WinBlueSoft - I'm another sucker

View previous topic View next topic Go down

WinBlueSoft - I'm another sucker

Post by picman2 on Wed Jun 03, 2009 10:20 pm

Hoping you can help - I've deleted the program file and some other component but its still got me in its clutches.
I'd be grateful for any assistance please. Couldn't get any remove programs to work even after renaming and I tried several online removers as well without luck. Here is my Hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 8:00:14 AM, on 4/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SPEEDO~1\SPO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\PhotoStudio Expressions\PMMonitor.exe
C:\WINDOWS\system32\CNAC1RPK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Boom\Desktop\MAIN PROGRAMS\CLEANERS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedOptimizer] "C:\PROGRA~1\SPEEDO~1\SPO.EXE" -s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\PhotoStudio Expressions\PMMonitor.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - [You must be registered and logged in to see this link.]
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64D4E58-8DB2-4FBE-AD80-4525359B8DF6}: NameServer = 127.0.0.1,10.0.0.138
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9c09612b57da2) (gupdate1c9c09612b57da2) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by Belahzur on Wed Jun 03, 2009 10:23 pm


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Delete a file on reboot..."
  • Then find and select this file: C:\windows\system32\blocker.dll
  • Select okay and select yes to reboot.

Let me know once you've done that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Wed Jun 03, 2009 10:43 pm

I deleted the blocker.dll manually just before.
I have run one sweep of Malwarebytes as its working now. It deleted some 30 plus problems.
I'm just running it again now on the full system scan option.
Should I do another hijack report after that scan and post this first?

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by Belahzur on Thu Jun 04, 2009 12:13 am


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Combo fix report first part

Post by picman2 on Thu Jun 04, 2009 4:31 am

Hi Guys,
I still have the WinBlueSoft over my screen but most of my programs are working now from what I can tell.
Here is the current report from Combo fix. It wont send in one go as it says its too big so I'll try in three parts:

c:\windows\system32\10849ir53z.ocx
c:\windows\system32\1129t9zef3158.bin
c:\windows\system32\11429spamb954zc.cpl
c:\windows\system32\119badd59rez565.exe
c:\windows\system32\119dthz9f2952.cpl
c:\windows\system32\120zb5c9door2920.cpl
c:\windows\system32\126z2n95-a-virus461.cpl
c:\windows\system32\12858ha5ktooz5419.ocx
c:\windows\system32\12870wormz95.bin
c:\windows\system32\12933hac5tozle2.exe
c:\windows\system32\12973zor5153.dll
c:\windows\system32\12z44sp9mbot6995.exe
c:\windows\system32\1335v5rzs49e.ocx
c:\windows\system32\13592zorm474.cpl
c:\windows\system32\13983spyz51.ocx
c:\windows\system32\1403ba5kdooz6299.bin
c:\windows\system32\144465otz9-virus2a8.exe
c:\windows\system32\1449st95lz802.exe
c:\windows\system32\14562spy59fz.dll
c:\windows\system32\1495th9eaz16169.ocx
c:\windows\system32\15001troj1z39.cpl
c:\windows\system32\152999p5mbzt302.ocx
c:\windows\system32\1555ste9l21z9.exe
c:\windows\system32\155725py59z.bin
c:\windows\system32\15658spy17z9.ocx
c:\windows\system32\15805sp9mbot5dz.bin
c:\windows\system32\15azspywar514459.bin
c:\windows\system32\15z99wo5m34.bin
c:\windows\system32\16857zot-5-virus96.bin
c:\windows\system32\16903trojz9b5.exe
c:\windows\system32\16930spa5zot69.ocx
c:\windows\system32\16959troj5fz.cpl
c:\windows\system32\16z20spam5ot938.bin
c:\windows\system32\1736zhack9ool655.cpl
c:\windows\system32\175edownlozder946.exe
c:\windows\system32\1792back5ozr1394.exe
c:\windows\system32\17946hac5to9lzf9.ocx
c:\windows\system32\1794b5ckdoor205z.cpl
c:\windows\system32\17z55py9are867.bin
c:\windows\system32\18559spambz920.exe
c:\windows\system32\185609ot-a-viru5490z.bin
c:\windows\system32\18562s5azb9t1d1.exe
c:\windows\system32\1858v9rus628z.ocx
c:\windows\system32\1863trojz59.ocx
c:\windows\system32\18722n5t-9-virzs3b.ocx
c:\windows\system32\18804zroj595.ocx
c:\windows\system32\18971zorm6d95.bin
c:\windows\system32\190dt5reat29681z.cpl
c:\windows\system32\1920zspy18a5.cpl
c:\windows\system32\19282woz5975.bin
c:\windows\system32\1988znot5a-virus3d8.cpl
c:\windows\system32\19895virzs5b1.cpl
c:\windows\system32\199099roj5cz.bin
c:\windows\system32\19b4zhief5498.dll
c:\windows\system32\1ccsz9wa5e999.bin
c:\windows\system32\1cf9do5nloader43z.exe
c:\windows\system32\1ddczpars952.ocx
c:\windows\system32\1f7cthr5zt266149.dll
c:\windows\system32\1z182wo5m901.bin
c:\windows\system32\1z519not-a-9irusa0.dll
c:\windows\system32\1z557troj5d39.cpl
c:\windows\system32\20509notza5virus939.bin
c:\windows\system32\20695szamb5t557.dll
c:\windows\system32\2073vir906z5.bin
c:\windows\system32\20960vzru535c.ocx
c:\windows\system32\20a5stez93093.cpl
c:\windows\system32\22134nzt-a-v5rus97f.ocx
c:\windows\system32\222bthr5atz7449.cpl
c:\windows\system32\222zdownlo9d5r2099.ocx
c:\windows\system32\223zbac59oor2374.bin
c:\windows\system32\225999orm5z35.ocx
c:\windows\system32\22699viruz5929.bin
c:\windows\system32\22785wor9283z.exe
c:\windows\system32\23187zot9a-virus5d7.cpl
c:\windows\system32\23379nzt-a95irus53.dll
c:\windows\system32\2349th5ez9377.ocx
c:\windows\system32\23b5tzr5at260569.cpl
c:\windows\system32\240659irus67z.dll
c:\windows\system32\24104not-a-9iruz500.ocx
c:\windows\system32\24152not-a-v9r5s45cz.cpl
c:\windows\system32\243bspywarz795.bin
c:\windows\system32\24475s5y53z9.cpl
c:\windows\system32\24556spy959z.ocx
c:\windows\system32\249529rojz98.bin
c:\windows\system32\24968worm6z95.bin
c:\windows\system32\24c5vzr1579.cpl
c:\windows\system32\25133wozm55c9.exe
c:\windows\system32\25145notza-vi9us59.dll
c:\windows\system32\2514bac5zoor17369.exe
c:\windows\system32\251fspazse349.bin
c:\windows\system32\25523troz499.cpl
c:\windows\system32\25594troz4e4.cpl
c:\windows\system32\257z2tr9j665.bin
c:\windows\system32\25859hzck9ool89.bin
c:\windows\system32\25986spambot198z.ocx
c:\windows\system32\259z0not-a5virus13e.cpl
c:\windows\system32\25c6szy9are972.exe
c:\windows\system32\25z32spam5ot6c9.exe
c:\windows\system32\25z96virus9a45.bin
c:\windows\system32\26226hacztool595.ocx
c:\windows\system32\26309spy593z.dll
c:\windows\system32\26697ha5zto9l2be.ocx
c:\windows\system32\2760ba5kdo9r1410z.cpl
c:\windows\system32\2791down5oadez2730.cpl
c:\windows\system32\28054not-a-vir9s67cz.cpl

