\windows\system32\3aza9pyware5706.ocx c:\windows\system32\3bbdt9iez1159.cpl c:\windows\system32\3c5adownloade51z99.ocx c:\windows\system32\3ddds5ar9e315z.ocx c:\windows\system32\3z175troj792.exe c:\windows\system32\3z39troj4975.bin c:\windows\system32\3z9steal19915.ocx c:\windows\system32\40czdownloader2995.cpl c:\windows\system32\4204th95f4z4.exe c:\windows\system32\4289nzt5a-virus89.ocx c:\windows\system32\42b9thief90z5.cpl c:\windows\system32\43zro579d.ocx c:\windows\system32\4501s9yw5ze3055.cpl c:\windows\system32\4515o9nloader20z5.exe mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue c:\windows\system32\4520thie91542z.exe c:\windows\system32\45d6th9ef898z.dll c:\windows\system32\48135ownlz9der851.exe c:\windows\system32\4897thiez2395.dll c:\windows\system32\492add9az5546.bin c:\windows\system32\4956zackdoor900.bin c:\windows\system32\49c7bazkdo5r2914.dll c:\windows\system32\4a5dsza9se1441.exe c:\windows\system32\4b2ev59308z.exe c:\windows\system32\4b82thre5t183z69.ocx c:\windows\system32\4ba6d9wn5oader920z.cpl c:\windows\system32\4ca2thie95094z.bin c:\windows\system32\4cdzaddwar9750.cpl c:\windows\system32\4f18downloa9er242z5.cpl c:\windows\system32\4f8fthizf9520.ocx c:\windows\system32\4z47s9ambot295.ocx c:\windows\system32\4z999ir2546.cpl c:\windows\system32\50275hrzat9089.bin c:\windows\system32\5043downloazer8899.cpl c:\windows\system32\5054zv9rus164.dll c:\windows\system32\5063zir494.bin c:\windows\system32\50ee9irz3.ocx c:\windows\system32\51083hackzool58f9.exe c:\windows\system32\5135t5rzat9595.exe c:\windows\system32\513z7troj19f9.cpl c:\windows\system32\51425viru9z2b.dll c:\windows\system32\519zv591008.ocx c:\windows\system32\536bac9zoor1100.exe c:\windows\system32\539zvi52331.ocx c:\windows\system32\53e8stezl2985.cpl c:\windows\system32\549notza-virus48e.dll c:\windows\system32\5509z9rm1b5.exe c:\windows\system32\550c9hr5at304z6.dll c:\windows\system32\5526ste9l211z.dll c:\windows\system32\5529irz222.cpl c:\windows\system32\5546downlozder2395.dll c:\windows\system32\554addwaze24999.bin c:\windows\system32\5550v5ruz3259.bin c:\windows\system32\558hazktoo92d9.ocx c:\windows\system32\558zhacktool926.cpl c:\windows\system32\5594s5ar9e73z.exe c:\windows\system32\56bba9dzare755.exe c:\windows\system32\57099oznload5r2904.bin c:\windows\system32\5780not-a-vi9us109z.ocx c:\windows\system32\57z55py596.exe c:\windows\system32\5839threat115z.dll c:\windows\system32\589b9ckdooz126.dll c:\windows\system32\58e9z5eal731.ocx c:\windows\system32\58z65ir31659.cpl c:\windows\system32\5919threat10251z.dll c:\windows\system32\5938trzj5915.cpl c:\windows\system32\594fvi5z87.bin c:\windows\system32\596athief103z.ocx c:\windows\system32\59c5vir118z.bin c:\windows\system32\59despa9se51z5.ocx c:\windows\system32\5a0zd59nloader625.cpl c:\windows\system32\5az49hreat9019.dll c:\windows\system32\5azddware1892.ocx c:\windows\system32\5b6cbackdooz5983.cpl c:\windows\system32\5c8fbackd5or15z9.ocx c:\windows\system32\5c98sparse149z.exe c:\windows\system32\5ce45tz9l2580.exe c:\windows\system32\5ce7s5ywaze259.ocx c:\windows\system32\5cf5downloadzr28829.cpl c:\windows\system32\5d4zack9o5r1199.ocx c:\windows\system32\5e09s5yware31z4.dll c:\windows\system32\5ed8sparse295z.cpl c:\windows\system32\5efbthreaz91775.cpl c:\windows\system32\5f50vzr9357.ocx c:\windows\system32\5f52add9are14z5.ocx c:\windows\system32\5f5zspywar92394.ocx c:\windows\system32\5f6downloazer16789.dll c:\windows\system32\5fz5sp9rse512.bin c:\windows\system32\5z289acktool60.cpl c:\windows\system32\5z35t9reat57142.dll c:\windows\system32\5z67sparse1095.dll c:\windows\system32\5z98vir3515.dll c:\windows\system32\5ze2th5eat19378.exe c:\windows\system32\603zsparse9205.bin c:\windows\system32\6055steal1289z.dll c:\windows\system32\6092sparse2539z.dll c:\windows\system32\61629azkdoor565.dll c:\windows\system32\635dthrz9t27366.exe c:\windows\system32\639bdow5zoader1599.bin c:\windows\system32\6511spy9are538z.bin c:\windows\system32\6529thief316z.bin c:\windows\system32\655backdozr3902.bin c:\windows\system32\655zspyware194.dll c:\windows\system32\65b5addwzre960.ocx c:\windows\system32\6695spamb9t8z.ocx c:\windows\system32\67179parse235z.ocx c:\windows\system32\6753hacztoo92b2.ocx c:\windows\system32\67939hr5at54z.cpl c:\windows\system32\6985th9eat56261z.dll c:\windows\system32\69c6d5wnloaderz50.dll c:\windows\system32\6az95hreat19828.dll c:\windows\system32\6c15st9az944.bin c:\windows\system32\6c7ds5ar9e510z.ocx c:\windows\system32\6d3fste9l5z9.cpl c:\windows\system32\6e9azddware505.bin c:\windows\system32\6f29downloader594z.bin