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Thu Jun 04, 2009 4:32 am

Second part:

c:\windows\system32\285009pambot10z.ocx
c:\windows\system32\28835wor53d9z.bin
c:\windows\system32\2892s5azse18869.exe
c:\windows\system32\28959vzrus139.exe
c:\windows\system32\29012ha9k5oolb2z.ocx
c:\windows\system32\29055szy4b5.dll
c:\windows\system32\29115virus459z.exe
c:\windows\system32\29325py5dz.exe
c:\windows\system32\29400spam5otzae.cpl
c:\windows\system32\2950sp5warz1591.dll
c:\windows\system32\295athzeat4536.exe
c:\windows\system32\295ddownloazer2389.dll
c:\windows\system32\29656noz-a-virus705.dll
c:\windows\system32\297375izus345.exe
c:\windows\system32\297635pyzc4.bin
c:\windows\system32\29845troj78z.cpl
c:\windows\system32\299209ro5631z.ocx
c:\windows\system32\2992vir5s21z.ocx
c:\windows\system32\29931spambot755z.cpl
c:\windows\system32\2b81spyzare19105.dll
c:\windows\system32\2dzvir22975.dll
c:\windows\system32\2e9bdownl9ader15z.exe
c:\windows\system32\2z578tr593c5.cpl
c:\windows\system32\2z785ownlo9der941.exe
c:\windows\system32\2z911spy405.exe
c:\windows\system32\30035zpy2095.cpl
c:\windows\system32\3055st9zl1747.dll
c:\windows\system32\30945roj3zb.cpl
c:\windows\system32\30e4addwarz3195.dll
c:\windows\system32\31510sp9zb6.cpl
c:\windows\system32\31989hac5tozl3d8.cpl
c:\windows\system32\31997not-a5vizus7ea.cpl
c:\windows\system32\32668noz-a-viru92f5.dll
c:\windows\system32\32z489py452.dll
c:\windows\system32\33b5thi9z23.exe
c:\windows\system32\34ec9iz28895.bin
c:\windows\system32\35320not-a-9iruszc.cpl
c:\windows\system32\35dbdzwnloader2099.exe
c:\windows\system32\36z9threat50857.dll
c:\windows\system32\3919adz5are2972.exe
c:\windows\system32\395z1troj5b1.bin
c:\windows\system32\3b8a9z5al996.dll
c:\windows\system32\3c1daddzar515369.dll
c:\windows\system32\3c25dow9z5ader2062.exe
c:\windows\system32\3cebaddware1569z.dll
c:\windows\system32\3czeste5l1590.exe
c:\windows\system32\3d59spzrse586.cpl
c:\windows\system32\3e05adzwar92357.ocx
c:\windows\system32\3e80ba95dozr2497.dll
c:\windows\system32\3e90sz9r5e1810.dll
c:\windows\system32\3ef0zddw5re19529.bin
c:\windows\system32\3z99vir495.bin
c:\windows\system32\40979a5ktool37z.exe
c:\windows\system32\41a0add5are945z.cpl
c:\windows\system32\4259w59m73z.ocx
c:\windows\system32\425c9hze51778.dll
c:\windows\system32\4299wor52cz.bin
c:\windows\system32\43b15pyw9rz745.ocx
c:\windows\system32\445cadd9zre885.cpl
c:\windows\system32\4489virz9578.dll
c:\windows\system32\4496v59usz29.bin
c:\windows\system32\4537viru941z.dll
c:\windows\system32\4570thi9f59z.exe
c:\windows\system32\45acvirz953.ocx
c:\windows\system32\45f6z9reat5313.bin
c:\windows\system32\4635zp9ware17.cpl
c:\windows\system32\4729spyware57z6.cpl
c:\windows\system32\4795bazkdoor91.exe
c:\windows\system32\493ztro9516.ocx
c:\windows\system32\4969spyzare5778.bin
c:\windows\system32\4be79zdware9625.bin
c:\windows\system32\4e5fbackdoz92657.bin
c:\windows\system32\4eb5stea925z1.bin
c:\windows\system32\4ez0vir5999.cpl
c:\windows\system32\4z29threat57013.bin
c:\windows\system32\4z63bac9d5or2918.cpl
c:\windows\system32\501st9zl159.ocx
c:\windows\system32\502etzief395.cpl
c:\windows\system32\504sparsz977.cpl
c:\windows\system32\5072wo5m29z.bin
c:\windows\system32\5081backdo9z26.cpl
c:\windows\system32\50b5bzc5do9r735.cpl
c:\windows\system32\518zdo9nloader22635.exe
c:\windows\system32\5190spambzt2f7.cpl
c:\windows\system32\5209backzoo92140.exe
c:\windows\system32\5229ba59door253z.dll
c:\windows\system32\52499troj11z.bin
c:\windows\system32\52e3st9al2725z.dll
c:\windows\system32\52eaaddwarz5549.bin
c:\windows\system32\52z4t9ief1559.cpl
c:\windows\system32\5358az9ware700.dll
c:\windows\system32\53b5addware9z8.cpl
c:\windows\system32\542z9worm730.exe
c:\windows\system32\5459viz2370.cpl
c:\windows\system32\546thie9z875.dll
c:\windows\system32\55399spyz75.dll
c:\windows\system32\5546downzoa9er401.bin
c:\windows\system32\5549steal2z61.ocx
c:\windows\system32\5599thief2426z.cpl
c:\windows\system32\55aaddwarz971.bin
c:\windows\system32\5657s9ywarz422.bin
c:\windows\system32\5665zor96a95.bin
c:\windows\system32\56790wo9m2bz.dll
c:\windows\system32\56acth9ea5z7008.cpl
c:\windows\system32\57095tzoj2b.ocx
c:\windows\system32\572edowz9oader72.dll
c:\windows\system32\575pambotz69.cpl
c:\windows\system32\57zvir9218.bin
c:\windows\system32\5826sparsez975.bin
c:\windows\system32\58957tr9jzee.ocx
c:\windows\system32\58advi9z087.dll
c:\windows\system32\58czsp95se234.dll
c:\windows\system32\58z659eal1304.ocx
c:\windows\system32\590steal168z5.dll
c:\windows\system32\5929virz56e9.cpl
c:\windows\system32\5953trzj5b7.exe
c:\windows\system32\5989addwaze3009.exe
c:\windows\system32\599cspywarez066.exe
c:\windows\system32\59c4vir15z5.cpl
c:\windows\system32\59e2spzware28979.dll
c:\windows\system32\5a1ez9ckd5or2385.bin
c:\windows\system32\5accdow9loader276z.exe
c:\windows\system32\5adaddwz9e3505.exe
c:\windows\system32\5b5et9z5f3259.bin
c:\windows\system32\5c05spzware28279.ocx
c:\windows\system32\5c3aspyware259z.exe
c:\windows\system32\5c9zthreat23529.bin
c:\windows\system32\5cf45p9rsez013.cpl
c:\windows\system32\5d1d9pa5sz134.dll
c:\windows\system32\5d59thief1354z.cpl
c:\windows\system32\5dzasteal9933.bin
c:\windows\system32\5e6zsteal1759.dll
c:\windows\system32\5e90spywarez45.cpl
c:\windows\system32\5f965hie9482z.exe
c:\windows\system32\5f9cvi944z.cpl
c:\windows\system32\5faaszeal25095.bin
c:\windows\system32\5fc19ac5dozr799.ocx
c:\windows\system32\5fczspar9e1362.ocx
c:\windows\system32\5z3fback5oor19939.ocx
c:\windows\system32\5z459spambot4b1.cpl
c:\windows\system32\6093sp5z979.bin
c:\windows\system32\60zevir695.dll
c:\windows\system32\6153worm4za9.dll
c:\windows\system32\61c9b9ck5oor1094z.ocx
c:\windows\system32\6215tz9eat3345.bin
c:\windows\system32\6258vir27z19.exe
c:\windows\system32\6465hackzool99d.bin
c:\windows\system32\652dthie93z145.cpl
c:\windows\system32\6531nzt-a-9irus755.dll
c:\windows\system32\6535sp9zse1771.bin
c:\windows\system32\6538w9rm4z7.cpl
c:\windows\system32\65z9threat2570.exe
c:\windows\system32\6617ba59dooz2956.cpl
c:\windows\system32\67czvir9675.ocx
c:\windows\system32\6843vir5695z.dll
c:\windows\system32\6853sza95ot7ba.ocx
c:\windows\system32\689d5ackd9oz2994.ocx
c:\windows\system32\68e9th5ez28759.dll
c:\windows\system32\6909spa5bot20z.exe
c:\windows\system32\694fz5yware3179.dll
c:\windows\system32\6965t5ief891z.bin
c:\windows\system32\69z15te9l1551.bin
c:\windows\system32\6a55stezl7699.dll
c:\windows\system32\6a97addwa5e1z089.exe
c:\windows\system32\6b9faddwar5z636.cpl
c:\windows\system32\6c99zi5898.dll
c:\windows\system32\6ceaddwar92z59.ocx
c:\windows\system32\6cz9thief5635.cpl
c:\windows\system32\6de5sparz9159.bin
c:\windows\system32\6dz7backd95r3151.exe
c:\windows\system32\6f8zback5oor9023.cpl
c:\windows\system32\6f98viz759.cpl
c:\windows\system32\6z7d9ir1245.exe
c:\windows\system32\7092worz562.dll
c:\windows\system32\714fbackdzo51889.exe
c:\windows\system32\71efs9ywar51z68.dll
c:\windows\system32\7241st9al59z7.dll
c:\windows\system32\731zs9ywar5791.ocx
c:\windows\system32\737bs59rse1z96.cpl
c:\windows\system32\74005parsz9333.ocx
c:\windows\system32\74z1t5reat31990.exe
c:\windows\system32\75535zreat9069.bin
c:\windows\system32\7591sp5zare9110.bin
c:\windows\system32\7599sp59bot9z.ocx
c:\windows\system32\77205ow9loazer682.bin
c:\windows\system32\7966vir26z05.exe
c:\windows\system32\79e5sza5se676.bin
c:\windows\system32\79z5down9oader3122.dll
c:\windows\system32\7a29d5wn9oaderz835.bin
c:\windows\system32\7af5spyw9rz317.cpl
c:\windows\system32\7bzbv9r1959.ocx
c:\windows\system32\7c2bv9r2785z.ocx
c:\windows\system32\7d25th9ef2714z.cpl
c:\windows\system32\7d54downlzader25519.bin
c:\windows\system32\7d995hiefz052.bin
c:\windows\system32\7da0ad9wzre2125.bin
c:\windows\system32\7e25spar9e1z96.bin
c:\windows\system32\7e3fbackd9or2705z.bin
c:\windows\system32\7f6bsp5rz92488.cpl
c:\windows\system32\7fc7spar9e8z5.bin
c:\windows\system32\80065pa9zot1d6.exe
c:\windows\system32\8227vir5968z.exe
c:\windows\system32\863s5a9botz37.ocx
c:\windows\system32\8659hackto9544cz.dll
c:\windows\system32\8697spambz9535.cpl
c:\windows\system32\87795izus95.exe
c:\windows\system32\893tzief19935.ocx
c:\windows\system32\8983troj9z5.ocx
c:\windows\system32\89975ot-a-zirus224.exe
c:\windows\system32\8des5arsez7229.bin
c:\windows\system32\90263vizusb5.bin
c:\windows\system32\904315ozm7fb.dll
c:\windows\system32\9181z5orm484.exe
c:\windows\system32\918threaz99355.bin
c:\windows\system32\91z459rm716.ocx
c:\windows\system32\92113hacktool6bz5.ocx
c:\windows\system32\92155ot9a-zirus250.ocx
c:\windows\system32\9305viru9z8.dll
c:\windows\system32\932455roj2z0.exe
c:\windows\system32\9329spamboz358.ocx
c:\windows\system32\940z6virus756.cpl
c:\windows\system32\946znot5a-virus2e8.exe
c:\windows\system32\952a5irz047.cpl
c:\windows\system32\9587hack5ozl69c9.bin
c:\windows\system32\95b1vz5404.bin
c:\windows\system32\95d9tzief518.ocx
c:\windows\system32\95z3spy651.dll
c:\windows\system32\96f2bac5dzor3106.bin
c:\windows\system32\97195roz259.exe
c:\windows\system32\9835no9-a-virus3zc.ocx
c:\windows\system32\9863tr5j7zf.cpl
c:\windows\system32\98642spyz765.cpl
c:\windows\system32\9958vir5740z.cpl
c:\windows\system32\99z99worm155.cpl
c:\windows\system32\9aaaddz9re5788.ocx
c:\windows\system32\9af9sp5rse2551z.exe
c:\windows\system32\9d2eb5zkdoor2727.exe
c:\windows\system32\9e58vir3242z.dll
c:\windows\system32\9f3fspywzre1357.bin
c:\windows\system32\9fbaspa5se14z1.bin
c:\windows\system32\a5tzreat13998.dll
c:\windows\system32\a60thr9at54726z.cpl
c:\windows\system32\ab8b5czdoor905.exe
c:\windows\system32\b97spy9are2566z.dll
c:\windows\system32\c579teaz792.dll
c:\windows\system32\c92dzwnloa5er2434.cpl
c:\windows\system32\dd3addw59e231z.exe
c:\windows\system32\ee79ownloazer25305.ocx
c:\windows\system32\f15p9rsez134.exe
c:\windows\system32\f53zackdo9r23955.ocx
c:\windows\system32\z04ed5wnloader9755.cpl
c:\windows\system32\z09235roj79a.exe
c:\windows\system32\z1122spam5ot9b5.bin
c:\windows\system32\z13athief985.exe
c:\windows\system32\z1e8vir28599.exe
c:\windows\system32\z2325ha9ktool6c55.bin
c:\windows\system32\z310back5oor1059.dll
c:\windows\system32\z3965hackto9l528.exe
c:\windows\system32\z401tr95635.ocx
c:\windows\system32\z495addware1496.ocx
c:\windows\system32\z515ad95are636.dll
c:\windows\system32\z5319w95m3e4.bin
c:\windows\system32\z5799spambo559e.exe
c:\windows\system32\z5915viru5409.cpl
c:\windows\system32\z59275pa9bot2b0.ocx
c:\windows\system32\z5a5thie92288.bin
c:\windows\system32\z5b9s9eal1346.bin
c:\windows\system32\z61down5oade93119.dll
c:\windows\system32\z6389worm9c5.dll
c:\windows\system32\z7039sp94195.dll
c:\windows\system32\z75avir9991.dll
c:\windows\system32\z792threat29795.ocx
c:\windows\system32\z8092wo5m961.cpl
c:\windows\system32\z8d9add9are505.exe
c:\windows\system32\z9042s5y219.cpl
c:\windows\system32\z9059spy991.ocx
c:\windows\system32\z9595spy601.exe
c:\windows\system32\z961spywa5e710.exe
c:\windows\system32\z96caddware1549.exe
c:\windows\system32\z99485o9m415.bin
c:\windows\system32\z9974vir5s255.ocx
c:\windows\system32\z9d9vir28445.bin
c:\windows\system32\z9dcth5ef81.dll
c:\windows\system32\zd309teal1655.ocx
c:\windows\system32\zf52vir979.exe
c:\windows\z007hackt9o57d5.dll
c:\windows\z14675p9695.cpl
c:\windows\z253wor9d1.ocx
c:\windows\z489addw5re3071.dll
c:\windows\z499sparse555.cpl
c:\windows\z4f5spyware5893.dll
c:\windows\z559vir259.exe
c:\windows\z590spy5a9.bin
c:\windows\z5945spambo9266.dll
c:\windows\z6100tro9655.exe
c:\windows\z70e9pyware5481.cpl
c:\windows\z7589worm1fe9.dll
c:\windows\z7a2addware596.bin
c:\windows\z8729te5l3173.dll
c:\windows\z89599py420.dll
c:\windows\z916sparse1975.exe
c:\windows\z939threat51492.ocx
c:\windows\z9495spyb7.ocx
c:\windows\z9516worm7c59.cpl
c:\windows\z9a8sparse615.cpl
c:\windows\z9fdv5r939.cpl
c:\windows\zab5ir911.dll
c:\windows\zd57vir923.ocx