c:\windows\system32\6z495i92856.dll c:\windows\system32\6z63s5eal9979.cpl c:\windows\system32\6z81thi59871.ocx c:\windows\system32\7059za5kdoor2725.bin c:\windows\system32\705bbz5kd9or286.ocx c:\windows\system32\71159teaz1865.dll c:\windows\system32\714addwa5e93z1.dll c:\windows\system32\715fad9waze3044.dll c:\windows\system32\7345addw9rez895.ocx c:\windows\system32\73z4sp5rse21509.bin c:\windows\system32\7495zi5us30c9.bin c:\windows\system32\749d9ir2z965.bin c:\windows\system32\751cdownloaze93145.bin c:\windows\system32\7549virzs7f15.exe c:\windows\system32\7557downloadzr59.exe c:\windows\system32\75zesp9rse5148.cpl c:\windows\system32\7607a9dw5re249z.bin c:\windows\system32\765dbackdooz2909.exe c:\windows\system32\765troz3c9.dll c:\windows\system32\77ddadd9are1591z.dll c:\windows\system32\77eb9ckdooz1253.exe c:\windows\system32\79a8threat5z089.ocx c:\windows\system32\79e3spazse39275.bin c:\windows\system32\79f8downzoader2915.bin c:\windows\system32\7acadowzloade915805.ocx c:\windows\system32\7ad9th9eatz6705.exe c:\windows\system32\7b9zth5eat7678.bin c:\windows\system32\7bbspa9se3z75.bin c:\windows\system32\7c26threa97325z.ocx c:\windows\system32\7c59zhreat11612.dll c:\windows\system32\7fc5vi9768z.cpl c:\windows\system32\7z619ir24295.dll c:\windows\system32\7zf3addw9re26925.ocx c:\windows\system32\885s9zm5ot1ad.ocx c:\windows\system32\8915n9t-a-virus23cz.exe c:\windows\system32\898zorm95.bin c:\windows\system32\89bspy5arez94.dll c:\windows\system32\8dfszywar59608.exe c:\windows\system32\9099t59j73az.exe c:\windows\system32\90c4thzef5765.bin c:\windows\system32\9338not-a5vizus6af9.cpl c:\windows\system32\9386zworm7045.ocx c:\windows\system32\93eavir5980z.ocx c:\windows\system32\947dback5oor1569z.exe c:\windows\system32\9489addwar5360z.cpl c:\windows\system32\94zevir5489.ocx c:\windows\system32\952viz2879.dll c:\windows\system32\9539zwo5m371.dll c:\windows\system32\9542spy6z89.dll c:\windows\system32\9557virzs1a5.exe c:\windows\system32\957addz5re577.exe c:\windows\system32\95z3spywar51329.ocx c:\windows\system32\96azthief5588.exe c:\windows\system32\9795spy2fz.exe c:\windows\system32\9815szy335.exe c:\windows\system32\985adownloader1978z.dll c:\windows\system32\989bviz5985.exe c:\windows\system32\98a5sp5zare2254.dll c:\windows\system32\99211ha5ztool748.bin c:\windows\system32\9929hackto5l2za.ocx c:\windows\system32\993z5teal804.ocx c:\windows\system32\9975troj7ze.cpl c:\windows\system32\997backzoo95937.exe c:\windows\system32\9beaadzware5237.ocx c:\windows\system32\9befstzal2335.cpl c:\windows\system32\9c2zsteal5450.ocx c:\windows\system32\9cbe5ownloader126z.ocx c:\windows\system32\9f01azdwar5676.dll c:\windows\system32\9z856virus595.cpl c:\windows\system32\9zfdow9loader85.exe c:\windows\system32\b9f9azkdoo5958.cpl c:\windows\system32\c50d5znloade92100.cpl c:\windows\system32\drivers\I2220NTA.CAT c:\windows\system32\drivers\I2220NTX.CAT c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf c:\windows\system32\drivers\Msft_Kernel_zumbus_01005.Wdf c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf c:\windows\system32\drivers\netag3n.cat c:\windows\system32\drivers\tmimo3p.CAT c:\windows\system32\e1dazd95re2646.exe c:\windows\system32\z0075worm2b95.cpl c:\windows\system32\z0419spambo52aa.ocx c:\windows\system32\z10f5pyware8689.dll c:\windows\system32\z1359spy595.dll c:\windows\system32\z1a0s9eal15115.ocx c:\windows\system32\z263ad5ware1093.cpl c:\windows\system32\z276vi5us693.bin c:\windows\system32\z2cfthi591317.dll c:\windows\system32\z3579wo9m5265.bin c:\windows\system32\z3bbvir5977.ocx c:\windows\system32\z4055spambot9e65.exe c:\windows\system32\z436spa9bot6e95.ocx c:\windows\system32\z45129p521f.ocx c:\windows\system32\z459addware3060.bin c:\windows\system32\z4b7s9yware451.bin mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue c:\windows\system32\z5349vi5us42b.bin c:\windows\system32\z5e0steal2952.exe c:\windows\system32\z69bdownload5r716.bin c:\windows\system32\z70bbackdoor6589.cpl c:\windows\system32\z74295arse2345.exe c:\windows\system32\z756hacktoo9b8.bin c:\windows\system32\z897t5ief3099.dll c:\windows\system32\z9dthr5at14421.dll c:\windows\system32\z9fdsparse560.exe c:\windows\system32\za5cspy9are884.bin c:\windows\system32\zb5e9ir2179.cpl c:\windows\system32\zb79t9reat12573.ocx c:\windows\system32\zd51spy9are930.ocx c:\windows\system32\ze57add5are896.cpl c:\windows\system32\zf05sparse9394.exe c:\windows\z0168worm45e9.bin c:\windows\z035t9reat219575.dll c:\windows\z051addware2149.ocx c:\windows\z158spambot40a9.cpl c:\windows\z1951w5rm748.ocx