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

3rd part

Post by picman2 on Thu Jun 04, 2009 4:34 am

3rd part:

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-09-18 08:50 . 2009-09-18 08:50 13779 ----a-w- c:\windows\29050hacktozl3.bin
2009-06-04 03:33 . 2009-06-04 03:39 -------- d-----w- c:\program files\SpyZooka
2009-06-04 01:45 . 2009-06-04 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-04 01:45 . 2009-06-04 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-04 01:45 . 2009-06-04 01:45 -------- d-----w- c:\program files\Common Files\iS3
2009-06-04 01:43 . 2009-06-04 01:43 -------- d-s---w- C:\123
2009-06-04 01:26 . 2009-06-04 03:47 117760 ----a-w- c:\documents and settings\Boom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\documents and settings\Boom\Application Data\SUPERAntiSpyware.com
2009-06-04 01:24 . 2009-06-04 01:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 01:16 . 2009-06-04 01:16 -------- d-----w- c:\program files\Windows Defender
2009-06-03 22:30 . 2009-06-03 22:30 -------- d-----w- c:\documents and settings\Boom\Local Settings\Application Data\G DATA
2009-06-03 22:28 . 2009-06-03 22:28 -------- d-----w- c:\documents and settings\Boom\Application Data\Malwarebytes
2009-06-03 21:48 . 2009-06-03 22:28 -------- d-----w- c:\program files\john.exe
2009-06-03 21:47 . 2009-05-26 03:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 21:47 . 2009-05-26 03:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 09:24 . 2009-06-03 09:39 -------- d-----w- c:\windows\BDOSCAN8
2009-06-03 09:19 . 2009-06-03 09:19 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2009-06-03 09:18 . 2009-06-03 09:18 -------- d-----w- c:\program files\AhnLab
2009-06-03 06:00 . 2009-06-03 06:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-03 04:00 . 2009-06-03 04:00 -------- d-----w- c:\program files\Common Files\Download Manager
2009-06-03 01:40 . 2009-06-03 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 02:20 . 2009-06-02 02:20 -------- d-----w- c:\program files\Clickster
2009-06-01 05:48 . 2009-06-01 05:48 -------- d-----w- c:\documents and settings\Boom\Application Data\CursorArts
2009-06-01 04:21 . 2009-06-01 04:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-01 04:21 . 2009-06-01 04:21 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-01 04:11 . 2009-06-01 04:12 -------- d-----w- c:\program files\XP Codec Pack
2009-06-01 03:56 . 2009-06-01 03:56 -------- d-----w- c:\documents and settings\Boom\Application Data\AVS4YOU
2009-06-01 03:56 . 2009-06-01 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-01 03:55 . 2009-06-01 03:58 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-01 03:55 . 2009-01-28 10:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-01 03:55 . 2009-01-28 10:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-01 03:55 . 2009-01-28 10:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-01 03:55 . 2009-06-01 03:58 -------- d-----w- c:\program files\AVS4YOU
2009-06-01 03:55 . 2009-01-28 10:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-01 03:55 . 2009-01-28 10:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-29 04:20 . 2009-06-02 22:59 -------- d-----w- c:\program files\Mp3 Song Plays Increaser
2009-05-28 23:00 . 2009-05-28 23:16 -------- d-----w- c:\program files\Tubeinator
2009-05-27 23:47 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-27 21:50 . 2009-05-27 21:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-27 21:49 . 2009-05-27 21:50 -------- d-----w- C:\84a630f2683b22d4ee9f14b236
2009-05-27 21:49 . 2009-05-27 21:50 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-27 21:49 . 2009-05-27 21:49 -------- d-----w- c:\windows\system32\LogFiles
2009-05-27 21:49 . 2009-05-27 21:49 -------- d-----w- C:\6c4120f9d1cb8bec26bca65dfa
2009-05-26 23:33 . 2009-05-26 23:33 -------- d-----w- c:\documents and settings\Boom\Local Settings\Application Data\VASoftOnline
2009-05-21 03:53 . 2009-06-04 03:45 -------- d-----w- c:\program files\SpeedOptimizer
2009-05-21 02:39 . 2009-05-21 02:39 -------- d-----w- c:\program files\Lame for Audacity
2009-05-20 03:06 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-20 03:06 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-05-20 01:05 . 2009-05-20 01:05 -------- d-sh--w- c:\documents and settings\Boom\IECompatCache
2009-05-20 00:49 . 2009-05-20 00:49 -------- d-sh--w- c:\documents and settings\Boom\PrivacIE
2009-05-20 00:48 . 2009-05-20 00:48 -------- d-sh--w- c:\documents and settings\Boom\IETldCache
2009-05-20 00:45 . 2009-05-20 03:48 -------- d-----w- c:\windows\ie8updates
2009-05-20 00:42 . 2009-05-20 00:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-20 00:40 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-14 22:01 . 2009-05-14 22:01 -------- d-----w- c:\documents and settings\Boom\Application Data\ArcSoft
2009-05-14 03:19 . 2009-05-14 05:03 -------- d-----w- c:\program files\Common Files\DAZ
2009-05-11 06:30 . 2009-05-11 06:30 -------- d-----w- c:\program files\Cosmi
2009-05-11 06:30 . 2009-05-11 06:30 -------- d-----w- c:\program files\Common Files\Cosmi
2009-05-11 06:30 . 2009-05-11 06:30 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-05-11 06:30 . 1997-07-10 00:36 299008 ----a-w- c:\windows\system32\SKY32V3C.DLL
2009-05-11 06:30 . 1996-05-07 09:59 47104 ----a-w- c:\windows\system32\D2HTLS32.DLL
2009-05-11 06:30 . 1996-02-28 05:47 28976 ----a-w- c:\windows\system32\D2HTOOLS.DLL
2009-05-10 22:10 . 2009-05-10 22:10 -------- d-----w- c:\documents and settings\Boom\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Thu Jun 04, 2009 4:36 am

4th part:

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 03:47 . 2009-04-08 06:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-03 22:28 . 2009-04-08 06:32 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-06-03 04:45 . 2009-04-17 06:21 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-05-28 22:51 . 2009-04-22 22:59 -------- d-----w- c:\program files\Atomic3
2009-05-24 22:48 . 2009-04-09 10:39 -------- d-----w- c:\program files\e frontier
2009-05-22 22:23 . 2009-04-18 23:53 -------- d-----w- c:\program files\Google
2009-05-21 04:51 . 2009-04-06 05:30 2036544 ----a-w- c:\documents and settings\Boom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 02:49 . 2009-04-25 04:35 -------- d-----w- c:\program files\Audacity
2009-05-21 00:19 . 2009-04-09 11:09 -------- d-----w- c:\documents and settings\Boom\Application Data\Poser 7
2009-05-19 21:52 . 2009-04-10 02:20 -------- d-----w- c:\program files\Curious Labs
2009-05-10 22:11 . 2009-04-15 04:15 -------- d-----w- c:\program files\Java
2009-05-10 03:39 . 2009-04-08 11:54 -------- d-----w- c:\program files\JetAudio
2009-05-03 01:18 . 2009-04-06 05:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-03 01:18 . 2009-04-06 05:38 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-03 01:18 . 2009-04-06 05:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-03 01:18 . 2009-04-06 05:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 00:43 . 2009-04-11 00:00 -------- d-----w- c:\documents and settings\Boom\Application Data\uTorrent
2009-04-25 00:23 . 2009-04-25 00:23 -------- d-----w- c:\program files\febooti fileTweak Hex Editor
2009-04-22 23:39 . 2009-04-22 22:59 -------- d-----w- c:\program files\Post News
2009-04-22 23:30 . 2009-04-22 22:59 -------- d-----w- c:\program files\On Target 2000
2009-04-22 22:59 . 2009-04-22 22:59 -------- d-----w- c:\program files\ds2000
2009-04-22 05:16 . 2009-04-22 05:12 -------- d-----w- c:\program files\RSS Publisher
2009-04-21 23:27 . 2009-04-21 23:27 -------- d-----w- c:\program files\B!Soft
2009-04-21 23:26 . 2009-04-21 23:23 -------- d-----w- c:\program files\SafeSoft
2009-04-21 23:09 . 2009-04-21 23:03 -------- d-----w- c:\program files\Article Distributor
2009-04-21 23:03 . 2009-04-21 23:03 894 ----a-r- c:\documents and settings\Boom\Application Data\Microsoft\Installer\{B5A88A26-158B-46CF-8FD6-EE812B88B742}\_674d53c5.exe
2009-04-21 07:05 . 2009-04-21 06:58 -------- d-----w- c:\program files\Allscoop RSS Submit Pro
2009-04-21 06:58 . 2009-04-21 06:58 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2009-04-21 06:44 . 2009-04-21 06:44 -------- d-----w- c:\program files\FeedSpring
2009-04-19 04:26 . 2009-04-08 05:49 -------- d-----w- c:\program files\File Scavenger 3.2
2009-04-17 23:02 . 2009-04-17 23:02 -------- d-----w- c:\documents and settings\Boom\Application Data\Sincell
2009-04-17 23:02 . 2009-04-17 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sincell
2009-04-17 23:02 . 2009-04-17 23:02 -------- d-----w- c:\program files\Sincell
2009-04-17 06:21 . 2009-04-06 02:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-17 06:09 . 2009-04-17 06:09 -------- d-----w- c:\program files\GetData
2009-04-17 04:50 . 2009-04-17 04:50 -------- d-----w- c:\program files\Western Digital
2009-04-17 04:45 . 2009-04-17 04:45 -------- d-----w- c:\program files\R-Linux
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\program files\ParetoLogic
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-04-17 04:39 . 2009-04-07 19:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-17 04:39 . 2009-04-17 04:39 152576 ----a-w- c:\documents and settings\Boom\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 02:23 . 2009-04-17 02:23 -------- d-----w- c:\documents and settings\Boom\Application Data\FastStone
2009-04-16 18:34 . 2009-04-08 11:05 -------- d-----w- c:\documents and settings\Boom\Application Data\Skype
2009-04-15 04:15 . 2009-04-07 06:47 -------- d-----w- c:\program files\Yahoo SiteBuilder
2009-04-15 04:13 . 2009-04-15 04:13 -------- d-----w- c:\program files\Common Files\Java
2009-04-15 03:34 . 2009-04-09 04:39 -------- d-----w- c:\documents and settings\Boom\Application Data\skypePM
2009-04-15 02:54 . 2009-04-15 02:51 -------- d-----w- c:\program files\PhotoParade
2009-04-15 02:48 . 2009-04-15 02:23 -------- d-----w- c:\program files\YoutubeFriendAdderPro
2009-04-14 05:04 . 2009-04-14 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-14 05:03 . 2009-04-14 05:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-14 05:03 . 2009-04-14 05:03 -------- d-----w- c:\program files\Uniblue
2009-04-14 05:03 . 2009-04-14 05:03 -------- d-----w- c:\documents and settings\Boom\Application Data\Uniblue
2009-04-13 03:00 . 2009-04-13 03:00 -------- d-----w- c:\program files\Turbo Tube
2009-04-11 23:42 . 2009-04-11 23:42 -------- d-----w- c:\program files\MSXML 4.0
2009-04-11 11:24 . 2009-04-09 09:34 -------- d-----w- c:\program files\TrafficSeeker
2009-04-11 03:40 . 2009-04-11 03:40 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-04-11 03:40 . 2009-04-11 03:40 -------- d-----w- c:\documents and settings\Boom\Application Data\TweakNow RegCleaner
2009-04-11 03:29 . 2009-04-11 03:29 -------- d-----w- c:\program files\CheckDrive
2009-04-11 02:35 . 2009-04-11 02:35 -------- d-----w- c:\program files\Convar
2009-04-11 02:27 . 2009-04-11 02:27 -------- d-----w- c:\program files\LSoft Technologies
2009-04-10 03:23 . 2009-04-07 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-10 01:22 . 2009-04-10 01:22 -------- d-----w- c:\documents and settings\Boom\Application Data\GlarySoft
2009-04-10 00:57 . 2009-04-10 00:57 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-04-09 12:12 . 2009-04-09 12:12 -------- d-----w- c:\program files\activePDF
2009-04-09 12:00 . 2009-04-09 12:00 -------- d-----w- c:\program files\PrivacyEraser Computing
2009-04-09 09:42 . 2009-04-09 09:42 -------- d-----w- c:\program files\KODAK DVC323
2009-04-09 09:40 . 2009-04-09 09:40 -------- d-----w- c:\program files\DORO
2009-04-09 09:40 . 2009-04-09 09:40 -------- d-----w- c:\program files\AdWizard
2009-04-09 09:39 . 2009-04-09 09:39 -------- d-----w- c:\program files\ActivIcons
2009-04-09 09:39 . 2009-04-09 09:39 -------- d-----w- c:\program files\ABC Amber Audio Converter
2009-04-09 09:38 . 2009-04-09 09:38 -------- d-----w- c:\program files\BlazeFtp
2009-04-09 09:37 . 2009-04-09 09:37 -------- d-----w- c:\program files\Error Nuker 2004
2009-04-09 09:36 . 2009-04-09 09:36 -------- d-----w- c:\program files\Global Promote
2009-04-09 09:29 . 2009-04-09 09:29 -------- d-----w- c:\program files\Illustrate
2009-04-09 09:22 . 2009-04-09 07:23 -------- d-----w- c:\program files\PhotoDeluxe HE 3.0
2009-04-09 07:23 . 2009-04-09 07:23 -------- d-----w- c:\program files\ImageServer
2009-04-09 06:49 . 2009-04-09 06:49 -------- d-----w- c:\program files\Daniusoft
2009-04-09 06:40 . 2009-04-08 10:44 -------- d-----w- c:\program files\Swift Elite 1.0
2009-04-09 05:01 . 2009-04-09 05:01 -------- d-----w- c:\program files\PF Color Tool
2009-04-09 04:59 . 2009-04-09 04:59 -------- d-----w- c:\program files\Beneton Movie GIF
2009-04-09 04:51 . 2009-04-09 04:51 -------- d-----w- c:\program files\JAlbum 6.5
2009-04-09 04:51 . 2009-04-09 04:50 -------- d-----w- c:\program files\DeadDiskDoctor
2009-04-09 04:45 . 2009-04-09 04:45 -------- d-----w- c:\program files\ImageForge3
2009-04-09 04:44 . 2009-04-07 07:02 -------- d-----w- c:\program files\TRELLIAN
2009-04-09 04:41 . 2009-04-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-04-09 04:40 . 2009-04-09 04:40 -------- d-----w- c:\program files\Siber Systems
2009-04-09 04:39 . 2009-04-09 04:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w- c:\program files\Common Files\Skype
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-09 04:39 . 2009-04-07 07:00 -------- d-----r- c:\program files\Skype
2009-04-09 04:13 . 2009-04-09 04:13 -------- d-----w- c:\documents and settings\Boom\Application Data\XnView
2009-04-09 04:00 . 2009-04-09 04:00 -------- d-----w- c:\program files\Wildcat
2009-04-09 03:56 . 2009-04-09 03:56 -------- d-----w- c:\program files\Microsoft GIF Animator
2009-04-09 03:50 . 2009-04-09 03:50 -------- d-----w- c:\program files\Banner Maker Pro V3
2009-04-09 03:01 . 2009-04-08 06:23 -------- d-----w- c:\documents and settings\Boom\Application Data\Ulead Systems
2009-04-09 02:48 . 2009-04-09 02:48 -------- d-----w- c:\documents and settings\Boom\Application Data\COWON
2009-04-09 01:56 . 2009-04-09 01:56 -------- d-----w- c:\program files\BlogBlast
2009-04-08 22:18 . 2009-04-08 22:18 -------- d-----w- c:\program files\Essentials Codec Pack
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-04-08 2811392]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-03-31 221184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-05-22 160592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Thu Jun 04, 2009 4:36 am