c:\windows\z1d7addwa9e7195.exe c:\windows\z2126spy9de5.dll c:\windows\z2255r9j3a0.cpl c:\windows\z3895wor54919.ocx c:\windows\z492vir23125.bin c:\windows\z495hacktool195.dll c:\windows\z495vir1593.dll c:\windows\z4a95hief1771.cpl c:\windows\z4d5vir9079.bin c:\windows\z595st9al589.ocx c:\windows\z5b9addware75.cpl c:\windows\z6458tro95fc.ocx c:\windows\z6549spyee.dll c:\windows\z677ste5l12819.exe c:\windows\z6955spy157.ocx c:\windows\z785t9i5f2577.ocx c:\windows\z7997worm68f5.exe c:\windows\z817threat59974.cpl c:\windows\z8558hacktoo95c.ocx c:\windows\z857tr9j15d.bin c:\windows\z89305py91d.exe c:\windows\z906thre5t28205.ocx c:\windows\z951threa5952.exe c:\windows\z9e9stea5652.ocx c:\windows\z9parse3475.dll c:\windows\za19s5yware1225.dll c:\windows\za9ev5r597.ocx c:\windows\zdb95hreat23937.exe c:\windows\zf8ad5ware2990.bin D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 ))))))))))))))))))))))))))))))) . 2009-06-04 00:08 . 2009-06-04 00:09 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot 2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro 2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-06-03 00:02 . 2009-06-03 00:02 361472 ----a-w- c:\windows\system32\tempo-setup2.exe 2009-06-01 23:57 . 2009-06-01 23:57 10684866 ----a-w- c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer.exe 2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-05-24 23:02 . 2009-06-03 00:07 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Azureus 2009-05-24 22:59 . 2009-05-24 23:08 -------- d-----w- c:\program files\Vuze 2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository 2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer 2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe 2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2 2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU 2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe 2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient 2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla 2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe 2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe 2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 00:37 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-04 00:35 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-04 00:35 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-04 00:35 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-04 00:35 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat 2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0 2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks 2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX 2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX 2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll 2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll 2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll 2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll 2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll 2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll 2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java 2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo! 2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll 2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll 2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll 2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe 2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe 2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll 2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll 2007-11-14 22:10 . 2007-11-14 03:16 24 -csh--w- c:\windows\SAE0A6F7D.tmp 2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys 2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576] Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/2/2008 8:33 PM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = [You must be registered and logged in to see this link.] uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.] mStart Page = [You must be registered and logged in to see this link.] mSearch Bar = [You must be registered and logged in to see this link.] uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = [You must be registered and logged in to see this link.] IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\ FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.] FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.] Rootkit scan 2009-06-03 20:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-06-04 21:04 ComboFix-quarantined-files.txt 2009-06-04 01:03 Pre-Run: 21,312,040,960 bytes free Post-Run: 21,868,310,528 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 920 --- E O F --- 2009-06-03 23:54 mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue Hello. I see you have Viewpoint software installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: here and here I suggest you remove the program now. Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present. • Viewpoint Manager (remove only) • Viewpoint Media Player • Viewpoint Toolbar Now open a new notepad file. Input this into the notepad file: KILLALL:: File:: c:\windows\system32\tempo-setup2.exe c:\windows\SAE0A6F7D.tmp Folder:: c:\documents and settings\Candi Drop\Application Data\Azureus c:\program files\Vuze c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"=- Save this as CFScript.txt, save it to your desktop also. Then drag and drop CFScript.txt into combofix as seen below: This will open combofix again, agree to it's terms and allow it to run. It may want to reboot after it's done. (It will warn you if it wants to) Post the resulting log back here. @RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs. Belahzur Manager | Tech Officer Posts : 34917 Joined : 2008-08-04 Operating System : XP SP3 Media Centre Re: I'm another victim of winblue ComboFix 09-06-03.01 - Candi Drop 06/03/2009 21:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.119 [GMT -4:00] Running from: c:\documents and settings\Candi Drop\My Documents\My Videos\Combo-Fix.exe Command switches used :: c:\documents and settings\Candi Drop\My Documents\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "c:\windows\SAE0A6F7D.tmp" "c:\windows\system32\tempo-setup2.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Candi Drop\Application Data\Azureus c:\documents and settings\Candi Drop\Application Data\Azureus\.certs c:\documents and settings\Candi Drop\Application Data\Azureus\.keystore c:\documents and settings\Candi Drop\Application Data\Azureus\.lock c:\documents and settings\Candi Drop\Application Data\Azureus\active\0A0B6EAAD77C0CDF31DF350E5253887564366881.dat c:\documents and settings\Candi Drop\Application Data\Azureus\active\0A0B6EAAD77C0CDF31DF350E5253887564366881.dat.bak c:\documents and settings\Candi Drop\Application Data\Azureus\active\FE646CAF4CF1F5F159AD13AB54EFD5802319A55B.dat c:\documents and settings\Candi Drop\Application Data\Azureus\active\FE646CAF4CF1F5F159AD13AB54EFD5802319A55B.dat.bak c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.config c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.statistics c:\documents and settings\Candi Drop\Application Data\Azureus\azureus.statistics.bak c:\documents and settings\Candi Drop\Application Data\Azureus\cnetworks.config c:\documents and settings\Candi Drop\Application Data\Azureus\devices.config c:\documents and settings\Candi Drop\Application Data\Azureus\devices.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\dht\addresses.dat c:\documents and settings\Candi Drop\Application Data\Azureus\dht\contacts.dat c:\documents and settings\Candi Drop\Application Data\Azureus\dht\diverse.dat c:\documents and settings\Candi Drop\Application Data\Azureus\dht\general.dat c:\documents and settings\Candi Drop\Application Data\Azureus\dht\version.dat c:\documents and settings\Candi Drop\Application Data\Azureus\downloads.config c:\documents and settings\Candi Drop\Application Data\Azureus\downloads.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\friends.config c:\documents and settings\Candi Drop\Application Data\Azureus\friends.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\ipfilter.cache c:\documents and settings\Candi Drop\Application Data\Azureus\logs\alerts_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\clientid_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\CNetworks_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\debug_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Devices_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Friends_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\MetaSearch_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\NetStatus_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\seltrace_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\Subscriptions_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\thread_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\thread_2.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.ads_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.CMsgr_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.emp_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Friends_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Friends_2.