5th part:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-12-04 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-04-07 26112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"SpeedOptimizer"="c:\progra~1\SPEEDO~1\SPO.EXE" [2003-12-31 611328]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-8 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-8 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
Monitor.lnk - c:\program files\PhotoStudio Expressions\PMMonitor.exe [2009-4-8 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 01:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\JAlbum 6.5\\JAlbumWin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22/07/2008 6:01 PM 151592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/04/2009 3:38 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/04/2009 3:38 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/04/2009 3:38 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/04/2009 3:38 PM 298776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [6/04/2009 12:15 PM 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]
S0 aec6710D;aec6710D;c:\windows\system32\drivers\Aec6710d.sys [8/04/2009 7:03 AM 9120]
S1 EPPSCSIx;EPPSCSIx;c:\windows\system32\drivers\EPPSCSI.SYS [14/04/2009 2:54 PM 49628]
S2 gupdate1c9c09612b57da2;Google Update Service (gupdate1c9c09612b57da2);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2009 12:25 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 02:25]

2009-06-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

2009-06-03 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 02:25]

2009-04-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 02:25]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: {E64D4E58-8DB2-4FBE-AD80-4525359B8DF6} = 127.0.0.1,10.0.0.138
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-04 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-04 14:18
ComboFix-quarantined-files.txt 2009-06-04 04:17

Pre-Run: 856,465,829,888 bytes free
Post-Run: 856,466,223,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

1011 --- E O F --- 2009-05-28 22:10

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by Belahzur on Thu Jun 04, 2009 10:48 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\29050hacktozl3.bin
c:\program files\john.exe

Folder::
c:\program files\SpyZooka

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

New Combo scan in parts

Post by picman2 on Thu Jun 04, 2009 11:42 am

I've already removed the WinBlueSoft warning screen:

ComboFix 09-06-03.04 - Boom 04/06/2009 21:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2718 [GMT 10:00]
Running from: c:\documents and settings\Boom\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Boom\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\john.exe"
"c:\windows\29050hacktozl3.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SpyZooka
c:\windows\29050hacktozl3.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 08:23 . 2009-06-04 08:23 1152 ----a-w- c:\windows\system32\windrv.sys
2009-06-04 08:21 . 2009-06-04 08:22 -------- d-----w- c:\documents and settings\Boom\Application Data\GetRightToGo
2009-06-04 01:45 . 2009-06-04 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-04 01:45 . 2009-06-04 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-04 01:45 . 2009-06-04 01:45 -------- d-----w- c:\program files\Common Files\iS3
2009-06-04 01:43 . 2009-06-04 01:43 -------- d-s---w- C:\123
2009-06-04 01:26 . 2009-06-04 11:19 117760 ----a-w- c:\documents and settings\Boom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-04 01:25 . 2009-06-04 01:25 -------- d-----w- c:\documents and settings\Boom\Application Data\SUPERAntiSpyware.com
2009-06-04 01:24 . 2009-06-04 01:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 01:16 . 2009-06-04 01:16 -------- d-----w- c:\program files\Windows Defender
2009-06-03 22:30 . 2009-06-03 22:30 -------- d-----w- c:\documents and settings\Boom\Local Settings\Application Data\G DATA
2009-06-03 22:28 . 2009-06-03 22:28 -------- d-----w- c:\documents and settings\Boom\Application Data\Malwarebytes
2009-06-03 21:48 . 2009-06-03 22:28 -------- d-----w- c:\program files\john.exe
2009-06-03 21:47 . 2009-05-26 03:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 21:47 . 2009-05-26 03:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 09:24 . 2009-06-03 09:39 -------- d-----w- c:\windows\BDOSCAN8
2009-06-03 09:19 . 2009-06-03 09:19 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2009-06-03 09:18 . 2009-06-03 09:18 -------- d-----w- c:\program files\AhnLab
2009-06-03 06:00 . 2009-06-03 06:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-03 04:00 . 2009-06-03 04:00 -------- d-----w- c:\program files\Common Files\Download Manager
2009-06-03 01:40 . 2009-06-03 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 02:20 . 2009-06-02 02:20 -------- d-----w- c:\program files\Clickster
2009-06-01 05:48 . 2009-06-01 05:48 -------- d-----w- c:\documents and settings\Boom\Application Data\CursorArts
2009-06-01 04:21 . 2009-06-01 04:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-01 04:21 . 2009-06-01 04:21 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-01 04:11 . 2009-06-01 04:12 -------- d-----w- c:\program files\XP Codec Pack
2009-06-01 03:56 . 2009-06-01 03:56 -------- d-----w- c:\documents and settings\Boom\Application Data\AVS4YOU
2009-06-01 03:56 . 2009-06-01 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-01 03:55 . 2009-06-01 03:58 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-01 03:55 . 2009-01-28 10:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-01 03:55 . 2009-01-28 10:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-01 03:55 . 2009-01-28 10:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-01 03:55 . 2009-06-01 03:58 -------- d-----w- c:\program files\AVS4YOU
2009-06-01 03:55 . 2009-01-28 10:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-01 03:55 . 2009-01-28 10:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-29 04:20 . 2009-06-02 22:59 -------- d-----w- c:\program files\Mp3 Song Plays Increaser
2009-05-28 23:00 . 2009-05-28 23:16 -------- d-----w- c:\program files\Tubeinator
2009-05-27 23:47 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-27 21:50 . 2009-05-27 21:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-27 21:49 . 2009-05-27 21:50 -------- d-----w- C:\84a630f2683b22d4ee9f14b236
2009-05-27 21:49 . 2009-05-27 21:50 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-27 21:49 . 2009-05-27 21:49 -------- d-----w- c:\windows\system32\LogFiles
2009-05-27 21:49 . 2009-05-27 21:49 -------- d-----w- C:\6c4120f9d1cb8bec26bca65dfa
2009-05-26 23:33 . 2009-05-26 23:33 -------- d-----w- c:\documents and settings\Boom\Local Settings\Application Data\VASoftOnline
2009-05-21 03:53 . 2009-06-04 11:16 -------- d-----w- c:\program files\SpeedOptimizer
2009-05-21 02:39 . 2009-05-21 02:39 -------- d-----w- c:\program files\Lame for Audacity
2009-05-20 03:06 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-20 03:06 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-05-20 01:05 . 2009-05-20 01:05 -------- d-sh--w- c:\documents and settings\Boom\IECompatCache
2009-05-20 00:49 . 2009-05-20 00:49 -------- d-sh--w- c:\documents and settings\Boom\PrivacIE
2009-05-20 00:48 . 2009-05-20 00:48 -------- d-sh--w- c:\documents and settings\Boom\IETldCache
2009-05-20 00:45 . 2009-05-20 03:48 -------- d-----w- c:\windows\ie8updates
2009-05-20 00:42 . 2009-05-20 00:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-20 00:40 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-14 22:01 . 2009-05-14 22:01 -------- d-----w- c:\documents and settings\Boom\Application Data\ArcSoft
2009-05-14 03:19 . 2009-05-14 05:03 -------- d-----w- c:\program files\Common Files\DAZ
2009-05-11 06:30 . 2009-05-11 06:30 -------- d-----w- c:\program files\Cosmi
2009-05-11 06:30 . 2009-05-11 06:30 -------- d-----w- c:\program files\Common Files\Cosmi
2009-05-11 06:30 . 2009-05-11 06:30 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-05-11 06:30 . 1997-07-10 00:36 299008 ----a-w- c:\windows\system32\SKY32V3C.DLL
2009-05-11 06:30 . 1996-05-07 09:59 47104 ----a-w- c:\windows\system32\D2HTLS32.DLL
2009-05-11 06:30 . 1996-02-28 05:47 28976 ----a-w- c:\windows\system32\D2HTOOLS.DLL
2009-05-10 22:10 . 2009-05-10 22:10 -------- d-----w- c:\documents and settings\Boom\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Thu Jun 04, 2009 11:43 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 11:19 . 2009-04-08 06:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-03 22:28 . 2009-04-08 06:32 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-06-03 04:45 . 2009-04-17 06:21 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-05-28 22:51 . 2009-04-22 22:59 -------- d-----w- c:\program files\Atomic3
2009-05-24 22:48 . 2009-04-09 10:39 -------- d-----w- c:\program files\e frontier
2009-05-22 22:23 . 2009-04-18 23:53 -------- d-----w- c:\program files\Google
2009-05-21 04:51 . 2009-04-06 05:30 2036544 ----a-w- c:\documents and settings\Boom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 02:49 . 2009-04-25 04:35 -------- d-----w- c:\program files\Audacity
2009-05-21 00:19 . 2009-04-09 11:09 -------- d-----w- c:\documents and settings\Boom\Application Data\Poser 7
2009-05-19 21:52 . 2009-04-10 02:20 -------- d-----w- c:\program files\Curious Labs
2009-05-10 22:11 . 2009-04-15 04:15 -------- d-----w- c:\program files\Java
2009-05-10 03:39 . 2009-04-08 11:54 -------- d-----w- c:\program files\JetAudio
2009-05-03 01:18 . 2009-04-06 05:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-03 01:18 . 2009-04-06 05:38 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-03 01:18 . 2009-04-06 05:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-03 01:18 . 2009-04-06 05:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 00:43 . 2009-04-11 00:00 -------- d-----w- c:\documents and settings\Boom\Application Data\uTorrent
2009-04-25 00:23 . 2009-04-25 00:23 -------- d-----w- c:\program files\febooti fileTweak Hex Editor
2009-04-22 23:39 . 2009-04-22 22:59 -------- d-----w- c:\program files\Post News
2009-04-22 23:30 . 2009-04-22 22:59 -------- d-----w- c:\program files\On Target 2000
2009-04-22 22:59 . 2009-04-22 22:59 -------- d-----w- c:\program files\ds2000
2009-04-22 05:16 . 2009-04-22 05:12 -------- d-----w- c:\program files\RSS Publisher
2009-04-21 23:27 . 2009-04-21 23:27 -------- d-----w- c:\program files\B!Soft
2009-04-21 23:26 . 2009-04-21 23:23 -------- d-----w- c:\program files\SafeSoft
2009-04-21 23:09 . 2009-04-21 23:03 -------- d-----w- c:\program files\Article Distributor
2009-04-21 23:03 . 2009-04-21 23:03 894 ----a-r- c:\documents and settings\Boom\Application Data\Microsoft\Installer\{B5A88A26-158B-46CF-8FD6-EE812B88B742}\_674d53c5.exe
2009-04-21 07:05 . 2009-04-21 06:58 -------- d-----w- c:\program files\Allscoop RSS Submit Pro
2009-04-21 06:58 . 2009-04-21 06:58 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2009-04-21 06:44 . 2009-04-21 06:44 -------- d-----w- c:\program files\FeedSpring
2009-04-19 04:26 . 2009-04-08 05:49 -------- d-----w- c:\program files\File Scavenger 3.2
2009-04-17 23:02 . 2009-04-17 23:02 -------- d-----w- c:\documents and settings\Boom\Application Data\Sincell
2009-04-17 23:02 . 2009-04-17 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sincell
2009-04-17 23:02 . 2009-04-17 23:02 -------- d-----w- c:\program files\Sincell
2009-04-17 06:21 . 2009-04-06 02:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-17 06:09 . 2009-04-17 06:09 -------- d-----w- c:\program files\GetData
2009-04-17 04:50 . 2009-04-17 04:50 -------- d-----w- c:\program files\Western Digital
2009-04-17 04:45 . 2009-04-17 04:45 -------- d-----w- c:\program files\R-Linux
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\program files\ParetoLogic
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-17 04:40 . 2009-04-17 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-04-17 04:39 . 2009-04-07 19:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-17 04:39 . 2009-04-17 04:39 152576 ----a-w- c:\documents and settings\Boom\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 02:23 . 2009-04-17 02:23 -------- d-----w- c:\documents and settings\Boom\Application Data\FastStone
2009-04-16 18:34 . 2009-04-08 11:05 -------- d-----w- c:\documents and settings\Boom\Application Data\Skype
2009-04-15 04:15 . 2009-04-07 06:47 -------- d-----w- c:\program files\Yahoo SiteBuilder
2009-04-15 04:13 . 2009-04-15 04:13 -------- d-----w- c:\program files\Common Files\Java
2009-04-15 03:34 . 2009-04-09 04:39 -------- d-----w- c:\documents and settings\Boom\Application Data\skypePM
2009-04-15 02:54 . 2009-04-15 02:51 -------- d-----w- c:\program files\PhotoParade
2009-04-15 02:48 . 2009-04-15 02:23 -------- d-----w- c:\program files\YoutubeFriendAdderPro
2009-04-14 05:04 . 2009-04-14 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-14 05:03 . 2009-04-14 05:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-14 05:03 . 2009-04-14 05:03 -------- d-----w- c:\program files\Uniblue
2009-04-14 05:03 . 2009-04-14 05:03 -------- d-----w- c:\documents and settings\Boom\Application Data\Uniblue
2009-04-13 03:00 . 2009-04-13 03:00 -------- d-----w- c:\program files\Turbo Tube
2009-04-11 23:42 . 2009-04-11 23:42 -------- d-----w- c:\program files\MSXML 4.0
2009-04-11 11:24 . 2009-04-09 09:34 -------- d-----w- c:\program files\TrafficSeeker
2009-04-11 03:40 . 2009-04-11 03:40 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-04-11 03:40 . 2009-04-11 03:40 -------- d-----w- c:\documents and settings\Boom\Application Data\TweakNow RegCleaner
2009-04-11 03:29 . 2009-04-11 03:29 -------- d-----w- c:\program files\CheckDrive
2009-04-11 02:35 . 2009-04-11 02:35 -------- d-----w- c:\program files\Convar
2009-04-11 02:27 . 2009-04-11 02:27 -------- d-----w- c:\program files\LSoft Technologies
2009-04-10 03:23 . 2009-04-07 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-10 01:22 . 2009-04-10 01:22 -------- d-----w- c:\documents and settings\Boom\Application Data\GlarySoft
2009-04-10 00:57 . 2009-04-10 00:57 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-04-09 12:12 . 2009-04-09 12:12 -------- d-----w- c:\program files\activePDF
2009-04-09 12:00 . 2009-04-09 12:00 -------- d-----w- c:\program files\PrivacyEraser Computing
2009-04-09 09:42 . 2009-04-09 09:42 -------- d-----w- c:\program files\KODAK DVC323
2009-04-09 09:40 . 2009-04-09 09:40 -------- d-----w- c:\program files\DORO
2009-04-09 09:40 . 2009-04-09 09:40 -------- d-----w- c:\program files\AdWizard
2009-04-09 09:39 . 2009-04-09 09:39 -------- d-----w- c:\program files\ActivIcons
2009-04-09 09:39 . 2009-04-09 09:39 -------- d-----w- c:\program files\ABC Amber Audio Converter
2009-04-09 09:38 . 2009-04-09 09:38 -------- d-----w- c:\program files\BlazeFtp
2009-04-09 09:37 . 2009-04-09 09:37 -------- d-----w- c:\program files\Error Nuker 2004
2009-04-09 09:36 . 2009-04-09 09:36 -------- d-----w- c:\program files\Global Promote
2009-04-09 09:29 . 2009-04-09 09:29 -------- d-----w- c:\program files\Illustrate
2009-04-09 09:22 . 2009-04-09 07:23 -------- d-----w- c:\program files\PhotoDeluxe HE 3.0
2009-04-09 07:23 . 2009-04-09 07:23 -------- d-----w- c:\program files\ImageServer
2009-04-09 06:49 . 2009-04-09 06:49 -------- d-----w- c:\program files\Daniusoft
2009-04-09 06:40 . 2009-04-08 10:44 -------- d-----w- c:\program files\Swift Elite 1.0
2009-04-09 05:01 . 2009-04-09 05:01 -------- d-----w- c:\program files\PF Color Tool
2009-04-09 04:59 . 2009-04-09 04:59 -------- d-----w- c:\program files\Beneton Movie GIF
2009-04-09 04:51 . 2009-04-09 04:51 -------- d-----w- c:\program files\JAlbum 6.5
2009-04-09 04:51 . 2009-04-09 04:50 -------- d-----w- c:\program files\DeadDiskDoctor
2009-04-09 04:45 . 2009-04-09 04:45 -------- d-----w- c:\program files\ImageForge3
2009-04-09 04:44 . 2009-04-07 07:02 -------- d-----w- c:\program files\TRELLIAN
2009-04-09 04:41 . 2009-04-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-04-09 04:40 . 2009-04-09 04:40 -------- d-----w- c:\program files\Siber Systems
2009-04-09 04:39 . 2009-04-09 04:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w- c:\program files\Common Files\Skype
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-09 04:39 . 2009-04-07 07:00 -------- d-----r- c:\program files\Skype
2009-04-09 04:13 . 2009-04-09 04:13 -------- d-----w- c:\documents and settings\Boom\Application Data\XnView
2009-04-09 04:00 . 2009-04-09 04:00 -------- d-----w- c:\program files\Wildcat
2009-04-09 03:56 . 2009-04-09 03:56 -------- d-----w- c:\program files\Microsoft GIF Animator
2009-04-09 03:50 . 2009-04-09 03:50 -------- d-----w- c:\program files\Banner Maker Pro V3
2009-04-09 03:01 . 2009-04-08 06:23 -------- d-----w- c:\documents and settings\Boom\Application Data\Ulead Systems
2009-04-09 02:48 . 2009-04-09 02:48 -------- d-----w- c:\documents and settings\Boom\Application Data\COWON
2009-04-09 01:56 . 2009-04-09 01:56 -------- d-----w- c:\program files\BlogBlast
2009-04-08 22:18 . 2009-04-08 22:18 -------- d-----w- c:\program files\Essentials Codec Pack