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.PMsgr_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\logs\v3.Stream_1.log c:\documents and settings\Candi Drop\Application Data\Azureus\metasearch.config c:\documents and settings\Candi Drop\Application Data\Azureus\metasearch.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\net\pm_22773.dat c:\documents and settings\Candi Drop\Application Data\Azureus\net\pm_default.dat c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\azump_1.3.jar c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\azump_1.3.zip c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer.exe c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azump\mplayer\config c:\documents and settings\Candi Drop\Application Data\Azureus\plugins\azupnpav\cd.dat c:\documents and settings\Candi Drop\Application Data\Azureus\sidebarauto.config c:\documents and settings\Candi Drop\Application Data\Azureus\sidebarauto.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\subs\400B09C6BFC041C77125.vuze c:\documents and settings\Candi Drop\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze c:\documents and settings\Candi Drop\Application Data\Azureus\subs\87E23B1872099785E348.vuze c:\documents and settings\Candi Drop\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze c:\documents and settings\Candi Drop\Application Data\Azureus\subs\FDA6C9DF3B7E1F2FABB6.vuze c:\documents and settings\Candi Drop\Application Data\Azureus\subscriptions.config c:\documents and settings\Candi Drop\Application Data\Azureus\subscriptions.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\tables.config c:\documents and settings\Candi Drop\Application Data\Azureus\tables.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\timingstats.dat c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU107787296963972247.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU1529233668609806418.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU214149684569347568.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU2514381345798138013.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU275085248884005532.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU4233609604609371708.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU5245277886146964402.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU5389728241646696845.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6082309576462123970.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6243922447146768488.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU6283595954165585738.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7536209642271768462.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7568853768625403076.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU7859733689560533652.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU8368403792997730814.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\tmp\AZU8520211911358395100.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU5962977002979067292.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU6785125243215119707.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\AZU7122738622163932536.tmp c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\He's_Just_Not_That_Into_You_[2009]_DvdRip_XviD-aXXo.torrent c:\documents and settings\Candi Drop\Application Data\Azureus\torrents\Terminator Salvation (2009) !DVDRip XviD - aXXo.torrent mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config.bak c:\documents and settings\Candi Drop\Application Data\Azureus\update.log c:\documents and settings\Candi Drop\Application Data\Azureus\update.properties c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat.bak c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config.bak c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Log\2009 Jun 03 - 08_08_57 PM_375.log c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\rs.dat c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Settings\ScanResults.pie c:\windows\SAE0A6F7D.tmp c:\windows\system32\tempo-setup2.exe . ((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 ))))))))))))))))))))))))))))))) . 2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro 2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository 2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer 2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe 2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2 2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU 2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe 2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient 2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla 2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe 2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe 2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 01:32 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-06-04 01:31 . 2006-10-21 16:27 -------- d-----w- c:\program files\Viewpoint 2009-06-04 01:30 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-04 01:30 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-04 01:30 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-04 01:30 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-04 01:18 . 2006-10-21 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat 2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0 2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks 2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX 2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX 2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll 2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll 2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll 2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll 2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll 2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll 2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java 2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo! 2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll 2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll 2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll 2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe 2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe 2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll 2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll 2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys 2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_388.dat + 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_32c.dat - 2009-06-02 22:18 . 2009-06-02 22:18 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat + 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat + 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-10-26 01:33 . 2009-06-04 00:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-10-26 01:33 . 2009-06-04 01:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576] Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] mscandidrop Newbie Surfer Posts : 32 Joined : 2009-06-04 Operating System : windows xp Re: I'm another victim of winblue [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . . ------- Supplementary Scan ------- . uStart Page = [You must be registered and logged in to see this link.] uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.] mStart Page = [You must be registered and logged in to see this link.] mSearch Bar = [You must be registered and logged in to see this link.] uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = [You must be registered and logged in to see this link.] IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\ FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.] . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.] Rootkit scan 2009-06-03 21:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2760) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Connect 2\wmccds.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-04 21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 01:38
ComboFix2.txt 2009-06-04 01:04

Pre-Run: 21,894,123,520 bytes free
Post-Run: 21,910,466,560 bytes free

299 --- E O F --- 2009-06-03 23:54

mscandidrop

Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : windows xp

Re: I'm another victim of winblue

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

Origin

Tech Staff

Posts : 2685
Joined : 2009-05-06
Operating System : Windows Xp Sp3

Re: I'm another victim of winblue

ok i got it..... everything seems to be running great... plus the viewpoint thing was great idea... i didn't know what it was for and wasn't sure if i should remove it or not. so thanks for the heads up on that... I'm trying to get rid of some of the things i don't need. lol thankyou agian. you guys are very good at this.... i'll have to slide you guys a little something sometime.

mscandidrop

Newbie Surfer

Posts : 32
Joined : 2009-06-04
Operating System : windows xp