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Thu Jun 04, 2009 11:43 am

.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 11:19 . 2009-06-04 11:19 16384 c:\windows\Temp\Perflib_Perfdata_798.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-04-08 2811392]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-03-31 221184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-05-22 160592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-12-04 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-04-07 26112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"SpeedOptimizer"="c:\progra~1\SPEEDO~1\SPO.EXE" [2003-12-31 611328]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-8 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-8 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
Monitor.lnk - c:\program files\PhotoStudio Expressions\PMMonitor.exe [2009-4-8 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 01:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\JAlbum 6.5\\JAlbumWin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22/07/2008 6:01 PM 151592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/04/2009 3:38 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/04/2009 3:38 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/04/2009 3:38 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/04/2009 3:38 PM 298776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [6/04/2009 12:15 PM 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]
S0 aec6710D;aec6710D;c:\windows\system32\drivers\Aec6710d.sys [8/04/2009 7:03 AM 9120]
S1 EPPSCSIx;EPPSCSIx;c:\windows\system32\drivers\EPPSCSI.SYS [14/04/2009 2:54 PM 49628]
S2 gupdate1c9c09612b57da2;Google Update Service (gupdate1c9c09612b57da2);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2009 12:25 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 02:25]

2009-06-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

2009-06-04 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 02:25]

2009-04-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 02:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: {E64D4E58-8DB2-4FBE-AD80-4525359B8DF6} = 127.0.0.1,10.0.0.138
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-04 21:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-04 21:37
ComboFix-quarantined-files.txt 2009-06-04 11:36
ComboFix2.txt 2009-06-04 11:32
ComboFix3.txt 2009-06-04 04:18

Pre-Run: 856,548,438,016 bytes free
Post-Run: 856,520,531,968 bytes free

300 --- E O F --- 2009-05-28 22:10

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by Belahzur on Thu Jun 04, 2009 2:49 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: WinBlueSoft - I'm another sucker

Post by picman2 on Thu Jun 04, 2009 9:52 pm

My computer was running fine once I got some of the main winblue files deleted early in the piece I was able to use various softwares for most of the rest without having to manually get rid of the many hanging on bits.
There are no doubt still a few bits hanging around.

These are some of my tips that may help some as well:

For deleting the actual WinBlueSoft folder in the program files can be more simply deleted by:

Open up the AVG interface.
Click on Tools.
Simply look through the folders and locate the WinSoftBlue folder and it can be then deleted that way.

Then run Hijackthis and remove only the files you can clearly see that have a reference to WinBlueSoft in a few of the lines. If it won't work now do it after the blocker.dll file is gone.

Some of your followers may find it easier to remove the blocker.dll file by simply dragging it out of the system32 folder onto their destop.
Then restart their computer and then it can simply be dragged into their recycle bin after the restart. I found this the easy way to delete it.

Then run Malwarebytes to clean up the residuals as best it can.

To get rid of the warning screen just right click on your screen click on properties:
Then click on desktop and change to another picture background and press apply etc.

Hope this helps a few out there.

picman2
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-06-03
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum